I have to realize SSL decyphering on a ProxySG qppliqnce to insert a specific header.
My proxy is in explicite mode; traffic is well intercepted and the certificate shown to the user is the one i imported.
I wrote the folloing code in CPL to insert the header "toto", but it seems it is not inserted though the action SETHEADER is matched when i make a trace policy.
We're trying to connect the DLP system to Exabeam. For the most part, it works well. However, we can't seem to find the variable name for the value shown under User shown in an incident record. Does anyone know the name of this variable?
I have SMG appliance with os 10.6 .it works as CC & scanner in the same time both outbound & inbound scanner are configured on the 2 interfaces I will need to move it to new DMZ so all IP addresses , static routes & default route nteed to be changed what is the best practice to do this as I tried to change it for testing from webconsole and apply the CLI commands but it reverted to old IP addresses after restart
I have SMG which will work as CC & scanner the SMG should be placed between FW & Exchange server what is the best practice of connecting the interfaces Eth0 external to FW or Eth1 ?
and where to implement the outbound & inpound filter
Can Symantec please review the way accounts are created for the SEPM console. Currently you cannot downgrade an admin to a sysadmin, you would
have to delete the current account and then recreate the account with lower permissions.
I would like to seek your help regarding our issue. We are currently downloading windows update and adobe updates. However, out of 173, only 14 users have successfully downloaded and installed windows update. Windows error code is 80244019. I have already tried this kbs: https://support.symantec.com/en_US/article.TECH242437.html and https://support.symantec.com/en_US/article.TECH242434.html but issue still persists. I also tried to whitelist a ClientIP for troubleshooting (no authentication and allow in web access layer) and I also allow windows update and adobe updates in web application but with no luck. We do not understand why some users can download and install windows update successfully but others are not.
Your message addressed to the target domain (faarup.dk) could not be delivered because the mail server responsible for this domain returned a permanent error.
The server returned:
501 Connection rejected by policy [7.7] 20611, please visit www.messagelabs.com/support for more details about this error message.
Message headers follow:
Received: from DESKTOPL45HMO9 ([90.185.116.210]) by architection.net with MailEnable ESMTPA; Tue, 19 Sep 2017 08:07:10 +0200
What's the best approch for this? We need to migrate our SEPM to a new server bu we can' reuse the same IP address, how can we do this? Also we are using SQL Server for the database but we're not going to move it.
we try WDRT but not working as the only user on the disk is locked out.
C:\Program Files (x86)\PGP Corporation\PGP Desktop>PGPwde --status --disk 1
Disk 1 is instrumented by bootguard. Current key is valid.
Drive encrypted Total sectors: 1953521664 highwatermark: 1953521662 reserved start sectors: 2
Authentication needed to decode disk session key.
Failed login attempt lockout enabled. Max failures=5
Failed login lockout triggered
Check --list-users to determine locked out users
Request sent to Disk status was successful
Where in MessageLabs would a person find the settings to:
* Ignore an email domains DNS MX records
* Send directly to another destination such as Office 365 for a specific domain
Now, before everyone goes off their nu...I don't actually want to do this. I'm not crazy, but I need to know where in MessageLabs I would do this so I can tell a 3rd party partner (that is crazy) where to remove this setting (which they refuse to acknowledge they have configured).
We had a SEP 12.1.6 MP5 with external DB connection to our SQL System (SQL Standard 2012 11.0.6523.0)
I want to migrate our SEPM System to a new VM so i did these steps
1. On the OLD i did Upgrade to latest Version 14.0.0 MP2 withoun any issue
2.On the New VM i installed Same Version "14.0.0 MP2" and i connected to the same external SQL DB with the configuration Wizard as a failover server.
3. I Created a new Management server Policy with the New Server and applied to the Group Of clients so they will connect to the new system.
4. All clients that point to the new they connect without issues (All running fine).
Now to my issue:
Since i upgraded to v14.0.0 MP2 i have a lot of errors (every 2min) on SQL server side under "System Event Log" about schannel. I dont know if they come from a connection from the old or from the new system. I suppose they come from both
Event ID 36888
The following fatal alert was generated: 20. The internal error state is 960.
Based on this (support.microsoft.com/en-us/help/3135244/tls-1-2-support-for-microsoft-sql-server) my SQL version supports TLS
How can i resolve the issue without disabling the Schannel Event Log?
I have upgrade my test server. I did not have issue during upgrade, all steps was the same like in previous upgrades. Unfortunately, after upgrade I found an issue. My Manager cannot open GUI when 'Symantec Enpoint Protection Manager API Service" is started. When I stop this service GUI open as expected. I can see in task manager that processes are running but guii wont open :
When I stop this service , manager GUI open corectly:
I do not need a solution (just sharing information)
Hello Symantec team!
Since Settembre 15, 2017, we changed our server provider and we did the installation server from scratch and migrated our services to the newly adquired server/IP.
We are asking you the posibility to make a new evaluation to this IP group, because our mails clients are being rejected.
The IP are:
193.70.107.39
193.70.107.40
193.70.107.41
193.70.107.42
193.70.107.43
193.70.107.48
193.70.107.49
193.70.107.50
193.70.107.51
193.70.107.52
LOG
Sep 19 08:31:09 protection klms-smtp_proxy: Message from <*****@bergaminiroberto.it> to <*****@alice.it> passed
Sep 19 08:31:09 protection postfix/smtpd[11501]: proxy-accept: END-OF-MESSAGE: 250 2.0.0 Ok: queued as DE310FFBC4; from=<*****@bergaminiroberto.it> to=<*****@alice.it> proto=ESMTP helo=<smtpauth.your-mailbox.eu>
Sep 19 08:31:10 protection postfix/smtp[11492]: DE310FFBC4: to=<******@alice.it>, relay=smtp.aliceposta.it[82.57.200.133]:25, delay=0.22, delays=0.06/0/0.09/0.07, dsn=5.0.0, status=bounced (host smtp.aliceposta.it[82.57.200.133] said: 550 mail not accepted from blacklisted IP address [193.70.107.48] (in reply to MAIL FROM command))
Thanks for your time and help, please let me know if you need something else.
I have a problem with sending out encrypted emails using Outlook 2016 and Symantec Encryption Desktop. The odd thing is that I can receive and decrypt emails without any issues, but outgoing emails are blocked.
Outlook is configured to use ports 25 for SMTP and 143 for IMAP. Ougoing server requires authentication and uses the same settings as incoming server.
Symantec Encryption Desktop is configured with email proxy enabled and ports 465 for SMTP and 993 for IMAP, as mail server requires SSL/TLS.
Outlook error message states that the connection was interupted without any further details. Verbose Symantec logs show:
Email Verbose Connection accepted
Email Verbose Found exisiting account list entry for [IP]
Email Verbose Existing entry is [email address]
Email Verbose Proxying SMTP
Email Verbose Attempting to connect to server at [IP]
Email Verbose Attempteing tunneled TLS connection on port 465
Email Verbose Successfull connect on port 465
Email VerboseTLS session established with [mailserver]
Email Error Cannot connect server socket to [IP]
Email Warning Tunneled TLS negotiation with server failed.
When I change the port 25 to 465 in Outlook I can send out emails fine, but I loose the ability to encrypt them.
As this is a test machine - there is no AV software onboard which could be blocking it. Windows Defender and Firewall are disabled completely.
Does anyone know how to get the help to stop calling out to the internet when you click the context help button?
This is really annoying in environments where you cannot browse out of the internal network.
Please could someone provide instructions to revert the help back to checking local files rather than calling out to the internet for additional tech articles.
Local Green Team supports Symantec's goal to reduce GHG emissions by 2025
Publish to Facebook:
No
It started with a mug. The Cape Town, South Africa office connected with Symantec’s Green Team in 2015 when Symantec launched the "One Mug, One Planet" campaign to help reduce paper cup usage across operations by 15 percent. Inspired to minimize their impacts both inside and outside the office, the Cape Town office joined the campaign, making a commitment to use a reusable mug every day.
Two years later, Cape Town has it’s own four-person Green Team, including Wade Corin, Director, Inside Sales; Shieraaz Williams, Facilities Manager; Pia De Freitas, Associate Manager, Inside Sales; and Clarissa De Agrela, Inside Sales / Site Coordinator. Working hand-in-hand with the Employee Resource Groups (ERG), including Community Relations (CR) Committee, Events Committee, Intramural Sports Committee, and Symantec Women’s Action Network (SWAN) they support one another and help drive a certain culture within their location.
Cape Town’s Green Team is focused on making a difference both in the office and within their local communities. With events held at least quarterly ranging from beach clean-ups to building vegetable gardens in low-income communities, the Cape Town Green Team is quite active. The group also organizes events to educate local youths on topics like Cyber Security and Greenhouse Gases and works to inspire these children and teenagers, showing them how they can make a difference in their own communities.
The CR and SWAN committees drove the Veggie Garden Initiative in two of Cape Town’s in-need communities to support the local people living there and help teach them how to grow crops. The volunteer team, led by Natalie George, Yondela Nyongo, and Leeanne De Wit, cleaned up lots, built greenhouses, and planted vegetables, including spinach at three different garden events.
For Shieraaz and Clarissa, joining the Green Team was a chance to not only make a difference in their communities, but to reduce our global carbon footprint. “I chose to join the Green Team as I feel that it is important to understand not only the Greenhouse gas (GHG) effect, but also how we as a Company can make changes, whether they be large or small, to have a positive effect and contribute to the survival of life on earth,” said Clarissa.
In addition to working to help underprivileged communities, Symantec’s Green Team helps support our goal to reduce GHG emissions by thirty percent in ten years (FY15-FY25). In the office, the Green Team supports the local facilities team with identifying cost-cutting and energy reduction initiatives, using lasted technologies to help reduce the energy and carbon footprint. Due to these efforts, over the last two years, the Cape Town office has introduced energy-saving controlled lighting, and is now going a step further with LED lighting solutions to reduce energy even further. The team has also adjusted the HVAC to switch off during none office hours and weekends, and all water coolers are now timer controlled.
On Mandela Day, Symantec’s Cape Town office volunteered with animal welfare charity, FALLEN ANGELS, and spent time caring for dogs at the rescue center.
If you’re wondering about the first mug that started it all, after the success of "One Mug, One Planet", the Cape Town office has stopped using foam cups entirely. Symantec mugs and glassware are offered throughout the office helping the team reduce their waste and carbon footprint.
Cape Town’s Green Team and ERGs will continue to work together to educate and bring awareness to the importance of reducing GHGs and making a difference in the world we live in today. Green Team member Wade Corin knows the importance of leading by example, saying, “Being socially responsible is everyone’s responsibility – If you are not willing to do it, how can you ask others?” As such, the office looks forward to participating in the second annual Global Service Week (GSW), October 9–15, 2017 and hopes you will too. In Cape Town, GSW will include volunteering with SolarBuddy, whose goal is to end the devastating cycle of energy poverty for marginalized communities across the world. Cape Town’s volunteers will build solar light bulbs, giving the gift of light to dozens of children living in energy poverty. They hope you will be inspired to share your gifts in-person or virtually this GSW.
I was recently made the administrator of our SG appliance and, after reading the best practices document on policy, I'm in the process of optimizing our visual policy rules. As such, I'm seeking confirmation that the following rules are redundant.
Destination
Action
Request URL: coral.ccc.centurylink.com
Do Not Cache
Request URL: vga.ccc.centurylink.com
Do Not Cache
Request URL: vgi2.ccc.centuryylink.com <-misspelled in VPM lol
We have a API here that is validating through VIP. The issue is that this API is sending an ID number to VIP for authentication, not the account name as listed in Active Directory. This ID number is an attribute in our Active Directory, and I have configured VIP to pull this attribute using the "VIP User Attributes Settings".
Is it possible for VIP to validate using just that ID attribute field, or if it needs the account name passed along?
