Quantcast
Channel: Symantec Connect - Products
Viewing all 21587 articles
Browse latest View live

Audit Logging for Symantec ATP

September 12, 2017, 8:55 pm
$
0
0
I need a solution

Dear All, 

Would like to understand if it is possible to turn on audit logging for Symantec ATP ? 

Have went through the Installation Guide and also the Administration Guide, but are not able to find any information to turn on audit logging for the Symantec ATP. 

The requirement here is to have a means to collect logs on events like login events, power on/off event, system events, and etc. I believe this is a common security requirements especially for a security-centric appliance.

Understand that it is possible to connect to syslog server and start piping syslog, however it seems like the syslogs only contains ATP Events (e.g.: conviction events, alerts, etc).

So, is there any way to turn on audit logging for Symantec ATP ? 

Thank you. 

Regards,

W.L

0
Search

ManagementCenter VPM

September 13, 2017, 12:20 am
$
0
0
I need a solution

I have some trouble with the MGMT-Center Management CenterVersion: 1.10.1.1 Build: 203511  and the included VPM-Editor.
Is it possible to configure the Mgmt-Center, that it will listen on HTTP?

My Problem is a Java Security Problem with the Mgmt-Center Certificate.
With Bypass the Mgmt-Center URL, Java will always inspect the certificate.

Regards

Thorsten
 

0

Update Error from SMG 10.6.2-7 to 10.6.3-2

September 13, 2017, 12:26 am
$
0
0
I need a solution

When I updated the SMG from 10.6.2-7 to 10.6.3-2, and got the attached print screen.  How could I solve the problem?

Thanks.

0

Question on quarantine and scanning sequence in SMG

September 13, 2017, 12:33 am
$
0
0
I need a solution

1. How could I check the size of quarantine folder?

2. What is the scanning sequence in SMG? e.g. Content filtering --> Malware --> Spam --> ...

Thanks.

0

DLP Email Prevent

September 13, 2017, 12:35 am
$
0
0
I need a solution

Hi,

Is DLP 14.5 support the network prevent for email with the email system Microsoft Exchange 2007 and HMAIL ?

Thanks

0

"501 Connection rejected by policy"

September 12, 2017, 10:27 pm
$
0
0
I need a solution

Hello!

We are a company offering various hosting services.

Recently, one customer have complained over Mail delivery failed: returning message to sender

Server ip  162.210.98.151 (deszr.com)

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
 
SMTP error from remote mail server after initial connection:
501 Connection rejected by policy [7.7] 5608, please visit www.messagelabs.com/support< http://www.messagelabs.com/ support>
 

I would appreciate if anyone could help to this matter.

Thank you very much and good day.

0

ProxySG with Web Prevent DLP and SSL Visibility

September 12, 2017, 11:44 pm
$
0
0
I need a solution

Hi,

I'm trying to setup up SSLV with ProxySG, while Web DLP Prevent already integrated with ProxySG. HTTP traffic get detected and blocked by the DLP through ICAP, while HTTPs traffic is not being blocked by DLP. I was reading the SSLV guide and ProxySG guide about any special configuration required, didn't find anything tricky.

From the SSL Admin Guide:

- Both SSL Visibility and ProxySG appliances must have valid licenses with birth certificates installed in order to participate in SSL Offload.
- The ProxySG license should include the SSL feature.
- The ProxySG appliance must be running the SGOS 6.7.x release.
- The ProxySG appliance should be fully configured to process SSL traffic (SSL intercept rule set).
- The ProxySG appliance must be reachable at Layer2 from the SSL Visibility appliance.
- A load balancer, or any other additional device, cannot be configured in the active loop with ProxySG appliances

Any ideas?

0
1505359304

SEP 14 - no /etc/liveupdate.conf - specify custom live update server

September 13, 2017, 3:46 am
$
0
0
I need a solution

With Linux and SEP 14, how do I specify a custom live update server on an unmanaged client?

i.e. With SEP 12 you could do /etc/liveupdate.conf
# LiveUpdate.conf

hosts/0/url=http://customsevercom:80/

Where can I specify this with SEP14 now JLU has been removed.

0
Search

How to interpret virus alert?

September 13, 2017, 4:00 am
$
0
0
I need a solution

Hi all.  I often see these with customer systems, via SEP 12, 14, SEPC, and SEP SBE deployments.  I alwyas wonder - do they indicate that a system compromise occured and somebody dumped active malware onto the computer, having bypassed endpoing security, or, because of the fact that it is a script and is likely launched via visiting a website, it's just showing a file path that scripts normally end up in when they try to launch.  Sorry, early in the morning, may not be wording myself correctly.  Here's a path to a sample detection found this morning: 

\users\username\appdata\local\packages\microsoft.microsoftedge_8wekyb3d8bbwe\ac\#!001\microsoftedge\cache\efg5451j\script[2].jsoc (I put "jsoc at the end, replacing .js just in case this post gets filtered).
So is this a script a website tried to store or launch, or does it mean someone already bypassed security and placed a script in a local file path?  Thanks very much.  
 
0

Bluetooth vulnerability #BlueBorne

September 13, 2017, 5:55 am
$
0
0
I do not need a solution (just sharing information)

Hello,

It will be nice to know more about this vulnerability and if SEP provides protection in case of OS mobile and desktop.

Info in media:

https://www.armis.com/blueborne/

https://techcrunch.com/2017/09/12/new-bluetooth-vu...

https://www.youtube.com/watch?v=QrHbZPO9Rnc

From ARMIS website:

Windows

All Windows computers since Windows Vista are affected by the “Bluetooth Pineapple” vulnerability which allows an attacker to perform a Man-in-The-Middle attack (CVE-2017-8628).

Microsoft is issuing security patches to all supported Windows versions at 10 AM, Tuesday, September 12. We recommend that Windows users should check with the Microsoft release here for the latest information.

Linux

Linux is the underlying operating system for a wide range of devices. The most commercial, and consumer-oriented platform based on Linux is the Tizen OS.

  • All Linux devices running BlueZ are affected by the information leak vulnerability (CVE-2017-1000250).
  • All Linux devices from version 3.3-rc1 (released in October 2011) are affected by the remote code execution vulnerability (CVE-2017-1000251).

Examples of impacted devices:

Information on Linux updates will be provided as soon as they are live.

iOS

0

Which files in the SEP Manager need to be monitored? (PCI)

September 13, 2017, 8:49 am
$
0
0
I need a solution

As per PCI 11.5:

"Deploy file-integrity monitoring software to alert personnel to unauthorized modification of critical system files, configuration files, or content files; and configure the software to perform critical file comparisons at least weekly."

Which files on the SEP Manager are deemed "critical system files, configuration files, or content files" ?

I'm setting up a File Integrity Montioring (FIM) solution, and need to know which files I need to watch for changes, that normally shouldn't be changed on the SEP Manager.

Thanks,

Brian

0

unable to find back trace information in Symantec Endpoint Protection

September 13, 2017, 10:49 am
$
0
0
I need a solution

I can not find back trace information in traffic in SEP when i try to get ip details its unable 

can you please guid me is it possible to get information of all hopes?

0

Symantec data loss prevention Printer/Fax Protocol trigers Many timer

September 13, 2017, 1:10 pm
$
0
0
I need a solution

Hi All, We are testing a print block policy but it is triggering printer/Fax Protocol to the number of pages in document but it should only trigger one match for this protocol.

Is anyone getting same issue
My environment is 14.6
All agents and detection server are of same version

Please help.

Thanks

0

WDRT token does not unlock drive

September 13, 2017, 2:58 pm
$
0
0
I need a solution

We have installed the 10.3.2 client on our Windows 7 and 10 computers.

We have been seeing a rise in WDRT tokens not unlocking the drive for users to log in.  A message of Incorrect token appears and the user has tried entering the code with - and no - from the code.  The code on the console is the code with the latest time stamp.

We have not have any luck with these devices, so we need to send users a different computer for them to use.  Then we get it and unlock it with the ADMIN password.  No one seems to know why this isnt working.  Are there log files that would tell us more information?  Or is there a way to see what the code is on the device and compare it to what is on the server?  IS there a way to globally resync the tokens on active devices?

0

How to re-order the default management server list?

September 13, 2017, 5:00 pm
$
0
0
I need a solution

Hi everyone,

Just to be sure we're on the same page: I DO NOT WANT TO DELETE the default management server list. I just want to re-order it so that the top choice isn't an IP address but rather the FQDN of the management SEPM server. As it stands by default the list contains 3 entries on a single SEPM deployment:

1. the IP address of the SEPM server 

2. the host name of the SEPM server 

3. the FQDN of the SEPM server 

This is a simple deployment; one SEPM 12.1.4013.4013; no replication; no multiple sites or domains or any other complexities.

The reason I want to have FQDN of the management server on top is that so all SEP clients make that their first choice in precipitation of a future changes. That's all.

Now I do know that one can NOT delete the default management server list - fine but can I edit it so that the first choice is NOT an IP address but the FQDN of the only SEPM server?

Thank you

~B 

0
Search

Easiest way to move from one SEPM Server to another ??

September 13, 2017, 8:46 pm
$
0
0
I need a solution

Hi,

I have 1,xxx clients run on a SEPM server (12.1.5 with embedded DB) which occasionally crash.

Now we already have a new SEPM server (fresh install with MS SQL Server). And we want the clients from old server to report to this new server.

The company is very strict with their security policy so there're some conditions, I've tried several method but still doesn't work.

Here's what I tried.

1. Export and Import Sylink.xml 
>> This works on test site, but we cannot use this method since there're 1,xxx clients and we can't access the physical client.

2. Remote push
>> Doesn't work, couldn't scan the client since the compay doesn't allow ping and network sharing.

3. From the old server, I try adding the new server as primary and then deploy this new communication.
>> I can see the client trying to connect to the new server. but got error "The request was not in the expected format"
>> Anything I need to do if I want to complete this method? Looks like the client refuse to connect to the new server.

Any advise is appreciated.

Regards,
TK

0

Client windows 10

September 14, 2017, 12:12 am
$
0
0
I need a solution

Hello,

I tried to install Symantec Endpoint Protection version 14.0.1904.0000 for WIN64BIT  on Windows 10 but I receive the following message: This app can't run on this PC!!!!

0

can SEP client block exe running from DVD-r or CD-R?

September 14, 2017, 3:21 am
$
0
0
I need a solution

HI,

Can Symantec Endpoint protection Client block the running process of exe residing on DVD-r or CD-R?

If its possible where should i need to do changes in Symantec Endpoint Protection Manager version 14?

Quick reply will be appreciated.

Thanks and Regards,

Tejas

0

Windows Firewall and Symantec Firewall simultaniously

September 14, 2017, 5:37 am
$
0
0
I need a solution

Hi there,

at first. I know it is not a recommended configuration.

But we have a lot of software installed that generates their "exceptions" while install. So i cannot deploy Symantec with the standard settings.

The only thing to achieve is that i can block surfing or traffic to wildcard DNS like *.dropbox.com or other sites that are not allowed from the clients. Yes we can block this in our company firewall but there are 80% mobile workers who surf with their 3G/4G or Wireless.

I cannot achieve this with Windows Firewall (at least i could not find anything) so i thought i can use Symantec for this. At the moment the Client is installed without the firewall part. But for the new deployment i would like to use this blocking or other features that need an active firewall.

So should i just but any / any to inbound/outbound rules. Leave the windows firewall active and move the domains to block to the top?

Best regards

Stephan

0

Remote Desktop Connections

September 14, 2017, 6:26 am
$
0
0
I need a solution

Hi Dear ,

Is there a Remote Desktop Connections features in symantec endpoint manager ? so that help to access any client throw it.

Regards ,

Ali

0
Viewing all 21587 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>