I need a solution
Hey,
When we use the predefined prefixes, does this include the \ before the folder path? Or do we need to specify the the leading \ ?
See attached pitcure.
Thanks.
0
↧
Folder exclusions - prefixes
↧
Integrating Liveupdate Administrator with SEP Manager
I need a solution
Dears,
From what I understand from the LUA guide is that I will configure distribution center (which will be my SEPM) but when I try to add the SEPM details it says connection failed also, from what I understand is that I need to configure IIS server on the SEPM and I added a new website with a virtual directory inside it called "AVUpdates", please find the two attached screenshots:
\
Thanks in Advance
0
↧
↧
Too many search results? Problem Solved! Track and Trace Automated
I do not need a solution (just sharing information)
Hello,
Just wanna share the tool I built and since MessageLabs doesn't have an API. It automates Track and Trace so you can enter multiple parameters, e.g., list of senders, subjects or recipients and in any combination you want. I often hit "Too many search results" error when specifying *@mydomain.com. Specifying individual addresses solves the problem but the web GUI doesn't allow you to do that.
I'm still working packaging it into a library but in the meantime, here's what's in the tool's help menu:
>python trackntrace.py -h
usage: trackntrace.py [-h] [-S QUERY_SUBJECT [QUERY_SUBJECT ...]]
[-s SENDER [SENDER ...]] [-r RECIPIENT [RECIPIENT ...]]
[-l LAST_HOP [LAST_HOP ...]] [-d [DAYS]] [-H [HOURS]]
[-M [MIN_DATE]] [-X [MAX_DATE]] [-o [OUTPUT]]
A program that uses Track and Trace feature of SymantecCloud Messagelabs to
locate emails.
optional arguments:
-h, --help show this help message and exit
-S QUERY_SUBJECT [QUERY_SUBJECT ...], --query-subject QUERY_SUBJECT [QUERY_SUBJECT ...]
Specifies the email subject(s) to search for. Input
file is accepted.
-s SENDER [SENDER ...], --sender SENDER [SENDER ...]
Retrieve all emails sent by this sender(s). Input file
is accepted.
-r RECIPIENT [RECIPIENT ...], --recipient RECIPIENT [RECIPIENT ...]
Search all emails sent to this address(es). Input file
is accepted.
-l LAST_HOP [LAST_HOP ...], --last-hop LAST_HOP [LAST_HOP ...]
Look for all emails that were sent by this IP
address(es). Input file is accepted.
-d [DAYS], --days [DAYS]
No. of days prior to search for.
-H [HOURS], --hours [HOURS]
No. of hours prior to search for.
-M [MIN_DATE], --min-date [MIN_DATE]
Find all emails sent starting from this date. Date
format: Y-m-d_I:Mp. Example: 2017-07-25_02:43am
-X [MAX_DATE], --max-date [MAX_DATE]
Find all emails sent up to this date. Date format:
Y-m-d_I:Mp. Example: 2017-07-25_08:20am
-o [OUTPUT], --output [OUTPUT]
Where to write output report. Defaults to
trackandtrace_result.csv.
EXAMPLE: Search MessageLabs for emails sent to some users with a certain
subject over the last 5 days: "> python trackntrace.py -d 5 -S "Your Invoice
is Ready" -r user1@yourdomain.com user2@yourdomain.com
0
↧
How to block only pendrives and external hard drives
I need a solution
How to block only pen drives and external hard drives.When i select only USB in blocked device also it is not working.
0
↧
Insert variable in response message
I need a solution
I know how to insert a variable in email response I am not sure how to insert a variable in response message (not response email).
I created a resposne rule and created an action as "Send Email Notification" in which I used variable as below
Action: $BLOCKED$
Data Owner: $DATAOWNER_NAME$
Policy Name: $POLICY$
Policy Rule: $RULES$
and this works completely fine.
Now, I created another Action (which is a browser response not email response) as "Network & Mobile Prevent: Bloock http/https" in which the default response message is
This content is blocked due to policy violation..
Now I need to add policy name and incident number after this message so that the users can understand what exactly they did wrong and quote the incident number to request for exception.
I tried like the below way
This conent is blocked due to policy violation..
Policy Name: $POLICY$
Policy Rule: $RULES$
If you believe this occurred due to an error please contact contact@company.com and quote the incident number $INCIDENT_ID$ to get exception.
And here $POLICY$ is printing as a plain text and not converting to variables text. Thanks.
0
↧
↧
Le programme "PCSX2" est détecter en tant que virus (faux positif)
I do not need a solution (just sharing information)
Bonjour tout le monde, le problème est le suivant:
Le programme PCSX2 est reconnu en tant que virus, ceci est faux : il sagit d'un émulateur de Playstation2 parfaitement propre.
Il pourait ètre sympathique de mettre a jour les définition pour un usage domestique.
Je suis malheuresement incapable de vous fournir les fichiers, a la place je vous transmet l'URL du site : https://pcsx2.net/
0
↧
c:\programdata\symantec\defwatch.dwh\dwhnnnn.wlx
I need a solution
Hello,
why I can see in Risk Log many records c:\programdata\symantec\defwatch.dwh\dwh1024.wlx. ? 150+ records every day from various PC. Total PC 4000+
We are use SEP14.0 MP2
Event:Virus found
Action:(Cleaned by deletion)
Risk Name:WS.Malware.1
Source:DefWatch
I understand that it is records re-scan after every Update definitions.But do not understand why there are so many of them.
0
↧
SEPM database AGENT_BEHAVIOR_LOG_1 column DESCRIPTION
Today threats are downloaded by execution of powershell. Some of scripts create new object System.Net.WebClient and execute method DownloadFile.
I have created Application and Device Control polisy with rule to prevent runing powershell from cmd.exe.
In lab environment I have run a threat (xls file with macro).
SEP did block the execution of powershell and logged the powershell command.
In SEP -> View Logs -> Client Managment -> View Logs -> Control Log. Command/script have more than 500 characters. Example: setting value of variable with some parts of System.NetWebClient, and finally joining them with Invoke-Expression.
In SEPM console in Monitors -> Logs -> Application and Device Control Logs: Application Control in View Logs the Description has only 256 characters :(
The central information did not match with the same information in SEP. Command is truncated.
Kliknij i przeciągnij, by przenieść.
I have checked the documentation about SEPM database schema and in table AGENT_BEHAVIOR_LOG_1 column DESCRIPTION type is nvarchar(256). Can this column keep more data (future release of SEPM)?
Regards,
Tomasz
↧
Support for Windows 2016?
I do not need a solution (just sharing information)
Any idea of the timescale for the support of Windows 2016 for the server component?
0
↧
↧
Failed to execute schedule Symantec 12.1 RU6 Download due to insufficient free space for updates.
I need a solution
Can anyone help me to solve this problem ?
0
↧
SONAR : Echec de définition
I need a solution
Bonjour,
Suite à la mise en place de notifications, nous avons repéré des postes non à jour au niveau des définitions SONAR.
Le message est :
"Erreur de chargement de contenu du moteur SONAR
Description d’événement : SONAR a généré une erreur : code 0, description : échec de définition
Source de l’événement : Symantec Endpoint Protection
Gravité de l’événement : Erreur"
Avez-vous une idée et quelle est la méthode pour y remedier ?
Merci
0
↧
Help us design a new ITMS UI experience!
Publish to Facebook:
No
The Symantec Endpoint Management team are working on a new proof of concept UI experience for day-to-day admins to do their work. This new UI would be separate from the existing console and use the very latest design and technology concepts to create an exceptionally easy-to-use interface. This would allow your admins to get their job done faster, will require far less training, and will provide a much more satisfying user experience.
The UI will be separated into workspaces that will be dedicated to supporting a specific job function. The first of these will be a Helpdesk/Level 1 technician workspace that will aim to include all the functions required by a typical person working on a helpdesk or in a first line role.
To help this effort we would like to know the list of jobs and actions your helpdesk/level 1 technicians do on a regular basis, ideally in order of which you feel is most important. We will use this information to ensure we include the right capabilities in our concept design and to ensure we emphasise those features and functions which are most important to you. Either reply to this blog or private message me with your feedback as soon as possible.
We do not currently have any firm dates on if/when this capability will be delivered as we are working on many other high priority features, but we are moving forward with this concept phase very quickly and will bring you more information as it becomes available.
Many thanks!
The EPM PM team.
↧
Ensuring TECH240167 does not affect you
We have encountered the issue documented here: http://www.symantec.com/docs/TECH240167
Some patch installations will pop a cmd window when they install even if you have the default behavior set to use a hidden window. Because this is unexpected behavior (we have always used hidden windows), this drives calls to our help desk.The idea that I am posting is to add a confirmation window to the patch package building process. TECH240167 states that the cause of the issue is unknown but can be resolved by running a SQL query to find those packages with the incorrect setting. This means from this point on, every patch creation cycle, we have to use this workaround until such time as the cause is found and fixed. I feel that a mechanism that checks whether the package created has its command window set contrary to the default configuration and pops a dialog notifying the creator of that fact and that allows the creator to forcibly rectify the setting would be a good thing to have. It would ensure that if the current issue is resolved, that should it be broken again in the future, we will not be caught unawares. Also, this does not have to apply soley to Patch Management Solution but everywhere that the option to set the cmd window to hidden is available.
↧
↧
office - Patch release information
I need a solution
Hi All,
Any info from symantec when they will release the office newly release OOB patch on july 27th 2017.
Outlook known issues in the June 2017 security updates.
Thanks,
Siva
0
↧
WildCard SSL Certificate
I do not need a solution (just sharing information)
Hi, we are running SEP14 MP2 with clients running from different locations.
I would like to find out if it is possible to use WildCard SSL certificate on SEP.
Thanks in advanced,
0
↧
Not Installing on Mac 10.12
I need a solution
Apple Mac OS X 10.12.6
Trying to install Endpoint Protection Cloud
In the Enroll This Device web page, the Management Profile downloads but does not install automatically. I can install the profile it by double-clicking the downloaded file but the Enroll This Device page just downloads the file again and never progresses to the second stage: Install Security Client.
Can I use the downloaded Security Client installer from another Mac or is there another solution?
Thanks.
0
↧
Emails
I need a solution
Hi,
I have a problem with our new email-servers and cluster*.eu.messagelabs.com as remote server.
Sending emails results in: 2017-07-29 15:40:54 H=cluster5a.eu.messagelabs.com [216.82.251.230] Operation timed out
Our Server are new and the IPs are not on an blacklists. Searching on google directed me to this forum. So please can you help me to whitelist or remove our servers from any blackllst.
These IPs are used by our servers:
- 138.201.149.13
- 138.201.149.19
- 138.201.59.104
- 138.201.59.105
We are not sending spam, but I have about 70 legal mails in queue with timeouts from the messagelab-servers.
If there is an other website for this request, please tell me the link to it.
Thank you very much.
Best regards
0
↧
↧
Time issue
I need a solution
After imaging a workgroup pc - clock is on pacific time despite changing it to Eastern in image?
0
↧
Altiris CMS Licencing Cost per Node
I need a solution
Hi ,
What is per agent yearly license cost for below solutions under 8.0
Inventory Soulution
Patch Mangement Solution
Software Mangemnt Solution
Thanks
0
↧
Tie Disable Unified Agent to Groups
In the (formally Bluecoat) Threatpulse portal, the whether Unified Agent can be disabled by the end user is a single checkbox. This needs to be tied to a group. In our environment, all workstations are laptops, and all are running the Unified Agent. However, certain support groups (such as the Helpdesk) should have the option to turn the Unified Agent off for testing, without the rest of the population being able to turn the feature off. Please tie the ability to enable\disable the Unified Agent to a group or a list, so that support people can disable the agent on the their machine tempoararily, without giving that option to everyone.
↧