Quantcast
Channel: Symantec Connect - Security
Viewing all 11471 articles
Browse latest View live

login ErrorCode 0x100100000 after upgrading to SEPM 12.1.5

September 25, 2014, 11:29 am
$
0
0
I need a solution

After upgrading to SEPM 12.1.5, and you try to login to the SEPM console an error is displayed :

unexpected server error. ErrorCode 0x100100000

Additionally the apache reporting log file shows the following error:

2014-09-25 17:25:37    Login:start[25-Sep-2014 17:25:39 UTC] PHP Fatal error:  Uncaught <b>Source:</b> Microsoft OLE DB Provider for ODBC Drivers<br/><b>Description:</b> [Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'NT SERVICE\semwebsrv'.<br>Error code: -2147352567<br>Trace: ##0 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Php\Include\Common\ado.php(70)#1 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Php\Include\Common\connectdb.php(61)#2 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\Reporting\Login\curl_funcs.php(485)#3 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\Reporting\Login\curl_funcs.php(178)#4 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\Reporting\Login\curl_funcs.php(525)#5 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Inetpub\Reporting\Reports\sr-login.php(23)#6 {main}
  thrown in C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Php\Include\Common\connectdb.php on line 65

The console opens however the Home, Monitoring and Reports tabs show no content (blank page).

http://www.symantec.com/docs/TECH169455

above did not resolve the issue for me

Search

Some SEP clients are able to disable and others can't

September 25, 2014, 11:46 am
$
0
0
I need a solution

I have some SEP clients that have the ability to right-click and choose disable.  While other computers in the same OU and the same policy version do not.  It seems like the client that can disable are ones that are new or reinstalled.  I don't understand how some computers can't and some can disable.  Am I missing something?  Client verions are 12.1.4013 BTW

Rollback instalation and migration in sep 12.1.4

September 25, 2014, 1:55 pm

Finalizing moving to a new server / Removing old SEPM server from list

September 25, 2014, 2:48 pm
$
0
0
I need a solution

I've read through a ton of information and found 100 different ways to move to a new server where the hostname and IP were changing. The process that ended up taking was this:

Note: We are using a SQL database. Server1 had SEPM 12.1.4 on it. I updated this server to 12.1.5. I then installed a fresh copy of SEPM on Server2. After installation I did the Management Server Configuration Wizard, in which I chose to Add a Management Server. I went through all the steps using a recovery file so that it would automate most of the information, setup the proper SQL connection information and added Server2.

At this point I was able to login to SEPM at Server2's address, go to Admin -> Servers and now see 2 servers underneath Local Site. I then added a Management Server List that included only Server2 and assigned it to all the machines. I then shutdown all symantec services on Server1 and began updating all the clients with the latest client version and made sure they all connect to Server2.

After all the updating, all the clients successfully were on the 12.1.5 client and communicating with Server2. At this point, Server1 is sitting there with its services disabled, however it still appears under Local Site in Admin -> Servers.

Here is the weird part. If I right-click on Server1 and choose Edit Properties, or Delete Selected Server, or Manage Server Certs, it always gives me Server2. It literally changes the window's information from Server1 to Server2 as if Server1 doesn't actually exist. So my issue is that I am unable to remove Server1 and I don't know the proper way to complete this "migration" of servers.

I am pretty lost at this point as to what situation I am in and would appreciate any guidance. Thanks.

PGP issue with adding new key

September 25, 2014, 6:59 pm
$
0
0
I need a solution

Hello Eyerone,

One of the PGP user has passed below information can someone take a look at it. Looks like there is some issue with the PGP server.

 

Here is the public key I am trying to upload to https://keyserver.pgp.com Maybe you can give this to them to help them diagnose the problem. I have attached it, it is essentially a text file with the public key. All I should do is upload it and it should then say it was successful and send me an email to confirm it. But the page errors.

______________________

PGP (GnuPG) Key location at: https://keyserver2.pgp.com/vkd/DownloadKey.event?keyid=0x0C2865E31249039F

 

I think one of your servers is down. The error as you saw on the page is when it redirects to keyserver1.pgp.com I did a check on websites that check to see if a site is down for everyone or just you and it said keyserver1.pgp.com is down foreveryone. keyserver works, keyserver2 works but keyserver1 is down. Please pass this information on, it should be a simple fix of just resolving why the server is down. Thanks for helping out with this.

 

Regards,

 

Computer Remote Settings Disbale After Reboot

September 25, 2014, 9:36 pm
$
0
0
I need a solution

Hi, team,

Ineed your help regarding this issue.

System Properties.jpg

License SN not updating correctly

September 26, 2014, 12:08 am
$
0
0
I need a solution

Hi

 

When I load the new serial numbers the Manager is associating the 4 license numbers with each other and not adding the licenses to our tally. This has been a bug for the last three years. Can someone help with workaround for this BAD programing BUG (Is the team writing this module drunk)?

1411716303

PGP server patching

September 26, 2014, 1:08 am
Search

New Security Response Blog Post: Shellshock

September 26, 2014, 1:31 am
$
0
0
I do not need a solution (just sharing information)

Just raising awareness of this new vulnerability (and its patches) in the *nix world's popular bash shell. Symantec Security Response have just posted a blog on the subject- please do read (and take the appropriate action), if your environment relies upon Linux, UNIX and Mac OS X machines.

 

Shellshock: All you need to know about the Bash Bug vulnerability
https://www-secure.symantec.com/connect/blogs/shellshock-all-you-need-know-about-bash-bug-vulnerability

 

Here is a two-minute video, highly recommended:

Shellshock: A High Level Overview of the Bash Bug Vulnerability
https://www.youtube.com/watch?v=XIsUWwJaOeU&feature=youtu.be

"Jonathan Omansky - Director, Security Response Operations, talks at a high level about the “ShellShock" or "Bash Bug" vulnerability. Jonathan discusses what it is, what the Bash vulnerability could allow and what can you need to do if you are running a system that is vulnerable."

 

With thanks and best regards,

Mick

Dcs policy window explanation

October 10, 2014, 7:47 am
$
0
0
I need a solution

Can some one explain the reason why is this difference in csp policy applied on the clients

 csp policy.jpg

 

1412953239

Incorrect Client Event logs in Dcs console

October 10, 2014, 7:58 am
$
0
0
I need a solution

Hi all,

I see incorrect clientevent logs on dcs console, Please help

 

csp date issue.jpg

 

1412956668

Symantec Endpoint Protection 12.x Virtual Academy

October 10, 2014, 8:30 am
$
0
0
Location: 
Online Virtual Academy
Time: 
Mon, 08 December, 2014 - 11:00 EST - Fri, 12 December, 2014 - 20:00 EST

Sym-Training.jpg

The Symantec Endpoint Protection 12.x: Administration course is designed for the network, IT security, and systems administration professional tasked with architecting, implementing, and monitoring virus and spyware protection, zero-day protection, and network threat protection solutions. This class covers how to design, deploy, install, configure, manage, and monitor Symantec Endpoint Protection 12.x.

This is official Symantec Training offered by ITS Partners, LLC.  ITS is an Authrorized Training Partner who offers a range of Endpoint Management and Security Training classes.  Each class we offer is $3500 for 5 days.

To register for this class please go to: https://student.gototraining.com/r/3784290683846949376

New pc's do not appear in computer selection

October 10, 2014, 9:46 am
$
0
0
I need a solution

Just installed Endpoint protection 12.1.  Now trying to deploy to new pc's.  the new pc's do not appear - old pc's do.  I tried searching by name and ip address but still can't find them.

Any suggestions?

SEP.cloud on-premise manager question: how does this agent get updated?

October 10, 2014, 11:52 am
$
0
0
I need a solution

With the recent notice that Endpoint security was going from 20.4.0.40 to 21.5.0.19, I just realized I don't know the anser to the question: How does the on-premise version get updated (since it was a stand-alone download)?

Thanks!

Failed to set Symantec Endpoint Protection Manager service account ACLs

October 10, 2014, 1:33 pm
$
0
0
I need a solution

Server 2012 R2 64 bit. Trying to install SEPM 12.1.5 and keep getting this error message

acl error.JPG

 

This server was being set up as an additional site with replication.

Search

Track Firewall Disabled or SEP un-installed

October 10, 2014, 2:12 pm
$
0
0
I need a solution

Is there any specific way to determine the following:

1. Alert when Firewall component is disabled by a user in SEP client?

2. Alert when SEP client is un-installed either from control panel or through cleanwipe. Uninstallation of applications can be tracked through windows logs. However, I wanted to know if SEP client could generate a log and send to SEPM when client is to be un-installed.

Thanks in Advance!!!

PS: I have enabled client password protection to start/stop services, un-install clients. Also, admin users also cannot disable SEPM with my policy. Cleanwipe does not prompt for password to remove the SEP client.

CLI Required For Mac SEP Client

October 10, 2014, 11:55 pm
$
0
0

Hi Team,

 

I have already raise a case with Symantec to have CLI for Mac SEP client this will be very helpful to manage client inhouse before these machines go to VPN netowork.

 

Regards,

Anil

Servers Infected

October 11, 2014, 7:31 am
$
0
0
I need a solution

I have many 2008 servers which have been infected by various trojans starting over the last couple days.  How these spread I have no idea.  I've opened a case with Symantec and they want me to submit the files and tie them to the case but I can't.  Each time I attempt to restore them out of quarantine Symantec immediately puts them back in quarantine when I try to zip them up.  They've said you can submit them directly to Symantec in the quarantine page, but this is an anonymous submission and isn't tied to the case.  This is a very time sensitive issue, I need to know what kind of trojans these are so I can better understand the severity of our infection.  Does anyone know any way of how to isolate these files and zip them so I can get them to Symantec for analysis?  I have other teams that can analyze these as well, I just need to find a way to get at them.

1413048396

Sep.Cloud: Upgrading the anti virus agent to latest version

October 11, 2014, 8:06 am
$
0
0
I need a solution

 

All,

As this is the first major software update since I use Symantec cloud Endpoint I'm a bit in the dark on the correct procedures, hope you can help.

I run a collection of endpoints in these versions:

Platform version: 2.03.60.2571
Protection Version: nis-20.4.0.40

Software has been installed on the endpoints via mannual install and GPO. I have a system policy that is set to update software at any time.
Since this month there is an agent upgrade availeble that needs to get installed. Versions:

Platform version: 2.03.60.2571
Protection Version: nis-21.5.0.19                    

I've noticed some clients received the update automatically via the internet. I don't seem to find a way to force update from the console. Clicking on the "check sofware" on the client returns a software up-to-date. Altough a new version is availeble. Should I just wait until all cleints received the update....

Should I first update the msi in the GPO or is this only important for new clients? When upgrading via GPO should I use the GPO update feature or should I redeploy with a new msi package?

I know, a lot of questions. I would really appreciate your help.

Greets,

Mike

 

 

 

 

New Security Response Blog Post: Sandworm Windows zero-day vulnerability being actively exploited in targeted attacks

October 14, 2014, 8:46 am
$
0
0
I do not need a solution (just sharing information)

Just reposting here to raise awareness:

 

Sandworm Windows zero-day vulnerability being actively exploited in targeted attacks
https://www-secure.symantec.com/connect/blogs/sandworm-windows-zero-day-vulnerability-being-actively-exploited-targeted-attacks

 

Definitely apply all of today's MS patches as soon as possible- they will contain a fix for CVE-2014-4114.

 

Also: it is always a good time to ensure that the organization's defenses are in good order. There is a great deal of malware in circulation. Take precautions now!

Symantec Endpoint Protection – Best Practices
http://www.symantec.com/theme.jsp?themeid=stopping_malware&depthpath=0

With thanks and best regards,

Mick

 

Viewing all 11471 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>