Quantcast
Channel: Symantec Connect
Viewing all 28681 articles
Browse latest View live

Threat Detected on a drive that doesn't exist?

June 20, 2019, 1:31 pm
$
0
0
I need a solution

Hello-

We are receiving the following threat detections on a particular PC:

Resolved Threats:
No risks have been resolved

Unresolved Threats:
Trojan.Gen.MBT
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Virus
 Status: Remove Failed
 -----------
 1 Infected File
D:\DHL_Label_Scan _  June 19 2019 at 2.21_06455210_PDF.exe - Failed
 1 Browser Cache

Heur.AdvML.C
 Type: Anomaly
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)
 Categories: Heuristic Virus
 Status: Remove Failed
 -----------
 1 Infected File
D:\DHL_Label_Scan _  June 19 2019 at 2.21_06455210_PDF.exe - Failed
 1 Browser Cache

The problem here is, there is no CD/DVD in the optical drive and there is no Drive D: on the machine -- see attachment. I do recognize the filename as it was an attachment included in a spam email that was never opened and has since been deleted.

Any ideas on how to clear these alerts?..

0

Search

Report of all software from a filter of computers

June 20, 2019, 1:54 pm
$
0
0
I need a solution

Trying to find or create a report that has all software for all computers in a certain filter. In this case an AD OU. Any help would be appreciated greatly. Even modifying a canned report would be helpful.

0

Moving Clients Per IP Subnet

June 20, 2019, 2:03 pm
$
0
0
I need a solution

Good day,

My name is Keith and Iam with the City of Memphis. I was asked to move a number of clients from the default group (over 1000) to their respective groups via the  IP subnet. After researching the issue, The symantec forum said that a case would need to be opened with symantec to obtain a script that will allow the moving of clients based on IP Subnet.

Has anyone run into this issue? 

If so, Is opening a case the solution?

Thank you very much for your time.

Keith P.

Securtiy Analyst City of Memphis

0

DAR Scans - Files with Asian ( Chinese characters)

June 20, 2019, 2:38 pm
$
0
0
I need a solution

Hi Everyone. We have Network Discovers Servers scanning files shares at our offices in Asia.   Alott of the file names are named with Chinese Characters.  These files are showing "failed to download" error messages.    Is there a work around to either have DLP process these files or if it cannot, set a filter to not try to scan file names with Chinese characters?

Thanks!

0

Can I uninstall a software(.exe) on a client?

June 20, 2019, 7:47 pm
$
0
0
I need a solution

Hi, all.

With Software Management solution, I am able to deliver software to my users. I also understand that we can uninstall software on user's PC if we discovered they are using software that they are not supposed to?

Question is, how? If it is an msi installation, we can do msiexec /u <msi package> quick delivery task from Notification Server but how about exe installations, what can we do to uninstall exe installation software?

Any help would be appreciated.

0

SEP 14.x use over 30% CPU usage

June 20, 2019, 9:52 pm
$
0
0
I need a solution

We noticed Symantec Service Framework use more than 30% CPU usage. Is this normal?

Any reason it use a lot resources eventhough no scanning in progress ?

Hope the community can advise.

0

Symantec DLP Integrate With Third party product.

June 20, 2019, 11:18 pm
$
0
0
I need a solution

Hi everyone,

I want to know how many third party product are integrated with symantec DLP in all channel Like Endpoint, network, storage and cloud. If anyone is know please share with us.

Kind Regard,

Mubashshir Shaikh

0

USB Zugriffe erlauben/ blockieren

June 21, 2019, 12:00 am
$
0
0
I need a solution

Hallo, ich bin neu hier und geht mal davon aus das ich unerfahren bin.

Ich möchte den USB Zugriff im Netzwerk grundsätzlich blockieren, habe allerdings am server 2 USB Dongles die dann auch blockiert werden und bestimmte Software nicht mehr funktioniert.

Kann ich also an 23 Client den USB Zugriff vollständig blockieren und am server den USB Zugriff irgendwie erlauben?

Danke Euch

0
Search

IPS convicted network traffic on Endpoint

June 21, 2019, 12:22 am
$
0
0
I need a solution

Hi,

EDR detected below event

Type: IPS convicted network traffic on Endpoint. 

Description: Intrusion prevention submission. Signature ID: System Infected: Miner[.]BitcoinMiner Activity 9

What is the next step? Scanning the PC does not show anything.

Thanks to help!

0

SEP Auto-Protect Support Ubuntu 18.04.2

June 20, 2019, 5:27 pm
$
0
0

I just installed SEP 14.2.1 and was disappointed that the Auto-Protect modules will not compile with kernel 4.18.0-22. Symantec's AV is world renowned but without the auto-protect feature it is like coming home to find your house was broken into when you thought you had a burglar alarm to prevent the robbery.

SEP 14.x needs to be enhanced to provide Ubuntu 18 users proper security

WSS Questions

June 20, 2019, 9:31 pm
$
0
0
I need a solution

Hello Readers,

We are migrating our On-prem ProxySG to WSS (Web Security Services) using 'Explicit Proxy' connection method. We decieded to manage the content filtering policies from our Management Center rather than using WSS service portal.

While refining the policies, we are observing many onboarding issues. Can someone more experienced with the product (WSS) help me understand following-

a) In UPE setup, can we manage the authentication policy for WSS from UPE(VPM)? Or authentication policies will be managed from WSS service ONLY. If later is the case, I do see any option to define authentication bypass policy based on destination URLs/Domains.

b) In UPE setup, can we manage SSL Interception policies for WSS from UPE(VPM)? Or, is will be managed "only" from WSS poral? In this case as well, I do not see the option to exempt the interception for specific destination domains/urls.

0

could not block to write registry by application control

June 20, 2019, 11:07 pm
$
0
0
I need a solution

Hi.

I made a application control policy.

I want block to write this registry value.

registry key : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\

value : NV HostName

It is registry about Computer Name.

When it blocked to write if I change the value manually.

But, When I change it on My Computer > Property 

the registry value is change.

Why?

0

Endpoint 14.2 Hybrid

June 21, 2019, 5:35 am
$
0
0
I need a solution

Hi All,

If I've enrolled my SEPm.

Now I want to know if is there an option to configure that the clients ( sep ) will update policy from the Cloud ? 

Can I change policy and if there client is out of office without connectionto the SEPm server, can he check for new policy from the cloud ?!

Thanks !

0
1561127748

No PXE-Boot when assigning job, otherwise PXE works

June 21, 2019, 8:06 am
$
0
0
I do not need a solution (just sharing information)

Dear,

PXE is set up and works in my opinion.

On all clients, PXE-Boot is set as the first boot method, each client first queries the PXE server at boot time and then executes the PXE-Boot according to my settings: For clients known in the console, the PXE-Boot-Menu waits 5 seconds, then the boot from the local HDD with the locally installed operating system takes place. Clients not known in the console wait 10 seconds in the PXE boot menu and then start the Automation Agent via PXE.

If I assign an image deployment-job to a client known in the console, this client will restart as it should be. Then it should boot the Automation Agent via PXE so that the new image can be transferred to the hard disk. However, this is not the case. Instead, the PXE boot menu is displayed for max. 1 second, but it is exited immediately and the local operating system is booted from the local hard disk. The deployment-job is then shown as failed at the end.

What is the reason / What should I do?

Thanks in advance!

0

ICDx version 1.3 - login issues

June 21, 2019, 9:26 am
$
0
0
I need a solution

Hi,

I completed the install of ICDX 1.3 on a new redhat 7.6 server.

After the install completes I attempt to sign in but it never accepts credentials.

I have attempted to uninstall it and the install with custom credentials but it appears to always have the issue.

I’ve tried the offline and online version of the installer.

Any recommendations?

0
Search

14.2 Endpoint Protection clients fail to update through GUP

June 21, 2019, 9:59 am
$
0
0
I need a solution

Hi,

I have a costumer running SEP 14.2 that is facing the issue when updating clients through a GUP, basically, it only works once I restart the SEP service or reboot the computer as described in this article from Symantec (https://support.symantec.com/us/en/article.tech255013.html).

I notice the article was updated around one week ago, but there isn’t a solution yet for it. I would like if there is any fix available for this that wasn’t posted on the article, or if the SEPM upgrade to the latest version (14.2 RU1) fixes this problem. I really don’t want to go through the whole process of upgrading everything and then the issue persists.

Many thanks.

0

How to evaluate endpoint-threat-defense-for-active-directory

June 21, 2019, 10:22 am

Indexing remote SharePoint documents (O365) using WebDAV

June 21, 2019, 10:36 am
$
0
0
I need a solution

Folks,

Good afternoon. Does anyone know how to format Sharepoint URL online (O365) for DLP indexing (IDM) use?

I know and I already use Sharepoint on-premise WebDAV, but I can not do the same with O365 Sharepoint. I've read that Sharepoint's O365 also uses WebDAV for drive mapping.

Has anyone done anything similar that might help?

Thanks!

0

Need help with scripting standalone dark network installation.

June 21, 2019, 11:19 am
$
0
0
I need a solution

I am tring to write a DOS script do a silent install of our standard configuration of SEP 14 dark network client.  I need to learn the command line switches for the following settngs:

Yes: Custom

Yes: Dark network client

Yes: Core Files

Yes: Virus, Spyware, and Basic Download

No:  Advanced Download Protection

No:  Outlook Scanner

No:  POP3/SMTP Scanner

No:  Proactive Threat Protection

No:  Network and Host Exploit Mitigation

No:  Application Hardening

Yes: Enable Auto-Protect

No:  Run LiveUpdate

No: " I want to join the fight..."

No:  "Yes, I'd like to help..."

Does anyone know where I can find this information?  I have been looking for two days.

0

NSE Dispatch Failed Errors

June 21, 2019, 11:59 am
$
0
0
I need a solution

I get the feeling these are related to various software update policies that were deleted too soon, but not sure (I don't manage SW Updates).  Does anyone know how i can determine what they are and why I am getting so many?  Just today, i have over 300 entries.  On a few machines, i have deleted the AeXSWPolicy.xml file but I have no idea if what I have done has fixed the issue.  When i query the "to:" GUID it comes back blank which tells me it likely was a policy that was deleted but not cleaned up on the client.  Does someone have any other thoughts?  What other ideas are out there to get these cleaned up?  How can I know what I am doing is working?

Thanks everyone for your input!

NSE dispatch failed for: id=258498664, from: 5ce6c2bc-9195-452f-a0ee-4a0417be39d4, to: f31aa00b-8edc-451d-b876-4e1f0a533899

The target item for the client message has been deleted in NS: from: 5ce6c2bc-9195-452f-a0ee-4a0417be39d4, to: f31aa00b-8edc-451d-b876-4e1f0a533899
   [Altiris.NS.ClientMessaging.UnresolvableHandlerException @ Altiris.NS]
   at Altiris.NS.ClientMessaging.EventQueueDispatcher.DispatchWithinContext(Int32 eventQueueId, String message, Boolean useFilename, Int64 fileSize, Int64 eventId, MessageHeader header)
   at Altiris.NS.ClientMessaging.EventQueueDispatcher.TryDispatch(Int32 eventQueueId, String message, Boolean useFilename, Int64 fileSize, Int64 eventId)

Exception logged from: 
   at Altiris.NS.ClientMessaging.EventQueueDispatcher.TryDispatch(Int32, String, Boolean, Int64, Int64)
   at Altiris.NS.ClientMessaging.EventQueueDispatcher.PerformDispatch(Altiris.NS.ClientMessaging.EventQueueDispatcher+DispatchSlot, Boolean&)
   at Altiris.NS.ClientMessaging.EventQueueDispatcher.WorkerDispatchStep(Altiris.NS.ClientMessaging.EventQueueDispatcher+DispatchSlot, Altiris.Common.Threading.IAutoCallContextSnapshot)
   at Altiris.NS.ClientMessaging.EventQueueDispatcher.DispatchSlotThreadProc(Object)
   at System.Threading.ThreadHelper.ThreadStart(Object)

User [NA\altiris.service], Auth [NA\altiris.service], AppDomain [AeXSVC.exe]
 

0
Viewing all 28681 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>