Quantcast
Channel: Symantec Connect - Discussions
Viewing all 25331 articles
Browse latest View live

ISB.Downloader!gen68 Malware

May 8, 2018, 7:28 am
$
0
0
I need a solution

Had a good chunk of my computers come up with this virus detection on last nigfhts scan. Can anyone help me better understand this issue?

0
Search

Error de Symantec Management Server

May 8, 2018, 9:17 am
$
0
0
I need a solution

Hi evereyone, im new in the forum.

The error when i try to access to the web console (http://localhost/Altiris/Console) is the detailed below.

Altiris version 7.1 on a Windows Server 2008 R2

SQL Server 2008 on a separate Windows Server 2008 R2

Already trubleshooted every step it says, what else should i check?

Guess you ll need some extra information to help me, please guide me a little, thanks!

ERROR:

An error occurred that prevents the Symantec Management Console from displaying correctly.

If this page appears instead of a page or web part in the Symantec Management Console, go back to the previous page through the menu or tree and keep working. If the problem persists, consult your local network administrator.

If this page appears instead of the Symantec Management Console, the cause could be one of the following:

• The "Altiris Service" service is not running. Start this service on the server and reload the console.
• The account used for the "Altiris Service" or Notification Server websites is not correct or disabled, or the account password has expired. On the computer with Notification Server, run "C: \ Program Files \ Altiris \ Notification Server \ bin \ AeXConfig.exe / svcid user: (username) password: (password)]" and, if a location was used that it was not the default, replace it with the correct installation path to provide a new account.
• The name of the team was changed with Notification Server. It will be necessary to perform the following steps to correct this:
• If SQL Server is installed on the same computer as Notification Server:
• In the case of SQL Server 2005, visit this link Instructive: How to change the name of a computer that hosts a separate session of SQL Server.
• In the case of SQL Server 2008, visit this link Instructive: How to change the name of a computer that hosts a separate session of SQL Server.
• Open the file [NS INSTALL DIRECTORY] \ Notification Server \ Config \ CoreSettings.config and look for the word 'key = DBServer'. Replace the 'value' attribute of the XML element that you found from the old server name to the new server name.
• If the account used for the "Altiris Service" or Notification Server websites is a local user (that is, not a domain user), you must update the account with the new name. To do so, you can perform the actions specified in the second bullets of this page.
• Open the Registry Editor and go to the registry key "HKLM \ SOFTWARE \ Altiris \ express \ Notification Server \". Find any value that contains the name of the previous server and replace it with the new name.
• Transfer the agent back to all previously administered computers. (#)
• Run Windows programming called "NS.Package Refresh" to re-validate package sites and server packages. To get to the Windows programs, go to 'Start'> 'Control Panel'> 'Scheduled tasks'.
• If you have a hierarchy configuration, you must delete and re-add the server with a new name to the hierarchy. To do so, go to the "Hierarchy Management" page, to the "Settings"> "Notification Server"> "Hierarchy" menu.
In both cases, the Symantec administration server log and the Windows event log may contain useful information. The Symantec administration server log can be accessed by the server by running the "Start"> "All programs"> "Altiris" menu

One of the logs:

<event date="May 08 15:28:57 +00:00" severity="8" hostName="G100603SVA66" source="Altiris.NS.Security.SecurityContextManager.SetContextData" module="EventEngine.exe" process="EventEngine" pid="2248" thread="26" tickCount="643675"><![CDATA[Failed to get account resource for sid:S-1-5-21-2188238962-1202268741-3485574041-287093. Will use current windows user. Error:Altiris.NS.Exceptions.DatabaseNotReadyException: Failed to construct DatabaseContext object. Connection to database failed. ---> Altiris.NS.Security.Cryptography.SymmetricKeyException: Internal error. Could not load key: NS.DbConfiguration ---> System.Security.Cryptography.CryptographicException: Key not valid for use in specified state.

0

TM1 (IBM) Client blocked by Symantec AV

May 8, 2018, 9:32 am
$
0
0
I need a solution

Hello All,

We are using TM1 (by IBM) and when we're trying to open XLSX file and approve the macros inside its being blocked by the SEP (attached screenshot)

We had SEP version 14.0.2332.0100 and upgraded it to version 14.0.3929.120014.0.3929.1200

In the "old" version it worked just fine, after upgrading to the "new" version we starrted getting those "Attack: DLL Injection of Network-Sourced DLL detected..." messages...

Hope you can assist me with this issue...

Thank you very much.

0

Can I Install SEPC on my Windows Server as a Client?

May 8, 2018, 9:35 am
$
0
0
I need a solution

I just purchased our very first server for our small business.  I have been using SEPC for several months now and really like it.  I want to keep SEPC as a cloud based service, but am wondering if I can technically treat my server as a client install for SEPC.

Are there any drawbacks to running this way?

Is Windows Defender (built-in) good enough for simple user management (AD), file, print, and database sharing?

Server is running Windows Server 2016 Essentials.

0

How to do depurate agents old from the console?

May 8, 2018, 9:58 am
$
0
0
I need a solution

Hi all,

I have a Sowtare Management Solution license to use 7100 endpoints but I detect that the total has passed and I need to depot the obsolete agents that they recommend that I perform ?.I want to eliminate the agents based on the last connection 3 to 6 months in advance.
On what I rely for me to make a work plan there is some report that could help me.
 

Thank you very much and regards.

0

Does HIPS have protection for CVE-2018-8174, and what is the best place to answer this type of question?

May 8, 2018, 1:20 pm
$
0
0
I need a solution

Hi there,

  Does SEP's HIPS engine have detection for this threat -

https://portal.msrc.microsoft.com/en-us/security-g...

  Also, is there an internal reference site I can visit to look up specific attacks/vulns to see a) if SEP thwarts it and b) what HIPS (or other) definition versions are required?

0

White List issue faced in DLP

May 8, 2018, 3:02 pm
$
0
0
I need a solution

Hello

My objective is to block confidential documents sent via mail outside the network, as per business req I had to white list a particular destination e.g example.com. The problem I faced was on whitelisting the said URL, the Recipients having that particular whitlelisted URL as one of its several destinations gets totally ignored by DLP . No incident was generated.  For example:
 

White listed: xyz@example.com

Sender: abc@mycompany.com

Recipient:xyz@example.com , pqr@gmail.comcvb@yahoo.com

A simple PCI rule would trigger an event if Confidential Documents was being sent to above Recipient and should block it via response rule. Since xyz@example.com is under white list, no events were generatedDLP ignored the other destinations such gmail, yahoo etc in Recipient. As a result we have no visibility over data moving to other destinations .

Please suggest some ways to tackle this issue.

Regards,

Vishnu

0

ProxySG-WebGUI is not working

May 8, 2018, 6:30 pm
$
0
0
I need a solution

Hi Team,

We cannot access our proxy via webGUI(https).

We have tried to access different browsers but no luck,. Only the top menu is showing but rest of the things are showing blank.

We can take SSH, we can take logs via advance url(ie, sysinfo, eventlogs).

While analysing sysinfo and eventlogs we found that BCWF database failed and HTTPS initialize error.

2018-03-08 17:12:39+08:00MYT  "Server_connection_https: cannot initialize secure socket"  0 280208:65   te_gs_server_connection.cpp:1120
2018-03-08 17:12:39+08:00MYT  "Download of Blue Coat database failed"  0 500098:1   cfs_admin.cpp:698
2018-03-08 17:17:40+08:00MYT  "Server_connection_https: cannot initialize secure socket"  0 280208:65   te_gs_server_connection.cpp:1120
2018-03-08 17:17:40+08:00MYT  "Download of Blue Coat database failed"  0 500098:1   cfs_admin.cpp:698
2018-03-08 17:22:40+08:00MYT  "Server_connection_https: cannot initialize secure socket"  0 280208:65   te_gs_server_connection.cpp:1120
2018-03-08 17:22:40+08:00MYT  "Download of Blue Coat database failed"  0 500098:1   cfs_admin.cpp:698

Thanks,

Ram.

0
Search

TCP tunnel requests when a protocol error is detected

May 8, 2018, 8:29 pm
$
0
0
I need a solution

Hi guys 

in the transparence mode

When enable  "TCP tunnel requests when a protocol error is detected " 

- Where to see the tunnel sessions ?

- The tunnel seesions by "TCP tunnel requests when a protocol error is detected "  can not apply to the policy in VPM correct ? 

When create Service by Source IP address and port | Proxy :TCP Tunnel | Intercept 

- The tunnel seesions can apply to the source  policy in the VPM   but destiantion policy can't correct  ? 

BR 

PK

0

Accesslog analysis query

May 8, 2018, 9:37 pm
$
0
0
I need a solution

Hi Team,

One of our customer looking for the accesslog information (each section). We couldnt find any document related to this.

please help us to understand each section of the accesslogs.

=======================================================================================================================================

We configured the Bluecoat to send log to Reporter and the log format should be  ‘bcreportermain_v1’ , below is its log format while it seems doesn’t match with the log entry.

Many field contain IP/URL information (e.g. cs_Referer, cs_host, dest, dest_host, http_referrer, s_supplier_ip, s_supplier_name, url, etc.), I want to know the meaning of each field.

Log format of ‘bcreportermain_v1’,

date time time-taken c-ip cs-username cs-auth-group x-exception-id scfilter-

result cs-categories cs(Referer) sc-status s-action cs-method

rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uriquery

cs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes x-virusid

An example for a log entry,

2018-05-09 02:20:13 68 186.16.184.5 - - pagead2.googlesyndication.com 172.217.25.2 None - - OBSERVED "Web Ads/Analytics"http://hk.on.cc/hk/bkn/cnt/finance/20180503/bkn-20180503090146024-0503_00842_001.html  204 TCP_NC_MISS GET text/html;%20charset=UTF-8 http pagead2.googlesyndication.com 80 /pagead/gen_204 ?id=vpaid_adapter_js&event=init&vps=0.795292869681004&wt=1525832413389&sdkv=h.3.208.0&xai=AKAOjssa_ds3QNpTUO-AJjPRcwucQ-8xb1g3aRKck52RZ6sqxa4CMJXuV0cP5aocBZJS15HzjqBIFRWNkD0GXSsLK7F2EXO0Ll9J0CvewoiXAmGYkHgMng4GjxCys4r6f6v8NBeKPgrrpqXgoHWW8TSdfEbgKnzkGwBFpWmBL5icTJcGkYLHvWBe-3S1izhq2B2clj1ovZd2LM8iOrdcEWhv04Dsxcx3y8mVl3R4LZCp4DgfSfihv_4TjsBiQNTktUmdPT7HVln1tpBewdK1kXFUX6s_MY3qr81AP5Wri0TmwvcAFfRXuU_Wva1NMcXrpKKMX7lerIFiQtjyDNZ0ozuM_Fmo0EH1s42hzHyOxRNc4K-vwRP0pnalG3MR-CwNtS_teVd0aYlrTQH39Hteb5tGj4zuIBGHnxXmc9Z69pRjCfe4Eb_BlBabzxiIS7LHQ7OK5tp8FBHt899zxICfYCgxX1MZbmzzoUeCYxa8hpvQREHg8tQSWyOeJLcl41hmSV5gOmHO3Fl0069_YoUFYPbqHXxie_8UstobRw49LsYAyqFuCBsp8BdJeElp3OF-tHOZP77hZVICyQDeaf1c3byv8OKZfpCKlXqZg773mu-NkGHG54jkj4KtmOeLOGyL2NcBXixeJF_JwgHIMRmfV1U6SHiTUoU0lY09q5cK-b30lL_SqrW8jQG7WkrJaQBdk7oIBjqyIh2iBESOgE9PmgC3b5_AwzoJcVFHnj8fTSJacfDg-Wsio2_hYLJo_dNwW8ZftJAcdibVl3GhEAyAasvjdeigWHG-DidYKkkh&url=2,http://hk.on.cc/hk/bkn/cnt/finance/20180503/bkn-20180503090146024-0503_00842_001.html$0 - "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.167 Safari/537.36"186.16.216.1 496 1569 - "unavailable""unavailable" unavailable 213cfd70961615d9-00000000bafc0d97-000000005af25add - -

========================================================================================================================================================

Thanks,

Ram.

0

Difference between CPOS and Flash proxy licence

May 8, 2018, 9:37 pm
$
0
0
I need a solution

Hi, 

Need to know major Difference between CPOS and Flash proxy licence

0
1525844247

WSS for Servers on Azure

May 9, 2018, 1:30 am
$
0
0
I need a solution

Hello, how can we connect servers in Azure to WSS? Not the AD integration, we need to have some Servers in Azure going to Internet via WSS. Is this possible? Where can be found some Guide for this integration? Any help will be apreciated, many thanks.

Regards.

0

Gateway Email Encryption create a mail loop

May 9, 2018, 2:16 am
$
0
0
I need a solution

Hi, we have configured Gateway Email Encryption in Gateway Placement. The mail flow is as follows: Hosted Exchange > Synaq > SEMS > Mimecast > World. Acoording to the team handling the routing of the mails, everything is fine from their side. However, the mails are NOT passing through SEMS successfully to encrpyt them. Upon investigations, this is what they (routing team) get from their side: MAIL FROM:<user@company.com> -> 530 5.7.1 Client was not authenticated. The mails then go back to exchange and creates a mail loop. We have even added the "Send all outbound mail to relay" and add the Gateway IP address on the SEMS server. We still experience the same problem. Any ideas on how to resolve this?

Thanks in advanced,

MabundaG

0

Office 365 Skype for Business/Lync support

May 8, 2018, 9:44 pm
$
0
0
I need a solution

I read through those best practice for ProxySG to support office 365, all refer to the scenario that protocol detection is enabled.

May I ask if our proxysg deployment is explicit mode (SGOS 6.5.10.7) and protocol detection is disabled. Will it still support office365 Skype for Business/Lync?

Best Regards

0

Issues Upgrading Client to 14 RU1 MP2

May 9, 2018, 12:10 am
$
0
0
I need a solution

Hi everyone

We recently had to update our Symantec Endpoint to 14 RU1 MP2 (14.3929.1200) up from 14 MP1 (14.0.2415.0200) to allow for support to upgrade from Windows 10 1703 to 1709. 

We are doing the upgrade through SCCM and the install seemed to go through fine until we did the first round of Win 10 1709 updates. After a bit of investigation I found some machines were successfully updating to the new client version but were leaving remnants in the Program Files (x86)\Symantec\Symantec EndPoint Protection of the old version of Endpoint. For example the machines would have both the 14.0.2415.0200.105 and 14.0.3929.1200.105 folders in the install directory along with the full contents of this folder. The version of the SMC.exe in the main directory had successfully updated.

Has anyone else come across this issue and managed to do a clean uninstall, or know why only certain machines have this behaviour? 

0
Search

DCS: Server integrated with NSX -> all clients are "AV Unprotected"

May 9, 2018, 1:26 am
$
0
0
I need a solution

Dear guys,

I am wokring on a POC and I am facing an issue with DCS: Server 6.7 (Trial) integrated with NSX 6.3.2 (Standalone).

I have successfully deployed the "Guest Introspection" and "Symantec Threat Protection - NSX" services and configured their integration.

I have also deployed a Security Group and assigned a Security Policy.

The issue is that all GVMs are "AV Unprotected" !

I am missing something? What could be the reason?

Best Regards,

Claudio

0

Upgrade multiple clients with different sep versions

May 9, 2018, 2:25 am
$
0
0
I need a solution

Hi,

Our envoirenment has a mix of SEP 14 and 12 clients. I've set the auto deployment to deploy 14.0.3929.1200 to all clients in all groups, but some of the older clients are still on 12 and cannot update due to their OS restrictions, so I need to deploy the latest 12 version too (12.1.7445.7000) to update them.

As I already have 14.0.3929.1200 deployed to all groups, if I deploy 12.1.7445.7000 aswell to the same groups, will this 12.1.7445.7000 version only install on the systems that need it (SEP 12 versions, system that dont support SEP 14), and it won't downgrade 14.0.3929.1200 clients to 12.1.7445.7000?

Does SEPM 14 have any intelegence in the background to update the cleints to the latest supported cleint version automatically that has been deployed or will it keep changing the cleint versions back and forth?

Thanks!

arden

0

After Upgrade 7.6 to 8.1 imaging

May 9, 2018, 5:27 am
$
0
0
I need a solution

I have upgraded from 7.6 to 8.1 and updated my agents on my Winodws computers. However when trying to test deploy an image the computer will just sit at the Automation screen and Ghost will not begin. What am I missing?  It boots to WinPE via PXE fine but just won't start the Ghost part of the image deployment. Thanks for any input.

~Michael

0

Implementing Web Isolation

May 9, 2018, 5:28 am
$
0
0
I need a solution

Dear Team,

On proxy-chaining (ProxySG), what is the best position in network to put Threat Isolation Proxy?

2 edges proxy available on this case, one proxy collecting session from clients, forwards it to another one proxy before reaching the internet.

My concerns are the websocket performance and policy management.

Best Regards,

Eric Halim

0

Virus def for BlackHeart Ransomware

May 9, 2018, 5:52 am
$
0
0
I need a solution

Hi Team,

just wanted to know which virus defs covers BlackHeart Ransomware. On Virustotal.com

symantec deteced as trojan.gen.2.

Kindly let me know which virus defs covers BlackHeart Ransomware.

0
Viewing all 25331 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>