Locking Down a Win7 Pro so only a few programs can run

September 15, 2017, 8:48 am

≫ Next: Browse Network Error

≪ Previous: Messaging Gateway is an end-of-life product that has been discontinued​

$

0

0

I need a solution

SEP Forum,

Got hit with a very specific question that I am not exactly sure this product can resolve. Wondering if anyone out there has some insights or suggestions.

Management wants a group of computers locked down so they can only run 2-3 installed programs.  All internet, chat, FTP, etc blocked.  No mapping of drives. No USB sticks.  No customizations of the PC what-so-ever.  You run these 2-3 programs only. The rest of the PC is basically a door stop.

On concept, I think I can tell SEP to block everything and then add exceptions but I think I will find it harder than that because applications may need components like .net and I don't want to stop internal processes like Windows Updates and Defrag.

I think it is an interesting concept/challenge.  I don't want to say no right off the bat without at least exploring the possibility.  Any productive thoughts would be appreciated.

Douglas

0

---

Browse Network Error

September 15, 2017, 10:16 am

≫ Next: Console access issues

≪ Previous: Locking Down a Win7 Pro so only a few programs can run

$

0

0

I need a solution

When trying to remotely deploy a package to a client pc a "Browse Network Error" message shows when trying to search for clients on the network.

0

Console access issues

September 15, 2017, 5:54 pm

≫ Next: How to verify Symantec Protection Engine for NAS 7.9 is working

≪ Previous: Browse Network Error

$

0

0

I need a solution

Hi All,

In my SEP console I do not have access to the option which allows me to push newer versions of the SEP clients to the computer network. Even it it not visible or hidden. Please advice me how to enable it or how to get it done.

Thanks.

0

How to verify Symantec Protection Engine for NAS 7.9 is working

September 16, 2017, 10:30 am

≫ Next: Incident response presentation for virus removal

≪ Previous: Console access issues

$

0

0

I need a solution

I have done installation of Symantec Protection Engine and done configuration in NAS and SPE 7.9 through  ICAP protocol (both SPE and NAS with same IPs)

Port no 1344 is open on SPE and i also Check Enable trickle to enable the data trickle feature.

Now i the issue is i dont know that its working or not its scanning or not ?

is there any way to verfiy that configuration which i did is right or wrong ?

0

Incident response presentation for virus removal

September 16, 2017, 4:14 pm

≫ Next: view leaked file through endpoint printer

≪ Previous: How to verify Symantec Protection Engine for NAS 7.9 is working

$

0

0

I need a solution

I need incident response presentation for virus removal and trouble shooting.. please share me 

0

view leaked file through endpoint printer

September 16, 2017, 10:22 pm

≫ Next: Creating SONAR Exclusions for N-Able files (agent.exe)

≪ Previous: Incident response presentation for virus removal

$

0

0

I need a solution

Hi,

I would like to know if anyone has a workaround to viewing files leaked through a printer on an endpoint.

The GUI shows the file name that was printed but we cannot view the content.

Thanks,

Jerry Savio

0

Creating SONAR Exclusions for N-Able files (agent.exe)

September 17, 2017, 3:55 pm

≫ Next: Symantec Data Loss Prevention - Incident Attachments

≪ Previous: view leaked file through endpoint printer

$

0

0

I need a solution

Hi There,

I've been tyring to create file and folder Exclusions for C:\PROGRAM FILES (X86)\N-ABLE TECHNOLOGIES\WINDOWS AGENT\BIN\AGENT.EXE.  I have tried the following...

A. C:\PROGRAM FILES (X86)\N-ABLE TECHNOLOGIES\WINDOWS AGENT\BIN\AGENT.EXE

B. %%PROGRAMFILES%%N-ABLE TECHNOLOGIES\WINDOWS AGENT\BIN\AGENT.EXE

C. "C:\PROGRAM FILES (X86)\N-ABLE TECHNOLOGIES\WINDOWS AGENT\BIN\AGENT.EXE"

But still, SONAR is flagging this file.  What am I missing?

Thanks, Travis

0

Symantec Data Loss Prevention - Incident Attachments

September 17, 2017, 6:26 pm

≫ Next: Slow Mail distribution with PGP

≪ Previous: Creating SONAR Exclusions for N-Able files (agent.exe)

$

0

0

I need a solution

Hello,

I have been Googling around for a while now about this.

Note: I have my DLP server configured to store incident attachments​ on external storage.

I have a few questions:

1. What are incident attachements?
2. How are they used?
3. How are they accessed?

Cheers,

Cameron Mottus

0

---

Slow Mail distribution with PGP

September 17, 2017, 11:38 pm

≫ Next: Redeploying SEP clients using third party tool

≪ Previous: Symantec Data Loss Prevention - Incident Attachments

$

0

0

I need a solution

we regognize, if we sent an eMail in our organization, he is always checking, if the recipient has an PGP-MAil account and it look´s that somtimes it takes more than 15 minutes to transport the MAil to the original recipient; is it possible to avoid this check, when the MAil is unencrypted and only in case of the mial is real encrypted, than check and sent the mail encrypted?

best regards

Bernhard Heß

0

• check-pgp.PNG

Redeploying SEP clients using third party tool

September 17, 2017, 11:51 pm

≫ Next: SYMANTEC ENDPOINT PROTECTION SBE 2013 PER USER HOSTED AND OPREMISE

≪ Previous: Slow Mail distribution with PGP

$

0

0

I need a solution

Hi

We are redeploying SEP client installer for both x86 and x64 using a thrid party tool (Tivoli Endpoint Manager Client Deploy Tool) and the success rate of deployment is not that high.

I was thinking if the tamper protection and the password settings set to SEPM is the one causing deployment of SEP clients fail.

Currently the tamper protection is set as block and log and we have set password for SEP client.

Is it possible that these 2 setting is the reason why some SEP client deployment fail?

Or do you experience any issue using third party tool?

Thanks in advanced.

0

SYMANTEC ENDPOINT PROTECTION SBE 2013 PER USER HOSTED AND OPREMISE

September 18, 2017, 2:20 am

≫ Next: Clients GUP status is still false

≪ Previous: Redeploying SEP clients using third party tool

$

0

0

I need a solution

Buenos días,

Actualmente uno de nuestros clientes tiene SYMANTEC ENDPOINT PROTECTIN SBE 2013 PER USER HOSTED AND ONPROMISE.

Le interesa poder bloquear los USB de los equipos (según elección) y se le informó que la versión ENTERPRISE lo hacía.

Actualmente le va a caducar y al pasar a la versión 14 que es la que está viva en este momento, no sé si existe versión ENTERPRISE o si esa versión permite dicho bloqueo de USB.

Muchas gracias de antemano,

0

Clients GUP status is still false

September 18, 2017, 2:55 am

≫ Next: Integration of Palo Alto with Bluecoat/Symantec SSLVA

≪ Previous: SYMANTEC ENDPOINT PROTECTION SBE 2013 PER USER HOSTED AND OPREMISE

$

0

0

I need a solution

Dears,

I have a situation where I configured multiple GUP list by creating a rule that match by IP address and added in the list the IP addresses of the machines that should be acting as GUP in the subnet but after making sure that policy serial number is the latest on the machines when i open the client properties it says GUP "false".

Any idea what could be going wrong?

Thanks in Advance

0

Integration of Palo Alto with Bluecoat/Symantec SSLVA

September 18, 2017, 4:12 am

≫ Next: Fusion 2 bases SEPM

≪ Previous: Clients GUP status is still false

$

0

0

I need a solution

Hi, Does anyone throw some light on the integration guide or steps deploying SSLVA along with Palo Alto NGFW in in-line mode. Thanks

0

Fusion 2 bases SEPM

September 18, 2017, 4:42 am

≫ Next: Report on unknown device failures

≪ Previous: Integration of Palo Alto with Bluecoat/Symantec SSLVA

$

0

0

I need a solution

Bonjour,

J'ai 2 serveurs physiques SEPM 12.1.5. (serveur A et serveur B) sous Windows 2003 avec chacun leur base de clients distinctes

J'ai crée une machine virtuelle sous Windows 2016 server (serveur C) sur laquelle je souhaite rassembler les 2 bases sur ce serveur pour n'en faire qu'une.

Le but final étant de supprimer les 2 anciens serveurs physiques et de migrer ensuite vers SEPM 14

Comment dois-je procéder ?

Merci

0

Report on unknown device failures

September 18, 2017, 6:25 am

≫ Next: Directory Synchronization enabled removed user won't show back up in Internal Users listing

≪ Previous: Fusion 2 bases SEPM

$

0

0

I need a solution

Hello. We've just migrated to Symantec from McAfee and are in the process of deploying clients, so am quite new to Symantec. I've enabled 2 machines (one on each of our subnets) as Unmanaged Detectors and can view the results under Home > Security Status > Security Status Details > Unknown Device Failures. Ideally what I'd like to do now is produce a report on these devices so I can identify them further and act (resolving the ip address to a name would be nice but even just a list of IPs would do). Can anyone help with any advice on this? Thanks.

0

---

Directory Synchronization enabled removed user won't show back up in Internal Users listing

September 18, 2017, 7:22 am

≫ Next: Create exception based on hash or filename without file path

≪ Previous: Report on unknown device failures

$

0

0

I need a solution

Hello,

      A user was removed from the encryption server which has directory synchronization setup and working.  The Active Directory information on the user has not changed (same sAMAccountName and group assignments) but is not showing back up in the user listing and cannot be added as a pass-phrase user in desktop encryption.  I checked my LDAP connection and everything is working as needed.  The user is a member of the base DN and is in the correct security groups to be assigned to a group on the encryption server.  Is there something I am missing?

Thanks

Sean

0

Create exception based on hash or filename without file path

September 18, 2017, 7:33 am

≫ Next: NO UPDATE ON SEP 14 CLIENTS FROM SEPM

≪ Previous: Directory Synchronization enabled removed user won't show back up in Internal Users listing

$

0

0

I need a solution

Hi,

we are wondering if we can create an exception for files which is based on hash value but ignores file path.

When adding a file through risk log or application learning, the exception is always based on hash and file path. We want an exception based on hash which ignores where the file is located at.

Is that possible?

Regards

concentric

0

NO UPDATE ON SEP 14 CLIENTS FROM SEPM

September 18, 2017, 7:42 am

≫ Next: Getting Symantec Agent to install on 64-bit linux systems.

≪ Previous: Create exception based on hash or filename without file path

$

0

0

I need a solution

Hi All,

Here is the issue i'm facing. i have upgraded sepm et clients to version 14 but no update definitions coming.

When i lauch liveupdate it says no virus definitions found.

Thanks !

E.Y

0

Getting Symantec Agent to install on 64-bit linux systems.

September 18, 2017, 8:09 am

≫ Next: Data Identifier.

≪ Previous: NO UPDATE ON SEP 14 CLIENTS FROM SEPM

$

0

0

I need a solution

Hello Symantec Team, 

We purchased Symantec EP ( version 14 Mp2)  with high hopes that it would be a smooth roll out. We have lot of 64bit Ubuntu Linux systems. The issue that we ran into is what is described in this tech article : https://support.symantec.com/en_US/article.TECH228118.html 

All of our 64bit  linux systems already have libc6 & libstdc++6 installed by default. There is a heavy dependency of these 2 libraries on our project applications & to the functioning of the OS as a whole. I am sorry, but does Dev team assume that it is that easy to just remove off libc6:64 bit & replace them with libc:32 bit ?  Our case is no different than any other customer or end user who have either a web application or some other application installed on their 64bit linux systems which make use of libc6 & libstdc++6.

Pls see below attachment.  Just as an example, If we try to remove libc6:amd64  from an existing 64bit system,  the system warns us that it will have to further remove all those packages that are dependant on libc6 as well.  This will technically make our system unusable if we were to proceed. I have a tech support ticket open but i am pretty sure there won't be any immediate fix & most likely i would be told to submit a feature request which can take months. 

Is anybody else in the same boat as us ?  Any advise will be appreciated.

Thanks,

Neeraj Shah

CyberSecurity Engineer

0

Data Identifier.

September 18, 2017, 9:54 am

≫ Next: SSL Decyphering + Header insertion

≪ Previous: Getting Symantec Agent to install on 64-bit linux systems.

$

0

0

I need a solution

Hi

I need to block all the files moving from an endpoint to a USB, I create this DATA IDENTIFIER to find any number and any "A-a" letters however is bot being blocked.

\w[A]
\w[a]
\d[1234567890]

Does anyone can help me thanks a lot.

0