DCS Agent Linux not working

September 19, 2017, 11:54 am

≫ Next: Issues with Doscan.exe on 12.1.6

≪ Previous: Is it possible to authenticate using a AD attribute versus the username?

$

0

0

I need a solution

After installing the agent and trying to make a test (./sisipsconfig.sh -t) or to see the state (./sisipsconfig.sh -v) of the agent the following appears:

-sh-4.1$ ./sisipsconfig.sh -t
/opt/Symantec/sdcssagent/IPS/bin/sisipsconfigtool: /usr/lib64/libssl.so.10: no version information available (required by /opt/Symantec/sdcssagent/IPS/bin/libcurl.so.4)
/opt/Symantec/sdcssagent/IPS/bin/sisipsconfigtool: /usr/lib64/libcrypto.so.10: no version information available (required by /opt/Symantec/sdcssagent/IPS/bin/libcurl.so.4)
/opt/Symantec/sdcssagent/IPS/bin/sisipsconfigtool: /usr/lib64/libcrypto.so.10: no version information available (required by /opt/Symantec/sdcssagent/IPS/bin/libcurl.so.4)
---------------------------------------------------------------------------
Agent Configuration Tool version 6.7.0.1060
---------------------------------------------------------------------------

Testing connection to server 172.1x.xx.xxx
/opt/Symantec/sdcssagent/IPS/bin/sisipsconfigtool: relocation error: /opt/Symantec/sdcssagent/IPS/bin/libcurl.so.4: symbol SSL_CTX_set_next_proto_select_cb, version libssl.so.10 not defined in file libssl.so.10 with link time reference

-sh-4.1$ ./sisipsconfig.sh -v
/opt/Symantec/sdcssagent/IPS/bin/sisipsconfigtool: /usr/lib64/libssl.so.10: no version information available (required by /opt/Symantec/sdcssagent/IPS/bin/libcurl.so.4)
/opt/Symantec/sdcssagent/IPS/bin/sisipsconfigtool: /usr/lib64/libcrypto.so.10: no version information available (required by /opt/Symantec/sdcssagent/IPS/bin/libcurl.so.4)
/opt/Symantec/sdcssagent/IPS/bin/sisipsconfigtool: /usr/lib64/libcrypto.so.10: no version information available (required by /opt/Symantec/sdcssagent/IPS/bin/libcurl.so.4)
---------------------------------------------------------------------------
Agent Configuration Tool version 6.7.0.1060
---------------------------------------------------------------------------

Server Host List - 172.1x.xx.xxx
Current Management Server - 172.1x.xx.xxx
Port - 443
Protocol - https
Failback Interval - 60 minutes
Utilities Service Port - 2323
CertFile - /opt/Symantec/sdcssagent/IPS/certs/keystore
Tracing - false
Force Retranslation - false
Prevention Feature - enabled

The IPS does not load but IDS yes

# /etc/init.d/sisipsagent restart
SDCSS IPS Agent is not running
Error starting SDCSS IPS Agent
# /etc/init.d/sisidsagent restart
Stopping SDCSS IDS Agent (PID 2311).
SDCSS IDS Agent stopped successfully after 3 seconds
SDCSS IDS Agent started successfully (PID 3042)
# /etc/init.d/sisipsutil restart
Stopping SDCSS Util Service (PID 2666).
SDCSS Util Service stopped successfully after 2 seconds
SDCSS Util Service started successfully (PID 3158)

# tail /var/log/sdcsslog/sisips.err
/opt/Symantec/sdcssagent/IPS/bin/sisipsdaemon: /usr/lib64/libssl.so.10: no version information available (required by /opt/Symantec/sdcssagent/IPS/bin/libcurl.so.4)
/opt/Symantec/sdcssagent/IPS/bin/sisipsdaemon: /usr/lib64/libcrypto.so.10: no version information available (required by /opt/Symantec/sdcssagent/IPS/bin/libcurl.so.4)
/opt/Symantec/sdcssagent/IPS/bin/sisipsdaemon: /usr/lib64/libcrypto.so.10: no version information available (required by /opt/Symantec/sdcssagent/IPS/bin/libcurl.so.4)
/opt/Symantec/sdcssagent/IPS/bin/sisipsdaemon: relocation error: /opt/Symantec/sdcssagent/IPS/bin/libcurl.so.4: symbol SSL_CTX_set_next_proto_select_cb, version libssl.so.10 not defined in file libssl.so.10 with link time reference

# ls -l /opt/Symantec/sdcssagent/IPS/bin/libssl.so.10
ls: cannot access /opt/Symantec/sdcssagent/IPS/bin/libssl.so.10: No such file or directory
# ls -l /usr/lib64/libssl.so.10
lrwxrwxrwx. 1 root root 15 Nov 22  2012 /usr/lib64/libssl.so.10 -> libssl.so.1.0.0
# ls -l /usr/lib64/libcrypto.so.10
lrwxrwxrwx. 1 root root 18 Nov 22  2012 /usr/lib64/libcrypto.so.10 -> libcrypto.so.1.0.0

Server Data:
# uname -a
Linux myserver 2.6.32-279.el6.x86_64 #1 SMP Wed Jun 13 18:24:36 EDT 2012 x86_64 x86_64 x86_64 GNU/Linux
# cat /etc/*release
Red Hat Enterprise Linux Server release 6.3 (Santiago)
Red Hat Enterprise Linux Server release 6.3 (Santiago)

# rpm -qa | grep SYM
SYMCsdcss-6.7.0-1060.x86_64
# rpm -qa | grep sdcss
SYMCsdcss-6.7.0-1060.x86_64

I uninstalled and installed the agent three times and nothing.

Please, your help.

0

---

Issues with Doscan.exe on 12.1.6

September 19, 2017, 1:03 pm

≫ Next: SEP 12.x query

≪ Previous: DCS Agent Linux not working

$

0

0

I need a solution

Our apps team is trying to develop a process that will execute a doscan on a file when it is dropped to a specific folder on a server. They need the process to run and then when it is complete, if the file still exists (was not deleted/quarantined by SEP) , then continues with other processing (non-SEP related). 

The process was working during some initial testing, but now that they started to throw some load, we see multiple doscan.exe process (one for each file dropped) which causes the scans to never complete. We tried to end the task, but we get "Access denied" and the server has to be rebooted. 

Has anyone tried something similar to this before? If so, any luck getting it to work?

I mentioned that this seems like a job for Symantec Protection Engine, but we do not really have that here, so we have been attempting to get this running. 

We also tried the "/A" switch, but since they are waiting for the result of the scan before continuing, this is not an option.

Thanks

Martin

0

SEP 12.x query

September 19, 2017, 1:29 pm

≫ Next: Cleveland Security User Group Meeting - October 18, 2017

≪ Previous: Issues with Doscan.exe on 12.1.6

$

0

0

I need a solution

  Hi,   I am using SEP12.0 in my environment. its support expired 2015. can i go for version upgrade? or go for new licenses.

0

Cleveland Security User Group Meeting - October 18, 2017

September 19, 2017, 1:55 pm

≫ Next: DLP agent with windows 10 not getting registered

≪ Previous: SEP 12.x query

$

0

0

Location: 

First Energy: (Exact Address TBA)

Time: 

Wed, 18 October, 2017 - 9:00 - 13:00 EDT

Please join us for the next Cleveland User Group meeting on October 18th, 2017 from 9:00-1:00 (location details TBA). Come ready to rub elbows with experts in your field! Breakfast and lunch will be served, so come hungry as well. We hope to see you there!

Agenda:

Symantec Strategy – How application isolation changes everything           

SSL Visibility – Why you are probably blind to most threats                                  

SEP 14.1/Endpoint Visibility – What’s new and why SEP is truly the most innovative Endpoint Solution                                     

UnConference Conference – Peer Discussion on self-defined topics      

DLP agent with windows 10 not getting registered

September 19, 2017, 11:16 pm

≫ Next: Local profile folder cannot be deleted due to Symantec Endpoint Protection

≪ Previous: Cleveland Security User Group Meeting - October 18, 2017

$

0

0

I need a solution

Hi

Tried to install DLP agent 14.6.200 package for an end point with Windows 10 OS & found that its not registered in EP server.

Agentinstall.log file reads, “Higher version of the software is already installed” and also an error for Hostname resolution.

Have tried multiple option on the machine, also tried to use Clean_agent tool from Symantec but it is unable to detect the installation.

Have been provided with Manul unisntall of DLP which I have tried on the machine. What could be teh issue?

Regards

Senthil

0

Local profile folder cannot be deleted due to Symantec Endpoint Protection

September 20, 2017, 2:44 am

≫ Next: SEP: Lightningsand.cfd on USB Device

≪ Previous: DLP agent with windows 10 not getting registered

$

0

0

I need a solution

Hello, 

I have a Windows Server 2008 R2 SP1 production environment with Citrix User Profile Management installed. On these servers we are running Symantec Endpoint Protection version 14.0.2349.0100. This in essence utilizes the Windows Roaming profile mechanism and local user profiles are created under C:\Users. Occasionally, I observe the following behavior: 

When a user logs off from Citrix, the corresponding local profile folder under C:\Users is not deleted thus creating issues with Citrix profile properties not being retained as a temporary profile is created on subsequent logon. After having carried out in-depth troubleshooting, the issue is narrowed down to the following folder/file not being deleted. 

• C:\Users\[username]\AppData\Local\Symantec\Symantec Endpoint Protection\Logs\xxyyzz.log

If i try to manually delete these folders I get an "Access is Denied" error and I cannot change the owner of the folders to any domain administrator or local administrator user. 

The above file/folder cannot be deleted due to permissions/security reasons and they are only deleted after server reboot or if I temporarily disable the Symantec client on the affected servers, which of course is not an acceptable fix to the issue. We have tried applying MS hotfix https://support.microsoft.com/en-us/help/2661663/stale-user-profile-folders-are-not-deleted-completely-in-windows-7-or on the affected servers but to no avail.

Do you have any ideas or thoughts? Is this is a known issue with Symantec Endpoint Protection? Is there a Symantec or Microsoft specific patch which fixes this issue?

0

SEP: Lightningsand.cfd on USB Device

September 20, 2017, 4:48 am

≫ Next: Policy Bypasses on IPv6

≪ Previous: Local profile folder cannot be deleted due to Symantec Endpoint Protection

$

0

0

I need a solution

Hi,

one of our customers is facing the following issue. 

When they're running a software that tries to sync files from a USB device, SEP automatically creates a file called Lightningsand.cfd on the device which causes the sync job to fail. The software is not able to exclude certain file extensions. Is there any way to fix this?

Thanks!

0

Policy Bypasses on IPv6

September 20, 2017, 5:08 am

≫ Next: Can't update from 14.0 MP1 to MP2

≪ Previous: SEP: Lightningsand.cfd on USB Device

$

0

0

I need a solution

Hi,

We use IPv4 manual IPs, 

When a client(12.1.6 MP8) tick(select) the checkbox (under local area connection settings) IPv6 : then the result is policy applied to the client simply bypasses.

I mean policy works only on with IPV4.

Any workaround

Thanks,

0

---

Can't update from 14.0 MP1 to MP2

September 20, 2017, 6:11 am

≫ Next: Importing jdb file on SEPM: nothing happens

≪ Previous: Policy Bypasses on IPv6

$

0

0

I need a solution

I'm trying to update my 14.0 MP1 installation as usual, by running the downloaded installer. It asks if i want to update, asks if i want to do DB backup and then it starts updating. Last thing shown is that it is waiting for LiveUpdate. Then it throws a bunch of cmd windows and starts to roll back. And now i have unfunctional SEPM server. Where can i see why it fails to update. Is my install completely broken now and do i have to do clean install now?

0

Importing jdb file on SEPM: nothing happens

September 20, 2017, 6:43 am

≫ Next: issue upgrading management server from 12.1 to 14 mp2

≪ Previous: Can't update from 14.0 MP1 to MP2

$

0

0

I need a solution

I have a SEPM server on an air-gapped network. I've been updating it via a LiveUpdate Administrator server which could connect to the Internet, but now that's become unavailable.

When I copy the jdb files according to this guide https://support.symantec.com/en_US/article.TECH102... , nothing happens. I think the permissions are OK. Lots of sem... users have rights.

I've tried both the dark network definitions (which I want) and the normal definitions:

I'm running version 14.0.2415.0200 on the SEPM server. The server has been upgraded from version 12:

I hope someone can help, maybe let me know which logs I could look at.

Thanks,

Marius

0

issue upgrading management server from 12.1 to 14 mp2

September 20, 2017, 7:16 am

≫ Next: Internet Explorer 11 fail to launch

≪ Previous: Importing jdb file on SEPM: nothing happens

$

0

0

I need a solution

management server running on windows 2008 server.

currently on symantec endpoint protection 12.1 ru6 MP5, wanting to upgrade to latest version,  14.0 MP2

first step is to upgrade the management server, so I have backed up the database, then ended the management server, and then attempted the upgrade.

but each time I attempt upgrade, I get prompt to repair or uninstall instead of upgrading.

am I missing a step?

0

Internet Explorer 11 fail to launch

September 20, 2017, 8:00 am

≫ Next: Feature updates causing problems

≪ Previous: issue upgrading management server from 12.1 to 14 mp2

$

0

0

I need a solution

Just a heads up, we ran into an issue with a handful of Windows 7 x64 workstations with the upgrade from SEPM 12.1 to SEPM14.0 MP2.

Installing the SEP14 client, IE fails to launch.  When users (even local administrators) try to launch IE, via command line or taskbar/start menu/desktop shotcurt, the process starts for a second then silently exits.

We tested different Feature Sets for the installer, and it came down to Advanced Download Protection (which also unchecks SONAR because ADP is a required component).

This isn't affecting all Windows 7 workstations running SEP14 clients (version 14.0.2415.0200), just a handful out of hundreds.  Still trying to isolate the WHY of that.  Has anyone else experienced this behavior?

0

Feature updates causing problems

September 20, 2017, 8:14 am

≫ Next: Setup mail rule

≪ Previous: Internet Explorer 11 fail to launch

$

0

0

I do not need a solution (just sharing information)

I'm an IT Tech at a mid size company and we use Symantec Encryption for our laptops and Surface Pro devices. Recently one of our Surface Pros tried to update to the Creator 1703 version of Windows 10 and it is causing serious problems with the device. On startup the passphrase box appears as normal and I can put in my passphrase and continue. After I hit enter it takes me to the Windows 10 "Choose an Option" blue screen. At this point I have several options; I can choose "Continue" and that takes me back to the Symantec passphrase box. I can trouble shoot to try and reset the whole device, but it tells me the drive is locked even though I just put in the passphrase before I got to this point. The other options are "Use a Device" such as a USB drive, network connection, or Windows recovery DVD. I can't use any of those because I don't have any recovery points or anything. The last option besides "Turn off your PC" is "Use another operating system" which I don't have on this PC. 

Any ideas on how to fix this? Thank you in advance.

0

Setup mail rule

September 20, 2017, 8:38 am

≫ Next: Scheduled Report

≪ Previous: Feature updates causing problems

$

0

0

I need a solution

Hi,

A customer has asked me to create a rule in Symantec Mail Security for Exchange which blocks all mail with certain subject. The subject to be blocked is 'Some text (12345)' being 12345 whatever combination of numbers, but always five.

I have tried to create a Match list with this regular expression: \d\d\d\d\d and called it 'Five digits'. Then, a Content filter rule that scans subject and rule content with match type regular expression (also tried literal string. Content: Contains. Match all items. And in the box below:

Some text(

Five digits

)

But it doesn't work.

How can I achieve this?

0

Scheduled Report

September 20, 2017, 10:11 am

≫ Next: Juniper Pulse

≪ Previous: Setup mail rule

$

0

0

I need a solution

We have a scheduled Client Inventory Details report and it is stating that it is truncated.

We get this message at the bottom:

"The rows in this report have been limited to the maximum specified in your preferences."

We believe the report is limited to 200 entries.  How do we increase that limit?

0

• sepreport.png

---

Juniper Pulse

September 20, 2017, 10:27 am

≫ Next: Can the SEPM versions be different for the Management Servers?

≪ Previous: Scheduled Report

$

0

0

I need a solution

Anyone having problems with Pulse/Juniper host checker failing to recognize last system scan?  Pulse/Juniper ESAP updated August and the version of Endpoing cloud is 22.10.1.10.

Thanks

0

Can the SEPM versions be different for the Management Servers?

September 20, 2017, 1:59 pm

≫ Next: Where Is PGP Virtual Disk?

≪ Previous: Juniper Pulse

$

0

0

I need a solution

Hi, I have a quick question regarding Management Servers and SEPM versions.

I am currently running two SEPM 12.x servers and I am planning on upgrading one of them to SEPM 14.x

Do the Management Servers need to be the same versions?

0

Where Is PGP Virtual Disk?

September 20, 2017, 10:17 pm

≫ Next: Solution for Symantec 14.x : Some Tasks(Move, Install Packages,etc) not Showing up under certain administrator.

≪ Previous: Can the SEPM versions be different for the Management Servers?

$

0

0

I need a solution

I've spent considerable time trying to find any reference to PGP Virtual Disk in Symantec's offerings to no avail.  Does anyone know if this is still available in any Symantec solution?

0

Solution for Symantec 14.x : Some Tasks(Move, Install Packages,etc) not Showing up under certain administrator.

September 21, 2017, 12:10 am

≫ Next: Migrating 12.x to 14.x

≪ Previous: Where Is PGP Virtual Disk?

$

0

0

I do not need a solution (just sharing information)

Click Admin>

Click Click the admin account with problems>

Click Edit the Admin under Tasks>

Click Authentication>

finally change the Active Directory server>

0

Migrating 12.x to 14.x

September 21, 2017, 12:11 am

≫ Next: AD Attribute lookup

≪ Previous: Solution for Symantec 14.x : Some Tasks(Move, Install Packages,etc) not Showing up under certain administrator.

$

0

0

I need a solution

HI,

I would like to ask some assistance. I am planning to upgrade my SEPM 12.x to SEPM 14.x and and OS, I also want to use the same Hostname and IP.

Now I have an existing server :

SERVER01 IP:192.168.0.100 - SEPM 12.x running on Windows 2008, MS SQL 2008

I have created a new server:

SERVER02 IP:192.168.0.200 - SEPM 14.x running on Windows 2012 R2, MS SQL 2008 R2

I want to my SEPM 12.x settings and licenses to the new SEPM 14.x running on server 2012 R2 and end result will be below;

SERVER02 IP:192.168.0.100 - SEPM 14.x running on Windows 2012 R2, MS SQL 2012 R2

Thank you.

Jeff

0