Good day,
simple question: Will SECS work with Exchange 2016?
The latest Implementation Guide I could find is: https://support.symantec.com/en_US/article.DOC8042.html
It only covers Exchange until Version 2013.
Best regards
Daniel
Hi,
From a few days ago, I can´t see the agents on Agent List (System > Agents > Overview > Agent List)
This problem only occurs with my admin user. If I try to connect with other admin user the agents appear on the Agent List. This isn't a connexion problem with the Endpoint Server.
Regards.
I'm getting the above message from server-13.tower-558.messagelabs.com. I have completed a blacklist check with MXToolBox and a reputation check on Cisco Talos.
IP address in question: 50.73.29.85
Any Help would be greatly appreciated.
Thanks
Hi
Today it was discovered that the policy had stopped working. Global change was just an update to 14 mp2.
Any ideas why it happened?
thnx.
Hi
I have a question regarding the ProxyAV. I do not know if this is the right forum.
The old Blue Coat forums used to have a section dedicated to ProxyAV & CAS as far as I can remember.
We have a proxy policy with malware scanning for all traffic by default, the Blue Coat Proxy is connected to a ProxyAV.
Password protected Archives are blocked.
When trying to download a password protected PDF we get one of three different outcomes:
Success - File is downloaded
Failure - Exception log message 1 below
Failure - Exception log message 2 below
All these three different results occured for the same file, namely:
http://www.novapdf.com/uploads/novapdf_en/media_items/pdf-example-password.original.pdf
What could be the explaination for getting different results for the samt file (no change in policy)?
How can a PDF trigger an archive error?
The policy to block password protected archives, is that supposed to block password protected PDFs also?
Log message 1 (excerpt):
URL: http://www.novapdf.com/uploads/novapdf_en/media_items/pdf-example-password.original.pdf
ATEXT=Cause: File is password protected (engine error code: 0x000A0000)
File has been dropped.
Log message 2 (excerpt):
URL: http://www.novapdf.com/uploads/novapdf_en/media_items/pdf-example-password.original.pdf
ATEXT=Cause: Maximum total files in archive exceeded (engine error code: 0x00070000)
File has been dropped.
I'm getting the above message from messagelabs.com. I have completed a blacklist check with MXToolBox and a reputation check on Cisco Talos.
IP Address in question 50.73.29.85
log file entry:
Mon 2017-09-04 16:30:51.135: 01: Parsing message <e:\mdaemon\queues\remote\retry\pd90000000213.msg>
Mon 2017-09-04 16:30:51.135: 01: * From: sziegler@haverfield.com
Mon 2017-09-04 16:30:51.135: 01: * To: scott.cantor@pnc.com
Mon 2017-09-04 16:30:51.135: 01: * Subject: RE: 2016 Financiaks
Mon 2017-09-04 16:30:51.135: 01: * Size (bytes): 577461
Mon 2017-09-04 16:30:51.135: 01: * Message-ID: <65fa57ce.1d325ac.11329910.43eb@haverfield.com>
Mon 2017-09-04 16:30:51.135: 05: Resolving MX record for pnc.com (DNS Server: 192.168.1.10)...
Mon 2017-09-04 16:30:51.306: 05: * P=010 S=000 D=pnc.com TTL=(6) MX=[cluster5.us.messagelabs.com]
Mon 2017-09-04 16:30:51.306: 05: * P=020 S=001 D=pnc.com TTL=(6) MX=[cluster5a.us.messagelabs.com]
Mon 2017-09-04 16:30:51.306: 05: Attempting SMTP connection to cluster5.us.messagelabs.com
Mon 2017-09-04 16:30:51.306: 05: Resolving A record for cluster5.us.messagelabs.com (DNS Server: 192.168.1.10)...
Mon 2017-09-04 16:30:51.306: 05: * D=cluster5.us.messagelabs.com TTL=(14) A=[216.82.242.34]
Mon 2017-09-04 16:30:51.306: 05: * D=cluster5.us.messagelabs.com TTL=(14) A=[216.82.241.195]
Mon 2017-09-04 16:30:51.306: 05: * D=cluster5.us.messagelabs.com TTL=(14) A=[216.82.250.83]
Mon 2017-09-04 16:30:51.306: 05: * D=cluster5.us.messagelabs.com TTL=(14) A=[216.82.242.147]
Mon 2017-09-04 16:30:51.306: 05: * D=cluster5.us.messagelabs.com TTL=(14) A=[216.82.250.99]
Mon 2017-09-04 16:30:51.306: 05: * D=cluster5.us.messagelabs.com TTL=(14) A=[216.82.251.35]
Mon 2017-09-04 16:30:51.306: 05: * D=cluster5.us.messagelabs.com TTL=(14) A=[216.82.251.36]
Mon 2017-09-04 16:30:51.306: 05: * D=cluster5.us.messagelabs.com TTL=(14) A=[216.82.251.37]
Mon 2017-09-04 16:30:51.306: 05: * D=cluster5.us.messagelabs.com TTL=(14) A=[216.82.250.51]
Mon 2017-09-04 16:30:51.306: 05: * D=cluster5.us.messagelabs.com TTL=(14) A=[216.82.242.131]
Mon 2017-09-04 16:30:51.306: 05: * D=cluster5.us.messagelabs.com TTL=(14) A=[216.82.242.37]
Mon 2017-09-04 16:30:51.306: 05: Randomly picked 216.82.250.51 from list of possible hosts
Mon 2017-09-04 16:30:51.306: 05: Attempting SMTP connection to 216.82.250.51:25
Mon 2017-09-04 16:30:51.306: 05: Waiting for socket connection...
Mon 2017-09-04 16:31:12.244: 04: * Socket error 10060 - The connection timed out.
Mon 2017-09-04 16:31:12.244: 05: * 216.82.250.51 added to connection failure cache for 5 minutes
Mon 2017-09-04 16:31:12.244: 05: Attempting SMTP connection to cluster5a.us.messagelabs.com
Mon 2017-09-04 16:31:12.244: 05: Resolving A record for cluster5a.us.messagelabs.com (DNS Server: 192.168.1.10)...
Mon 2017-09-04 16:31:12.244: 05: * D=cluster5a.us.messagelabs.com TTL=(14) A=[216.82.251.230]
Mon 2017-09-04 16:31:12.244: 05: * D=cluster5a.us.messagelabs.com TTL=(14) A=[85.158.139.103]
Mon 2017-09-04 16:31:12.244: 05: Randomly picked 85.158.139.103 from list of possible hosts
Mon 2017-09-04 16:31:12.244: 05: Attempting SMTP connection to 85.158.139.103:25
Mon 2017-09-04 16:31:12.244: 05: Waiting for socket connection...
Mon 2017-09-04 16:31:12.354: 05: * Connection established 192.168.1.16:4239 --> 85.158.139.103:25
Mon 2017-09-04 16:31:12.354: 05: Waiting for protocol to start...
Mon 2017-09-04 16:31:12.463: 02: <-- 220 server-14.tower-558.messagelabs.com ESMTP
Mon 2017-09-04 16:31:12.463: 03: --> EHLO haverfield.com
Mon 2017-09-04 16:31:12.573: 02: <-- 250-server-14.tower-558.messagelabs.com says EHLO to 50.73.29.85:4239
Mon 2017-09-04 16:31:12.573: 02: <-- 250-STARTTLS
Mon 2017-09-04 16:31:12.573: 02: <-- 250-8BITMIME
Mon 2017-09-04 16:31:12.573: 02: <-- 250 PIPELINING
Mon 2017-09-04 16:31:12.573: 03: --> STARTTLS
Mon 2017-09-04 16:31:12.682: 02: <-- 220 2.0.0 continue
Mon 2017-09-04 16:31:13.135: 05: SSL negotiation successful (TLS 1.0, 2048 bit key exchange, 128 bit RC4 encryption)
Mon 2017-09-04 16:31:13.135: 03: --> EHLO haverfield.com
Mon 2017-09-04 16:31:13.244: 02: <-- 250-server-14.tower-558.messagelabs.com says EHLO to 50.73.29.85:4239
Mon 2017-09-04 16:31:13.244: 02: <-- 250-8BITMIME
Mon 2017-09-04 16:31:13.244: 02: <-- 250 PIPELINING
Mon 2017-09-04 16:31:13.244: 03: --> MAIL From:<prvs=14201c4baf=sziegler@haverfield.com>
Mon 2017-09-04 16:31:13.354: 02: <-- 250 2.0.0 MAIL FROM accepted
Mon 2017-09-04 16:31:13.354: 03: --> RCPT To:<scott.cantor@pnc.com>
Mon 2017-09-04 16:31:13.463: 02: <-- 421 Service Temporarily Unavailable
Mon 2017-09-04 16:31:13.463: 03: --> QUIT
Mon 2017-09-04 16:31:13.463: 01: * This message is 0 days old; it has 2 days left to get delivered
Mon 2017-09-04 16:31:13.463: 04: SMTP session terminated (Bytes in/out: 350/227)
Mon 2017-09-04 16:31:13.463: 01: ----------
Any Help would be greatly appreciated.
Thanks
New admin in DLP and migrating from an old DLP 11 version to DLP 14.5 and the IM's for the Endpoint is missing the checkbox while the Network is still there when trying to create the new policy rule for "Protocol or Endpoint Monitoring". Checked the agent configurations between the two and it is available in 11 but not in 14. Tried searching for a release note on this and haven't found it yet.
Was this removed in 14? Seems it was in 12. Or is there another place to enable IM for the Endpoints?
Hi,
I recently uninstalled an agent from machine and installed a newer agent and after restarting machine I am stuck and the screen says, "Loading drivers...". Does anyone know how to resolve this issue?
Thanks,
Lorenzo
I tried to uninstall DLP agent using the "msiexec /x {GUID}.... All went well on client side, looking at services EDPA and WDPA all are remove.
Question: Do I need to remove on SDLP console? Per looking the agent was not remove..
We're looking at deploying endpoint encryption for a client with visually impaired users. I can find references to F5 pre-boot audible tones in documents about older versions but no mention of this feature in the current version. do they still exist in the current version?
also, there is mention of the versions of SQL that are supported but no indication that SQL is included in the product - does this have to be purchased seperately?
many thanks.
Gen-key and import have stopped working, Does not add the new key to the keyring.
encrypt and decrypt work fine.
Shows success on gen-key and import, but the keys are not added to key ring.
timestamp on key ring show 8/10/17 which is the last time it worked.
These files doe exist on our Net App Device, have for many years.
Moved keyrings to local drive and works.
Hi Team,
Currently i have 1 no. of SEPM 12.1 RU4 MP1a server in LAN Zone with 300 client. 1 no. of SEPGUP Server in same zone. I have installed Symantec NAC integrated enforcer for DHCP servers in DHCP Server. My quesiton is that if i upgrade my SEPM server from 12.1 ru4 mp1a to 14 mp2 directly, is there any impact in host integrity checking part in user's client system while getting IPs through DHCP.
To check this, i have restored bare metal backup of existing SEPM 12.1 into one of spare server. Uprgraded to 14MP2 in standalone mode successfully without error and remove the patch chord from live server and connected to this server for testing purpose. After sometime all the laptops got notification like host integrating checking failed and their pc gets quarantine IP and all the services got blocked. So my question is that why this type of error generated in user's client laptop. In Host Integrity checking, there are 3 nos. of parameter checking defined, domain, service pack and windows 7 and the error was generated for service pack and windows 7 only.
Hello everyone!!!
Recently I've detected 3 workstations that are creating multiple files in the directory:
C:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.2332.0100.105\Data\ErrMgmt\Queue\Incoming
The folder is growing rapidly and reached: 700gb.
These cases are isolated, so I would like to know if it is possible to disable the creation of these error logs directly in regedit equal to SEP12.
Symdiag did not return any faults, I already uninstalled with cleanwipe and reinstalled from scratch, but I still have this failure.
Could someone help me in this case?
Thank you
I have a user that keeps running into a Trojan Horse popup every other week and sometimes weekly. The Trojan Horse has the following information:
Filename: dwh18f4.tmp
Location: C:\ProgramData\Symantec\DefWatch.DWH\
Risk: Trojan Horse
Status: Infected
Any help would be greatly appreciated. Thank you.
Within my DLP 14.6.01 environment, I put together a test discover scan to verify if compressed, password protected and encrypted files containing protected data would be detected. All of the subject files were based off two Excel spreadsheets and one Word document containing the fake protected information. The policy was based on Employee Data Protection. All of the Word Processing, Spreadsheet, Encapsulation and Encryption formats were selected. The compression algorithms were rar, zip, 7zip, tar, iso, bz2, maff, mht, gz and tar.gz. Each created with the native application. The Scan Target specified the Policy Group (one policy only) and Always scan all items, Saved Credentials (Domain Admin), Content Root (my network share), no Filters, no Advanced, no Protect.
A fairly basic setup.
As expected, none of the encrypted files caused an incident. Only the csv formatted Paswword Protected file generated an incident, the Excel workbook did not. All of the 'bare' files caused an incident. All of the compressed files generated an incident, with the exception of the 7zip and RAR ones. Which is where my question comes from.
The 7 Zip and RAR formats are explicitly identified in the Message Attachment or File Type Match condition. Yet, it appears they went undetected. I would say it was because DLP was looking for the .7 Zip extension as indicated in the condition and not the extension application assigns, .7z. But that does not float with the RAR ones. They have the .rar extension. Is DLP just looking at the extensions? Does it not recognize the algorithms used? What am I missing?
Djacobs
Setting up a new 14.x deployment and some of our admins are insisting that SQL files / folders must be excluded from scans
Investigating this, the only related articles I can find are several years old. I saw something that mentioned that SEP does not not scan databases by default.
So I am just seeking clarification whether it is still recommended / required to exclude any SQL content from active or scheduled scans
thanks
Hi,
Is it supported to convert DLP 14.6 Oracle database LOBs from basicfile storage to Securefile type?
As I know, DLP is still using basicfile storage, see http://www.symantec.com/docs/TECH221197.
Regards.
Hello everyone. I have a problem.
The essence of the problem: what will happen when the Symantec Endpoint Protection 14.0 Enterprise Edition licenses become over-deployed.
How will this affect the functionality of clients and the server?
What are the critical changes in functioning can happen?
Thank you.
Hello,
We are currently unable to send to many domains that use the Symantec Cloud for spam filtering Up to about 48 hours ago, we had no issues in sending emails these emails. We have a very large
number of receipents that have been affected. Please see error response below.
I have looked at the read me supply by the link below, but there's nothing there that indicates what might be causing not been able to send emails to these receipents. Our SPF/DKIM records are setup correctly.
Our sending IP address is not blacklisted.
The content of the email has not changed. I would be grateful if maybe I could be able to find out the issue and hopefully resolve as quickly as possible.
I can supply any further information that might be required.
Thank you in Advance for any help that can be supplied.
Best Regards
Darren
Your message did not reach some or all of the intended recipients:
<removed>
Error Type: SMTP
Remote server (85.158.137.83) issued an error.
hMailServer sent: .
Remote server replied: 553-Message filtered. Refer to the Troubleshooting page at
553-http://www.symanteccloud.com/troubleshooting for more
553 information. (#5.7.1)
