Quantcast
Channel: Symantec Connect
Viewing all 28681 articles
Browse latest View live

DLP 14.6 - Endpoint Prevent - Detection Server Access from the Internet

July 27, 2017, 4:21 pm
$
0
0
I need a solution
Hello everyone,
Asside from latency, is there any reason you could not put an Endpoint Prevent detection server in the DMZ and make it accessible for DLP clients from the Internet? This would allow two-tier scanning of EDM data.
 
Has anyone tried DLP agent to Endpoint Prevent detection server using Microsoft Direct Access?
 
Kind regards,
Cameron Mottus
0
Search

SMG

July 28, 2017, 12:21 am
$
0
0
I need a solution

Hi All.

Need some clarity on how we can achieve mail tagging as [External] for mails other than internal domain.in/com. Can it be achieved through with their existing Symantec SMG setup? Mail server is on prem total no of mail is 4000/- using mail client outlook.

Thanks,

Mustafa Shaikh

0

SEP GUP Port 2967 is not Listening...

July 28, 2017, 2:38 am
$
0
0
I need a solution

Hi All,

I made Windows 2008 R2 Sever as a GUP in SEPM for a Group  with Same Subnet clients, But Clients are not taking Def. updates for that GUP.

Telnet is not happening from GUP & as well as in Clients for the port 2967(its not listening in GUP Server),

Kindly assist me on this.......

Kindly find the attachments as well....

0

Sample data feed

July 28, 2017, 4:41 am
$
0
0
I need a solution

I am looking to integrate the data feeds produced from Symantec CCS to a reporting tool. Please can anyone provide me with a sample data feed produced by Symantec CCS following a security complaince scan on unix servers. The sample data feed can be in csv, xml or .xlsx. 

Thanks

0

Best practice for setting up new test SEPM?

July 28, 2017, 5:25 am
$
0
0
I need a solution

Attempting to test the upgrade from 12.1.6 to 14 but not ready to do this in production. Trying to establish a test environment and need the best way to achieve this. Will be on same network, same Windows domain, unfortunately.

I suppose the question is should this be a separate "site" or what? Separate SQL DB I'm sure. Is there a document somewhere that addresses this?

Thanks in advance.

0
1501246604

Discovering Retired Assets That Are Now Active

July 28, 2017, 7:07 am
$
0
0
I need a solution

Hello folks

We are running CMS 7.6 HF7. I have 2 questions regarding asset status and the interaction with licenses.

1) What does the IsManaged Column mean in the vRetiredAsset view? I have a mixture of retired computers that are both IsManaged=1 or IsManaged=0. I was under the impression that all retired assets would become IsManaged=0.

2) What have others used to discover retired assets becoming active active? Is querying the Evt_NS_Item_Management table appropriate?

Select im.ItemName
,im.Action
,im._eventTime
 from
Evt_NS_Item_Management im
join vRetiredAsset vra
on im.ItemGuid = vra.Guid
where im.ResourceTypeGuid in ('493435F7-3B17-4C4C-B07F-C23E7AB7781F', '2C3CB3BB-FEE9-48DF-804F-90856198B600')
and im._eventTime >= DATEADD(day, -7, GETDATE())
order by 3 desc

Thanks

0

Learned Application reports and logs - client log

July 28, 2017, 8:28 am
$
0
0

PART 1 - the query tool for learned application should be amended to have the option to schedule this as a report for specific days.

e.g.

for past week, on specific computer or group, new learned application (list view), to be emailed as a schedule

PART 2 - the learned application on the client PC should have a local log file that contains all .exe listed and when it was created

or installed, and amended when there is a newly installed application.  This local client log file should be exportable to a syslog server

Required systems for Endpoint Protection 12.1.6 MP7 and MP8

July 27, 2017, 10:16 pm
$
0
0

The system requirements for (SEPM) Symantec Endpoint Protection Manager and the (SEPC) Symantec Endpoint Protection clients are the same as those of the operating systems on which they are supported.

  • Symantec Endpoint Protection Manager system requirements
  • Symantec Endpoint Protection client for Windows system requirements
  • Symantec Endpoint Protection client for Windows Embedded system requirements
  • Symantec Endpoint Protection client for Mac system requirements
  • Symantec Endpoint Protection client for Linux system requirements

Symantec Endpoint Protection Manager system requirements

 This SEPM version manages 11.0.x and 12.0.x clients, regardless of the client operating system.


   Component

                                    Requirements

ProcessorIntel Pentium Dual-Core or equivalent minimum
Physical RAM2 GB minimum
4 GB or more recommened
Hard drive16 GB available minimum for the management server
40 GB available minimum for the management server
and a locally installed database.
Display1024 x 768 or larger
Operating system
(desktop)		Windows 7 (32-bit, 64-bit; RTM and SP1;
all editions except Starter and Home)
Windows 8 (32 & 64 bit)
Windows 8.1 ( 32 & 64 bit)
Windows 8.1 updated (32 & 64 bit)
Operating system
(server)		Windows Server 2008 (32-bit, 64-bit; R2, RTM, SP1 and SP2)
Windows Small Business Server 2008 (64-bit)
Windows Essential Business Server 2008 (64-bit)
Windows Small Business Server 2011 (64-bit)
Windows Server 2012 (R2 and all updated)
Web browserMicrosoft Internet Explorer 11
Mozilla Firefox 5.x through 50.x (MP7), through 53.x (MP8)
Google Chrome 55.0.x (MP7), 58.0.x (MP8)
DatabaseThe SEPM includes an embedded database. 
SQL Server 2005, SP4
SQL Server 2008, RTM - SP4
SQL Server 2008 R2, RTM - SP3
SQL Server 2012, RTM - SP3
SQL Server 2014, RTM - SP2
SQL Server 2016

Note :-  If you use a SQL Server database, you may need to make more disk space available. The amount and location of additional space depends on which drive SQL Server uses, database maintenance requirements, and other database settings.

Symantec Endpoint Protection client for Windows system requirements


       Component

                                          Requirements

Processor32-bit processor: 1 GHz Intel Pentium III or equivalent minimum
64-bit processor: 2 GHz Pentium 4 with x86-64 support or equivalent minimum
Physical RAM512 MB or higher if required by the operating system 
Hard drive1.8 GB of available hard disk space for the installation
Display800 x 600 or larger
Operating system
(desktop)		Windows XP Home or Professional (32 & 64 bit)
-Windows XP Embedded (SP3)
Windows Vista (32-bit, 64-bit)
Windows 7 (32 & 64 bit, RTM and SP1)
Windows Embedded 7 Standard, POSReady, and Enterprise (32 & 64)
Windows 8 (32 & 64 bit)
Windows Embedded 8 Standard (32-bit and 64-bit)
Windows 8.1 (32-bit, 64-bit), including Windows To Go
Windows 8.1 update for April 2014 (32-bit, 64-bit)
Windows 8.1 update for August 2014 (32-bit, 64-bit)
Windows Embedded 8.1 Pro, Industry Pro, Industry Enterprise (32-bit and 64-bit)
Windows 10 RTM (32-bit, 64-bit)
Windows 10 November Update (2015) (32-bit, 64-bit)
Windows 10 Anniversary Update (2016) (basic compatibility*) (32-bit, 64-bit)
Windows 10 Creators Update (2017) (basic compatibility*) (32-bit, 64-bit)
Operating system
(server)		Windows Server 2003 (32-bit, 64-bit; R2, SP1 or later)
Windows Small Business Server 2003 (32-bit)
Windows Server 2008 (32-bit, 64-bit; R2, SP1, and SP2)
Windows Small Business Server 2008 (64-bit)
Windows Essential Business Server 2008 (64-bit)
Windows Small Business Server 2011 (64-bit)
Windows Server 2012
Windows Server 2012 R2
Windows Server 2012 R2 update for April 2014
Windows Server 2012 R2 update for August 2014
Windows Server 2016 (Basic compatibility)
Browser Intrusion
Prevention		it is based on the version of the Client Intrusion Detection System
(CIDS) engine.

Symantec Endpoint Protection client for Windows Embedded system requirements


        Component

                                                Requirements

Processor1 GHz Intel Pentium
Physical RAM256 MB
Hard drive450 MB of available hard disk space
Embedded operating
system		Windows Embedded Standard (WES) 2009
Windows Embedded POSReady 2009
Windows Embedded Point of Service (WEPOS)
Windows Embedded Standard 7
Windows Embedded POSReady 7
Windows Embedded Enterprise 7
Windows Embedded 8 Standard
Windows Embedded 8.1 Industry Pro
Windows Embedded 8.1 Industry Enterprise
Windows Embedded 8.1 Pro
Note:- All operating system supports both of 32 and 64 bit 
Required minimum
components		Filter Manager (FltMgr.sys)
Performance Data Helper (pdh.dll)
Windows Installer Service
FBA: Driver Signing (applies only to XP-based Embedded)
WinLogon (applies only to XP-based Embedded)
TemplatesApplication Compatibility 
Digital Signage
Industrial Automation
IE, Media Player, RDP
Set Top Box
Thin Client

Note:- The Minimum Configuration template is not supported.

Symantec Endpoint Protection client for Mac system requirements


       Component

                                           Requirements

Processor64-Bit Intel Core 2 Duo or later
Physical RAM2 GB
Hard drive500 MB of available hard disk space for the installation
Display800 x 600
Operating system Mac OS X 10.8, 10.9, 10.10, 10.11, and macOS 10.12

Symantec Endpoint Protection client for Linux system requirements


ComponentRequirements
Hardware Intel Pentium 4 (2 GHz) or higher processor
1 GB RAM
7 GB of available hard disk space
Operating systemsCentOS 6U4, 6U5, 6U6, 7, 7U1, 7U2;
Debian 6.0.5 Squeeze; Debian 8 Jessie (MP8)
Fedora 16, 17
Novell Open Enterprise Server (OES) 2 SP2 and 2 SP3 running SUSE Linux Enterprise Server (SLES) 10 SP3
Novell Open Enterprise Server (OES) 11 and 11 SP1 running SUSE Linux Enterprise Server (SLES) 11 SP1 and SP2
Oracle Linux (OEL) 5U8, 5U9, 6U2, 6U4, 6U5
Red Hat Enterprise Linux Server (RHEL) 5U7 - 5U11, 6U2 - 6U8 7 - 7.3
SUSE Linux Enterprise Server (SLES) 10 SP3, 10 SP4, 11 SP1 - 11 SP3
SUSE Linux Enterprise Desktop (SLED) 10 SP3, 10 SP4, 11 SP1 - 11 SP3
Ubuntu 11.10, 12.04, 12.04.02, 14.04, 16.04

Note:- Above all OS 32 and 64 bit supported.

Graphical desktop
 environments		KDE
Gnome
Unity
Other environmental
requirements		Oracle Java 1.5 or later,  Java 7 or later recommended
Unlimited Strength Java Cryptography Extension (JCE)
for java cryptography extension http://www.oracle.com/technetwork/java/javase/downloads/

i686-based dependent packages on 64-bit computers

For Red Hat-based distributions: sudo yum install glibc.i686 libgcc.i686 libX11.i686
For Debian-based distributions: sudo apt-get install ia32-libs
For Ubuntu-based distributions: sudo apt-get install libx11-6:i386 libgcc1:i386 libc6:i386

XFS file systems that contain inode64 attributes are not supported.

Search

How can I allow some device from block usb

July 28, 2017, 12:04 am

Does Blue Coat still exist?

July 28, 2017, 2:26 am
$
0
0
I need a solution

Hello everyone,

Several years ago my organisation evaluated Blue Coat and were very happy with the product. We haven't been in a position to implement it, until now.

I see that Blue Coat has been purchased by Symantec, however:

  • There is no information about it on the Symantec website
  • The Blue Coat forums are closed down
  • All Blue Coat URLs point to the Symantec home page, not product specific pages
  • The only documentation on here is from 2014
  • Symantec in my country (UK) do not have an email address or online chat, only a phone number and that phone number always rings 4 times and then hangs up (been trying intermittently over a 2 week period)
  • I don't see any comments related to the product on Google in the past two years.

Therefore I am starting to think that the BlueCoat product, and USB control and protection within Symantec, is dead.

Is this true?

0

proxy sg300 and java1.8.0_131

July 28, 2017, 2:27 am
$
0
0
I need a solution

We recently  noticed we could no longer access the UI of a proxy sg300 appliance.
after some investigating we found java 1.8.0_131 which actively distrusts md5 signed jar

seems like a pretty simple problem to fix.
so I started looking to find a ui and os version that started signing with sha or something that is still supported.

however I can't find any clear instructiongs, or cases.

currently the proxy sg is running:

sgos: 6.5.7.6

UI version: 6.5.7.6 build 157993

Can someone point me in the right direction where I can:

A: find a UI version that is signed with sha or higher.

or

B: point me in the right direction to get this issue resolved.

on short term we downgraded one client's java to 1.8.0_121. this is of course no acceptable solution for the long term.

and I don't know if it's because of the merging of bluecoat and symantec but getting any info in kb or release notes regarding this is proving way more difficult then it should be. I only found 1 forumpost somewhere ( not for a proxy sg) but because of a symantec product and the md5 signed jar suggesting to open a case and get a hotfix which contains a securely signed jar.

but that person can't be the only one having this issue. and I find it hard to believe symantec would not post a kb regarding this issue after the millionth ticket asking why there UI is blocked after updating the java. and perhaps symantec did but failed to mention the blue coat appliances may have the same issue, etc.
(or is everyong just running outdated java or adding exceptions to it to allow md5.  eg ignoring security to be able to manage a security product? (seems counter intuitive)

Thanks for any help.
I also did a search on this forumes and the old ones for similar cases but that turned up not much usefull it seems. unless I looked over it.

0

Upgrade client to 12.1.6. MP8

July 28, 2017, 3:38 am
$
0
0
I need a solution

Hi,

I would like to ask some help!

I should upgrade all of our client to MP8. I have downloaded the install packages, but i cannot import it becauser i dont find the xxxx.info files.

How could i get it?

I would like to push the new version through the console...

Thank you for your help!

0

Case sensitivity and flags in RegEx content filtering rules

July 28, 2017, 9:34 am
$
0
0
I do not need a solution (just sharing information)

I upgraded Mail Security to 7.5.5 a few months ago and migrated my File Name Rule (which has a habit of erroneously identifying pdf files as containing javascript) to a content filtering rule set to scan container files using the same match list that I used for the File Name Rule. Everything works great, with one exception. When using the File Name Rule, the wildcards in a match list had to match the entire file name. When using the wildcard match list in a Attachment Name content filtering rule, it doesn't (even when you specify "Whole Term" in the matching options). Since "*.com" is in that match list, any attachment that contains the name of a website from the .com tld (such as google.com) gets caught and quarantined, along with a couple of other miscelaneous files.

So, as an example, whenever I request a quote from one of our venders the quote file they send me contains their website and gets quarantined even though it's not actually a .com file, it just happens to contain the website in it's filename. So, I figured I would convert the wildcard match list over to a RegEx match, since it actually contains appropriate characters for specifying that a file name should end with .com. The issue that I've ran into with this is case sensitivity. There's no way to disable case sensitivity in regular expressions, at least when filtering by attachment name. This means going through to each of my regular expressions and manually making them case insensitive. So... I have to convert ".*\.COM$" into ".*\.[cC][oO][mM]$". That should work, however it's clunky and there should be other ways to make something this simple function.

Ideally, we should have a way to specify flags for regular expressions. Baring that, the ability to make attachment name content filtering rules case insensitive when filtering with regular expressions would suffice.

Any other ideas for a workaround?

0

Driver could not be added to preboot OS

July 28, 2017, 10:12 am
$
0
0
I need a solution

Once in a while I run into the message "Driver could not be added to preboot OS" when adding drivers to Driver Database Management. Can someone tell me what log file I can look at in order to see the reason why?

0

Blacklist Removal

July 28, 2017, 10:52 am
$
0
0
I need a solution

Hello,

We have an IP blocked in Messagelabs and we did not find the process to remove it.Can you help us, please?

The error message is: 501 Connection rejected by policy [7.7] 18007

Follow the IP: 198.136.59.203

-------- Mensagem encaminhada --------
Assunto:     Mail delivery failed: returning message to sender
Data:     Fri, 28 Jul 2017 10:10:18 -0300
De:     Mail Delivery System <Mailer-Daemon@hl-01us.hostmidia.com.br>
Para:     contato@metalpar.com.br

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
 rafaela.pacheco@vulcabras.com.br host cluster4.us.messagelabs.com [216.82.251.33] SMTP error from remote mail server after initial connection: 501 Connection rejected by policy [7.7] 13006, please visit www.messagelabs.com/support for more details about this error message.

Thanks for help!

Best Regards,
Lucas V.

0
Search

Virtual SMG 10.6.2. or 10.6.3 on VMware 6.5

July 28, 2017, 8:34 pm
$
0
0
I do not need a solution (just sharing information)

Hi my friends,

Does anyone of you have a virtual SMG ver. 10.6.2 or  ver.10.6.3 in VMware vSphere 6.5 in production?

In the technical notes of the version describe that only supports until VMware vSphere 6.0

0

Blacklist removal request

July 29, 2017, 8:07 am
$
0
0
I need a solution

Our server is being bloqued with these message

messagelabs.com 3114 connection rejected by policy

Can you check an delist our IP's? 

Our IP's are: 217.182.108.123 and 145.239.113.17

It's a new mail server with an outbound antispam protection filter. So we are not sending spam.

Many thaks

Oscar

0

SEP14 blocking Storagecraft ShadowProtect

July 29, 2017, 9:17 am
$
0
0
I need a solution

I'm running ShadowProtect SPX 6.5.1 and SEP 14.0.2415.0200 on Windows 10

When ShadowProtect attempts to run it's backup to the server share SEP blocks it and posts in the security log that it detects an intrusion [SID: 30086] Attack: Ransom.Haknata...

I have attempted to place a rule to allow traffic from my local subnet and an "Allow All Test" rule based on TECH203497 but SEP is still blocking the traffic. Disabling SEP allows it to run however.

Any idea as to how to get this to work without disabling SEP?

0

How to Resume"Start Capture"on"Global Layer"please?

July 29, 2017, 1:01 pm
$
0
0
I need a solution

Hi,Greetings & Good Day. I use"Altiris SWV(v2.1)"on XP,with"GLOBAL LAYER"{in lieu of"Single Layer"}so that all Programs get Auto-installed under"Global Layer".
But,I found,so long the"Capture Icon"is at System-Tray,Programs get installed under"Global Layer". As I Right-click+Stop"Capture",all next Programs,gets installed directly under PC's Logical Drive,not under"Global Layer"{even after,I select"Start Layer Automatically"}.
I need to know:-Is there any option to "Start Capture" again,so that I can install next all Programs under"Global Layer"also,please?
I'd highly appreciate if anybody kindly suggest me in this Regard. Thank you & Best Regards.

-Capt.Russel( akoronno@gmail.com )

0

Symantec EP - Network Threat Protection with Load Balancer

July 30, 2017, 12:04 am
$
0
0
I need a solution

Hi guys

I'm facing a problem with SEP and Load balancers.

The problem is that i have hosts behind load balancers, when NTP or legit attacks get detected/blocked they are reported as coming from the Load Balancer.

Any suggestion/ work around ?

Thanks !

0
Viewing all 28681 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>