Quantcast
Channel: Symantec Connect - Products
Viewing all 21587 articles
Browse latest View live

421 response despite mail being delivered

$
0
0
I need a solution

Hi Symantec,

We operate a cloud-based SaaS service which allows our users to manage marketing emails to their customers.

This is in follow-up to a previous issue, which I believe is now resolved as you have removed us from your throttling.

However, we are now receiving connection timeouts and a 421 response when we can connect. Again, this isn't necessarily a problem, but it would appear that the email is still being delivered to the recipient. Log extract is below.

Can you advise on what this 421 refers to and how we should handle this?

Thanks in advance
David

Log Extract:

[2017.09.22] 06:17:05 [26127] Delivery started for bounce-10-1259-6751-6502204-177@clarity-marketing.com at 06:17:05
[2017.09.22] 06:17:08 [26127] Skipping spam checks: No local recipients
[2017.09.22] 06:17:11 [26127] Sending remote mail for bounce-10-1259-6751-6502204-177@clarity-marketing.com
[2017.09.22] 06:17:11 [26127] Initiating connection to 85.158.143.35
[2017.09.22] 06:17:11 [26127] Connecting to 85.158.143.35:25 (Id: 1)
[2017.09.22] 06:17:11 [26127] Binding to local IP 172.27.226.13:0 (Id: 1)
[2017.09.22] 06:17:32 [26127] Exception connecting to 85.158.143.35 (Id: 1)
[2017.09.22] 06:17:32 [26127] System.Net.Sockets.SocketException (0x80004005): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 85.158.143.35:25
[2017.09.22] 06:17:32 [26127] Binding to local ip '172.27.226.13' failed.  Switched binding to primary local ip.
[2017.09.22] 06:17:32 [26127] Connecting to 85.158.143.35:25 (Id: 2)
[2017.09.22] 06:17:53 [26127] Exception connecting to 85.158.143.35 (Id: 2)
[2017.09.22] 06:17:53 [26127] System.Net.Sockets.SocketException (0x80004005): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 85.158.143.35:25
[2017.09.22] 06:17:53 [26127] Connection to 85.158.143.35 failed (Id: 2)
[2017.09.22] 06:17:53 [26127] Initiating connection to 193.109.254.147
[2017.09.22] 06:17:53 [26127] Connecting to 193.109.254.147:25 (Id: 3)
[2017.09.22] 06:17:53 [26127] Binding to local IP 172.27.226.13:0 (Id: 3)
[2017.09.22] 06:17:56 [26127] Exception connecting to 193.109.254.147 (Id: 3)
[2017.09.22] 06:17:56 [26127] System.Net.Sockets.SocketException (0x80004005): No connection could be made because the target machine actively refused it 193.109.254.147:25
[2017.09.22] 06:17:56 [26127] Binding to local ip '172.27.226.13' failed.  Switched binding to primary local ip.
[2017.09.22] 06:17:56 [26127] Connecting to 193.109.254.147:25 (Id: 4)
[2017.09.22] 06:18:17 [26127] Exception connecting to 193.109.254.147 (Id: 4)
[2017.09.22] 06:18:17 [26127] System.Net.Sockets.SocketException (0x80004005): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 193.109.254.147:25
[2017.09.22] 06:18:17 [26127] Connection to 193.109.254.147 failed (Id: 4)
[2017.09.22] 06:18:17 [26127] Initiating connection to 85.158.139.211
[2017.09.22] 06:18:17 [26127] Connecting to 85.158.139.211:25 (Id: 5)
[2017.09.22] 06:18:17 [26127] Binding to local IP 172.27.226.13:0 (Id: 5)
[2017.09.22] 06:18:38 [26127] Exception connecting to 85.158.139.211 (Id: 5)
[2017.09.22] 06:18:38 [26127] System.Net.Sockets.SocketException (0x80004005): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 85.158.139.211:25
[2017.09.22] 06:18:38 [26127] Binding to local ip '172.27.226.13' failed.  Switched binding to primary local ip.
[2017.09.22] 06:18:38 [26127] Connecting to 85.158.139.211:25 (Id: 6)
[2017.09.22] 06:18:59 [26127] Exception connecting to 85.158.139.211 (Id: 6)
[2017.09.22] 06:18:59 [26127] System.Net.Sockets.SocketException (0x80004005): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 85.158.139.211:25
[2017.09.22] 06:18:59 [26127] Connection to 85.158.139.211 failed (Id: 6)
[2017.09.22] 06:18:59 [26127] Initiating connection to 85.158.137.68
[2017.09.22] 06:18:59 [26127] Connecting to 85.158.137.68:25 (Id: 7)
[2017.09.22] 06:18:59 [26127] Binding to local IP 172.27.226.13:0 (Id: 7)
[2017.09.22] 06:19:01 [26127] Exception connecting to 85.158.137.68 (Id: 7)
[2017.09.22] 06:19:01 [26127] System.Net.Sockets.SocketException (0x80004005): No connection could be made because the target machine actively refused it 85.158.137.68:25
[2017.09.22] 06:19:01 [26127] Binding to local ip '172.27.226.13' failed.  Switched binding to primary local ip.
[2017.09.22] 06:19:01 [26127] Connecting to 85.158.137.68:25 (Id: 8)
[2017.09.22] 06:19:22 [26127] Exception connecting to 85.158.137.68 (Id: 8)
[2017.09.22] 06:19:22 [26127] System.Net.Sockets.SocketException (0x80004005): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 85.158.137.68:25
[2017.09.22] 06:19:22 [26127] Connection to 85.158.137.68 failed (Id: 8)
[2017.09.22] 06:19:22 [26127] Initiating connection to 85.158.139.103
[2017.09.22] 06:19:22 [26127] Connecting to 85.158.139.103:25 (Id: 9)
[2017.09.22] 06:19:22 [26127] Binding to local IP 172.27.226.13:0 (Id: 9)
[2017.09.22] 06:19:43 [26127] Exception connecting to 85.158.139.103 (Id: 9)
[2017.09.22] 06:19:43 [26127] System.Net.Sockets.SocketException (0x80004005): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 85.158.139.103:25
[2017.09.22] 06:19:43 [26127] Binding to local ip '172.27.226.13' failed.  Switched binding to primary local ip.
[2017.09.22] 06:19:43 [26127] Connecting to 85.158.139.103:25 (Id: 10)
[2017.09.22] 06:20:04 [26127] Exception connecting to 85.158.139.103 (Id: 10)
[2017.09.22] 06:20:04 [26127] System.Net.Sockets.SocketException (0x80004005): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 85.158.139.103:25
[2017.09.22] 06:20:04 [26127] Connection to 85.158.139.103 failed (Id: 10)
[2017.09.22] 06:20:04 [26127] Initiating connection to 216.82.251.230
[2017.09.22] 06:20:04 [26127] Connecting to 216.82.251.230:25 (Id: 11)
[2017.09.22] 06:20:04 [26127] Binding to local IP 172.27.226.13:0 (Id: 11)
[2017.09.22] 06:20:04 [26127] Connection to 216.82.251.230:25 from 172.27.226.13:59690 succeeded (Id: 11)
[2017.09.22] 06:20:04 [26127] RSP: 220 *****************************************
[2017.09.22] 06:20:04 [26127] CMD: EHLO mail3.claritygo.com
[2017.09.22] 06:20:05 [26127] RSP: 250-server-11.tower-555.messagelabs.com says EHLO to 46.37.186.167:59690
[2017.09.22] 06:20:05 [26127] RSP: 250-8BITMIME
[2017.09.22] 06:20:05 [26127] RSP: 250-XXXXXXXA
[2017.09.22] 06:20:05 [26127] RSP: 250 PIPELINING
[2017.09.22] 06:20:05 [26127] CMD: MAIL FROM:<bounce-10-1259-6751-6502204-177@clarity-marketing.com>
[2017.09.22] 06:20:05 [26127] RSP: 250 2.0.0 MAIL FROM accepted
[2017.09.22] 06:20:05 [26127] CMD: RCPT TO:<jessica.barrett@principleglobal.com>
[2017.09.22] 06:20:05 [26127] RSP: 421 Service Temporarily Unavailable
[2017.09.22] 06:20:05 [26127] CMD: QUIT
[2017.09.22] 07:20:12 [26127] Sending remote mail for bounce-10-1259-6751-6502204-177@clarity-marketing.com
[2017.09.22] 07:20:12 [26127] Initiating connection to 85.158.143.35
[2017.09.22] 07:20:12 [26127] Connecting to 85.158.143.35:25 (Id: 1)
[2017.09.22] 07:20:12 [26127] Binding to local IP 172.27.226.13:0 (Id: 1)
[2017.09.22] 07:20:33 [26127] Exception connecting to 85.158.143.35 (Id: 1)
[2017.09.22] 07:20:33 [26127] System.Net.Sockets.SocketException (0x80004005): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 85.158.143.35:25
[2017.09.22] 07:20:33 [26127] Binding to local ip '172.27.226.13' failed.  Switched binding to primary local ip.
[2017.09.22] 07:20:33 [26127] Connecting to 85.158.143.35:25 (Id: 2)
[2017.09.22] 07:20:54 [26127] Exception connecting to 85.158.143.35 (Id: 2)
[2017.09.22] 07:20:54 [26127] System.Net.Sockets.SocketException (0x80004005): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 85.158.143.35:25
[2017.09.22] 07:20:54 [26127] Connection to 85.158.143.35 failed (Id: 2)
[2017.09.22] 07:20:54 [26127] Initiating connection to 85.158.137.68
[2017.09.22] 07:20:54 [26127] Connecting to 85.158.137.68:25 (Id: 3)
[2017.09.22] 07:20:54 [26127] Binding to local IP 172.27.226.13:0 (Id: 3)
[2017.09.22] 07:20:55 [26127] Exception connecting to 85.158.137.68 (Id: 3)
[2017.09.22] 07:20:55 [26127] System.Net.Sockets.SocketException (0x80004005): No connection could be made because the target machine actively refused it 85.158.137.68:25
[2017.09.22] 07:20:55 [26127] Binding to local ip '172.27.226.13' failed.  Switched binding to primary local ip.
[2017.09.22] 07:20:55 [26127] Connecting to 85.158.137.68:25 (Id: 4)
[2017.09.22] 07:21:16 [26127] Exception connecting to 85.158.137.68 (Id: 4)
[2017.09.22] 07:21:16 [26127] System.Net.Sockets.SocketException (0x80004005): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 85.158.137.68:25
[2017.09.22] 07:21:16 [26127] Connection to 85.158.137.68 failed (Id: 4)
[2017.09.22] 07:21:16 [26127] Initiating connection to 85.158.139.211
[2017.09.22] 07:21:16 [26127] Connecting to 85.158.139.211:25 (Id: 5)
[2017.09.22] 07:21:16 [26127] Binding to local IP 172.27.226.13:0 (Id: 5)
[2017.09.22] 07:21:17 [26127] Exception connecting to 85.158.139.211 (Id: 5)
[2017.09.22] 07:21:17 [26127] System.Net.Sockets.SocketException (0x80004005): No connection could be made because the target machine actively refused it 85.158.139.211:25
[2017.09.22] 07:21:17 [26127] Binding to local ip '172.27.226.13' failed.  Switched binding to primary local ip.
[2017.09.22] 07:21:17 [26127] Connecting to 85.158.139.211:25 (Id: 6)
[2017.09.22] 07:21:38 [26127] Exception connecting to 85.158.139.211 (Id: 6)
[2017.09.22] 07:21:38 [26127] System.Net.Sockets.SocketException (0x80004005): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 85.158.139.211:25
[2017.09.22] 07:21:38 [26127] Connection to 85.158.139.211 failed (Id: 6)
[2017.09.22] 07:21:38 [26127] Initiating connection to 193.109.254.147
[2017.09.22] 07:21:38 [26127] Connecting to 193.109.254.147:25 (Id: 7)
[2017.09.22] 07:21:38 [26127] Binding to local IP 172.27.226.13:0 (Id: 7)
[2017.09.22] 07:21:59 [26127] Exception connecting to 193.109.254.147 (Id: 7)
[2017.09.22] 07:21:59 [26127] System.Net.Sockets.SocketException (0x80004005): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 193.109.254.147:25
[2017.09.22] 07:21:59 [26127] Binding to local ip '172.27.226.13' failed.  Switched binding to primary local ip.
[2017.09.22] 07:21:59 [26127] Connecting to 193.109.254.147:25 (Id: 8)
[2017.09.22] 07:22:20 [26127] Exception connecting to 193.109.254.147 (Id: 8)
[2017.09.22] 07:22:20 [26127] System.Net.Sockets.SocketException (0x80004005): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 193.109.254.147:25
[2017.09.22] 07:22:20 [26127] Connection to 193.109.254.147 failed (Id: 8)
[2017.09.22] 07:22:20 [26127] Initiating connection to 85.158.139.103
[2017.09.22] 07:22:20 [26127] Connecting to 85.158.139.103:25 (Id: 9)
[2017.09.22] 07:22:20 [26127] Binding to local IP 172.27.226.13:0 (Id: 9)
[2017.09.22] 07:22:21 [26127] Exception connecting to 85.158.139.103 (Id: 9)
[2017.09.22] 07:22:21 [26127] System.Net.Sockets.SocketException (0x80004005): No connection could be made because the target machine actively refused it 85.158.139.103:25
[2017.09.22] 07:22:21 [26127] Binding to local ip '172.27.226.13' failed.  Switched binding to primary local ip.
[2017.09.22] 07:22:21 [26127] Connecting to 85.158.139.103:25 (Id: 10)
[2017.09.22] 07:22:43 [26127] Exception connecting to 85.158.139.103 (Id: 10)
[2017.09.22] 07:22:43 [26127] System.Net.Sockets.SocketException (0x80004005): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 85.158.139.103:25
[2017.09.22] 07:22:43 [26127] Connection to 85.158.139.103 failed (Id: 10)
[2017.09.22] 07:22:43 [26127] Initiating connection to 216.82.251.230
[2017.09.22] 07:22:43 [26127] Connecting to 216.82.251.230:25 (Id: 11)
[2017.09.22] 07:22:43 [26127] Binding to local IP 172.27.226.13:0 (Id: 11)
[2017.09.22] 07:22:43 [26127] Connection to 216.82.251.230:25 from 172.27.226.13:63750 succeeded (Id: 11)
[2017.09.22] 07:22:43 [26127] RSP: 220 *****************************************
[2017.09.22] 07:22:43 [26127] CMD: EHLO mail3.claritygo.com
[2017.09.22] 07:22:43 [26127] RSP: 250-server-11.tower-555.messagelabs.com says EHLO to 46.37.186.167:63750
[2017.09.22] 07:22:43 [26127] RSP: 250-XXXXXXXA
[2017.09.22] 07:22:43 [26127] RSP: 250-PIPELINING
[2017.09.22] 07:22:43 [26127] RSP: 250 8BITMIME
[2017.09.22] 07:22:43 [26127] CMD: MAIL FROM:<bounce-10-1259-6751-6502204-177@clarity-marketing.com>
[2017.09.22] 07:22:44 [26127] RSP: 250 2.0.0 MAIL FROM accepted
[2017.09.22] 07:22:44 [26127] CMD: RCPT TO:<jessica.barrett@principleglobal.com>
[2017.09.22] 07:22:44 [26127] RSP: 421 Service Temporarily Unavailable
[2017.09.22] 07:22:44 [26127] CMD: QUIT
[2017.09.22] 08:22:49 [26127] Sending remote mail for bounce-10-1259-6751-6502204-177@clarity-marketing.com
[2017.09.22] 08:22:49 [26127] Initiating connection to 85.158.139.211
[2017.09.22] 08:22:49 [26127] Connecting to 85.158.139.211:25 (Id: 1)
[2017.09.22] 08:22:49 [26127] Binding to local IP 172.27.226.13:0 (Id: 1)
[2017.09.22] 08:23:10 [26127] Exception connecting to 85.158.139.211 (Id: 1)
[2017.09.22] 08:23:10 [26127] System.Net.Sockets.SocketException (0x80004005): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 85.158.139.211:25
[2017.09.22] 08:23:10 [26127] Binding to local ip '172.27.226.13' failed.  Switched binding to primary local ip.
[2017.09.22] 08:23:10 [26127] Connecting to 85.158.139.211:25 (Id: 2)
[2017.09.22] 08:23:31 [26127] Exception connecting to 85.158.139.211 (Id: 2)
[2017.09.22] 08:23:31 [26127] System.Net.Sockets.SocketException (0x80004005): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 85.158.139.211:25
[2017.09.22] 08:23:31 [26127] Connection to 85.158.139.211 failed (Id: 2)
[2017.09.22] 08:23:31 [26127] Initiating connection to 85.158.137.68
[2017.09.22] 08:23:31 [26127] Connecting to 85.158.137.68:25 (Id: 3)
[2017.09.22] 08:23:31 [26127] Binding to local IP 172.27.226.13:0 (Id: 3)
[2017.09.22] 08:23:32 [26127] Exception connecting to 85.158.137.68 (Id: 3)
[2017.09.22] 08:23:32 [26127] System.Net.Sockets.SocketException (0x80004005): No connection could be made because the target machine actively refused it 85.158.137.68:25
[2017.09.22] 08:23:32 [26127] Binding to local ip '172.27.226.13' failed.  Switched binding to primary local ip.
[2017.09.22] 08:23:32 [26127] Connecting to 85.158.137.68:25 (Id: 4)
[2017.09.22] 08:23:53 [26127] Exception connecting to 85.158.137.68 (Id: 4)
[2017.09.22] 08:23:53 [26127] System.Net.Sockets.SocketException (0x80004005): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 85.158.137.68:25
[2017.09.22] 08:23:53 [26127] Connection to 85.158.137.68 failed (Id: 4)
[2017.09.22] 08:23:53 [26127] Initiating connection to 193.109.254.147
[2017.09.22] 08:23:53 [26127] Connecting to 193.109.254.147:25 (Id: 5)
[2017.09.22] 08:23:53 [26127] Binding to local IP 172.27.226.13:0 (Id: 5)
[2017.09.22] 08:23:54 [26127] Exception connecting to 193.109.254.147 (Id: 5)
[2017.09.22] 08:23:54 [26127] System.Net.Sockets.SocketException (0x80004005): No connection could be made because the target machine actively refused it 193.109.254.147:25
[2017.09.22] 08:23:54 [26127] Binding to local ip '172.27.226.13' failed.  Switched binding to primary local ip.
[2017.09.22] 08:23:54 [26127] Connecting to 193.109.254.147:25 (Id: 6)
[2017.09.22] 08:24:15 [26127] Exception connecting to 193.109.254.147 (Id: 6)
[2017.09.22] 08:24:15 [26127] System.Net.Sockets.SocketException (0x80004005): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 193.109.254.147:25
[2017.09.22] 08:24:15 [26127] Connection to 193.109.254.147 failed (Id: 6)
[2017.09.22] 08:24:15 [26127] Initiating connection to 85.158.143.35
[2017.09.22] 08:24:15 [26127] Connecting to 85.158.143.35:25 (Id: 7)
[2017.09.22] 08:24:15 [26127] Binding to local IP 172.27.226.13:0 (Id: 7)
[2017.09.22] 08:24:36 [26127] Exception connecting to 85.158.143.35 (Id: 7)
[2017.09.22] 08:24:36 [26127] System.Net.Sockets.SocketException (0x80004005): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 85.158.143.35:25
[2017.09.22] 08:24:36 [26127] Binding to local ip '172.27.226.13' failed.  Switched binding to primary local ip.
[2017.09.22] 08:24:36 [26127] Connecting to 85.158.143.35:25 (Id: 8)
[2017.09.22] 08:24:57 [26127] Exception connecting to 85.158.143.35 (Id: 8)
[2017.09.22] 08:24:57 [26127] System.Net.Sockets.SocketException (0x80004005): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 85.158.143.35:25
[2017.09.22] 08:24:57 [26127] Connection to 85.158.143.35 failed (Id: 8)
[2017.09.22] 08:24:57 [26127] Initiating connection to 216.82.251.230
[2017.09.22] 08:24:57 [26127] Connecting to 216.82.251.230:25 (Id: 9)
[2017.09.22] 08:24:57 [26127] Binding to local IP 172.27.226.13:0 (Id: 9)
[2017.09.22] 08:24:57 [26127] Connection to 216.82.251.230:25 from 172.27.226.13:51669 succeeded (Id: 9)
[2017.09.22] 08:24:58 [26127] RSP: 220 *****************************************
[2017.09.22] 08:24:58 [26127] CMD: EHLO mail3.claritygo.coma
[2017.09.22] 08:24:58 [26127] RSP: 250-server-11.tower-555.messagelabs.com says EHLO to 46.37.186.167:51669
[2017.09.22] 08:24:58 [26127] RSP: 250-PIPELINING
[2017.09.22] 08:24:58 [26127] RSP: 250-8BITMIME
[2017.09.22] 08:24:58 [26127] RSP: 250 XXXXXXXA
[2017.09.22] 08:24:58 [26127] CMD: MAIL FROM:<bounce-10-1259-6751-6502204-177@clarity-marketing.com>
[2017.09.22] 08:24:58 [26127] RSP: 250 2.0.0 MAIL FROM accepted
[2017.09.22] 08:24:58 [26127] CMD: RCPT TO:<jessica.barrett@principleglobal.com>
[2017.09.22] 08:24:59 [26127] RSP: 421 Service Temporarily Unavailable
[2017.09.22] 08:24:59 [26127] CMD: QUIT
[2017.09.22] 08:25:04 [26127] Bounce email written to 141402126503.eml
[2017.09.22] 08:25:04 [26127] Delivery for bounce-10-1259-6751-6502204-177@clarity-marketing.com to jessica.barrett@principleglobal.com has completed (Bounced)
[2017.09.22] 08:25:05 [26127] Delivery finished for bounce-10-1259-6751-6502204-177@clarity-marketing.com at 08:25:05[id:141402126127]
0

SERT tool

$
0
0
I need a solution

I found a copy of the SERT tool but it appears to be quite old. I'm going through our documentation but can't find much about it. Can anyone assist?

Kind regards,

Cara

0
1506100533

Problem with Sign-on

$
0
0
I need a solution

Hi,
When we are formatting computer, installing Symantec Endpoint Encryption, adding 6 domain users and 1 local (pgpadmin), and encrypt HDD/SSD, all users can use the computer normally without any problem for next 2-4 month. After they begin have problem with sign-on. In shift time, when one user change another they restart computer, and second user wanna to sign-on in his account - he cannot sign-on by his account, system opens with previous account, not new. What can do we with this problem? Can you give to us any suggestion?
Best Regards,
Kamran Musavi.

0

Downloader Dromedan

$
0
0
I need a solution

Hi,

Kindly suggest a best action to take when any kind of "Downloader.Dromedan Activity" is detected on endpoint.

I need the solution to protect endpoints from these activites and what to do when you detect it.

Thanks in Advance.

0

Red dot in a SEPM Console

$
0
0
I need a solution

Hello,

By mistake I tried to upgrade SEP12 to SEP14 on win2k3 servers. Now on Clients Tab I see red dot on some clients. On Client Properties- Deployment Status: Install failed, incompatible operating system.

How I can remove Red Dot to this hosts?

0

User Groups in VIP Manager

$
0
0
I need a solution

Hi all,

I have User Groups configured in VIP Manager and are syncing users from the VIP Enterprise Gateway just fine. However, in addition to these synced users, I have a few local users in VIP manager that I need to also be in this group. By local users, I mean that I manually added them into VIP Manager because they do not exist in our AD. (this is because of an API we are using that has a few local accounts in it).

Is there a way to manually apply a group label to a User in VIP Manager? I have multiple applications with multiple groups of administrators (for each application) in my VIP manager. I need a way for these "local user accounts" to be put under a specific group which is just seen by a particular administrator group.

Thanks

-Alex

0

Client Deployment Stuck at 0%

$
0
0
I need a solution

Good morning!  We recently upgraded from a Windows Server 2008 R2 server to a newer Windows Server 2012 R2 server.  I installed the management server and restored the database.  Everything seemed successful at first but certain groups never started communicating with the server.  These computers have connections to the server and all other software seems to be working.   When I tried to use the Client Deployment wizard the server sees the clients and allows me to start the deployment process but it always stays at 0% for all clients. I tried sending just the communication file and I tried sending a complete install.  I tried processing the deployment as a group and one at a time to different clients.  I've called tech support but I have had no luck.  I was hoping someone on here might have had a similar situation and may have some suggestions on how to start the troubleshooting process.

0

Scan summary or report on Linux clients

$
0
0
I need a solution

Hello,

Sorry if this question has been asked before. How can i generate or get a list of the manual scan results from our linux clients ?  Doesn't the sav process save the scan results somewhere in a local filesystem Or Is installing SAVLReporter as recommended by Brian , the only option ? I am using Symantec EP version 14 Mp2. 

I am using the following command to run a full system scan:

sav manualscan --scan / 

0

Hard drive failed decrypt

$
0
0
I need a solution

I have a bit of an odd one.  I am a contractor with Naval Sea Systems Command (NAVSEA) in Washington DC.  The Vice Admiral (NAVSEA Commander) had to have his hard drive replaced, and we sent his old drive to our local field service technicians to decrypt the drive with their tool.  They came back and said that the drive failed to decrypt due to "too many bad sectors".  Given that this is a 3-star flag officer, we could not just say "oh well" and we requested assistance from NETWARCOM, who have data recovery tools over and above that of what our local guys have.  They sent the drive back to us saying that it was "partially" decrypted.  The data portion remained encrypted.  We have engaged the services of the Department of Defense Cyber Crimes Center (DC3) because they supposedly had even better tools.  

The following is a quote from the email I received from them :

"Can you please reach out to Symantec and ask how can portion of the drive be decrypted when the drive was previously decrypted.  I would also include that the original drive was non responsive with several sector read errors which is why portion of the drive was not decrypted.  Advanced imaging tools successfully imaged the area of the drive with read errors but have the drive was decrypted.  Also, when the drive is encrypted, is there a unique identifier in the sector?  What is that identifier?"

I know this is a pretty deep dive into the software for this forum, but I had to start somewhere.  Is anyone able to provide answers to the above questions?

Thank you very much.

Timothy David

0

Folder Exclution

$
0
0
I need a solution

Hello:

I've raised the security policies in the Endpoint protection Manager, after that many .exe file started to be blocked (I think it's fine and normal) but, here, the developers create a lot of programs that connects and execute .exe files that the AV block and erase

For example the folder where those files tries to execute is:

c:\users\username_1\appdata\local\apps\2.0\program1.exe

c:\users\username_2\appdata\local\apps\2.0\program2.exe

c:\users\username_3\appdata\local\apps\2.0\program3.exe

And many users run those programs so I can no create an exception for each one. So to prevent this I created the following exception:

%[COMMON_APPPDATA]%\local\apps\2.0\

For 3 days I thought this has solved the problem but today another program in that folder was blocket, could anyone please help me on how to correct develop an exclution?

Thank you.

0

SEPM Reports

$
0
0
I need a solution

I changed the "maximum number of rows in a report table" to 500 but when the report comes out its still the default 200. Can this be fixed?

0

Signature Based Detection?

$
0
0
I need a solution

Hi Team,

We use SEP client Version 14.

Client has detected some files as malicious. But i wanted to understand what type detection it has done?

How can i say the detection is  Singnature based by looking at logs?

Please help me to understand this.

Thanks & Regards

Secroa

0

WSS capability to override block

$
0
0

As an alternative to a "coaching" option, I would like to see an option to give certain users the ability to override a blocked website, but with additional requirements.

In particular, since the WSS doesn't authenticate the user explicitly, I would like to suggest something like what you'd find with a multi-factor authentication prompt.

This is different from coaching in that I could require strong authentication to affirm a user gets to a website (above and beyond clicking a link to continue [coaching]), and I could separate certain types of websites (such as suspicious, peer-to-peer, software downloads, etc. - things which may pose a different type of risk but have a legitimate use case) to require this additional step.

Basically, this would be the process:

  • The website is blocked
  • The user, as long as they have a username that has been sync'd to the cloud (e.g., via Bluecoat auth connector) has a known email address.
  • The user has an option to "confirm override"
  • Upon clicking, the user is sent an email with a link.
  • The user clicks that link, which enables the override.
  • This provides:
    • Intent. The user saw the warning yet continued.
    • Non-repudiation: the user clicked the link in their own email
    • Ultimately, a higher degree of confirmation that this was the intention

Proper encryption for API password?

$
0
0
I need a solution

I'm pulling my hair out being unable to authenticate with the SEPM 14 API. The following is what I think the problem is: "password: The encrypted password to use with the username."

Here's the catch: Encrypted HOW?!

This is the command I'm using to make the test query:

p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px 'Andale Mono'; color: #28fe14; background-color: #000000; background-color: rgba(0, 0, 0, 0.9)} span.s1 {font-variant-ligatures: no-common-ligatures}

curl -v -H "Accept: application/json" -H "Content-Type: application/json" -d @testcreds.json $sepmapi/v1/identity/authenticate

$sepmapi is a variable with the base URL of my SEPM server (https://SEPM_IP:8446/sepm/api)

testcreds.json is a json-formated body that contains the credentials:

p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px 'Andale Mono'; color: #28fe14; background-color: #000000; background-color: rgba(0, 0, 0, 0.9)} span.s1 {font-variant-ligatures: no-common-ligatures}

{"username":"testadmin","password":"PASSWORD","domain":"Default"}

testadmin's password is very simple (to rule out any special character issues).

When I send the request replacing PASSWORD with his plaintext password, this is the response I get from the server:

p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px 'Andale Mono'; color: #28fe14; background-color: #000000; background-color: rgba(0, 0, 0, 0.9)} span.s1 {font-variant-ligatures: no-common-ligatures}

{"errorCode":"401","errorMessage":"Invalid user name or password. Please try again."}

When I send the request using a BASE64 encoded version of the password, this is the response I get back:

p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px 'Andale Mono'; color: #28fe14; background-color: #000000; background-color: rgba(0, 0, 0, 0.9)} span.s1 {font-variant-ligatures: no-common-ligatures}

{"errorCode":"400","errorMessage":"Invalid Username or Password or the account is locked!"}

I have verified multiple times that I am using the correct password and that the account is NOT locked. I've verified the SEPM Domain name (one site, one domain) and the account is a System Administrator.

Two people at support so far are worthless and can't answer my question. Does the password need encrypted? How? Is there something else I'm doing wrong?

Thanks for any insights!

0

SEPM 14 MP2 duplicate VDI machines

$
0
0
I need a solution

Hi,

1. Still i could see duplicate VDI machines in SEP 14 MP2 version which is resulting in n number of offline machines. Symantec said this issue will  be fixed in SEP 14 MP2 but still i see the same as SEP 12. deleting the whole Offline machines is being a very big task and waste of time. is there any way that we could get rid of it apart from Tamper Protection disabling. 

2. while we upgraded to SEP 14 MP2, we realized AD was not synchronized which was not included in part of SEP upgrade. how do we go back to AD authentication. 

3. we deployed SEP 14 client on few machines and could see "Disable Symantec Endpoint Protection" wasn't greyed out. how could we stop this from all machines in our environment. is it not part of our policy? is there any way to grey it out for whole environment? why wasn't it greyed out?

0

How to Change date format for Symantec DLP Incidents

$
0
0

Problem:

DLP incidents showing the date format as MM/DD/YY and you wish to change it to DD/MM/YY

Solution:

By default DLP incidents date format shows as MM/DD/YY (08/29/17) and if you wish to change it to DD/MM/YY (29/08/17), follow the steps given below:

1) Login to the Enforce Server and navigate to \SymantecDLP\Protect\bin

2) Execute the LanguagePackUtility.exe with the argument as shown below:

    LanguagePackUtility.exe  -c  "en_GB"

    

3) After the enforce service is restarted, go to “system” -> “Settings” -> “General” and click “configure” Then change the System Default Language to “English (United Kingdom) - English (United        

    Kingdom)”     

4) Log off and log back in. Then incidents date format should be chnage to DD/MM/YY format

    

Cheers !!!  :)

System requirements for SEP 12.1.2 & 12.1.3

$
0
0

Hello,

Here is system requirements for Symantec Endpoint Protection 12.1.2 and 12.1.3, for enterprise version and Small Business Edition, and Network Access Control.

These sytem requirements for equally to the "enterprise version" and "Small Business" Edition of Symantec Endpoint Protection 12.1 RU2 and 12.1.3, ( Network Access Control is a component of the enterprise version only.)

Specified, all updates, editions, and Service Packs (SPs) for a listed Windows version are supported, e.g. Windows 7 = Windows 7 Home Premium, Professional, and Ultimate editions, all SPs. As Microsoft releases new Service Packs for Windows, these requirements may need to be re-evaluated--the newest Service Pack may require an updated version of the Symantec product.

Here, we include following list of system requirement:

  • Symantec Endpoint Protection Manager
  • Symantec Endpoint Protection client (Windows and Macintosh)
  • Virtual Image Exception Tool (enterprise version only)
  • Symantec Network Access Control client
  • Symantec Network Access Control On-Demand client

Additional requirements:

  • Internationalization requirements

 

                  Symantec Endpoint Protection Manager system requirements
Processor32-bit processor: 1-GHz Intel Pentium III or equivalent minimum
64-bit processor: 2-GHz Pentium 4 with x86-64 support or equivalent minimum
Note :- Intel Itanium IA-64 processors are not supported.
RAM2 GB RAM available minimum
4 GB RAM or more available recommended.
Hard driveSmall Business Edition: 16 GB available minimum; 100 GB available recommended.
Enterprise version: 16 GB available minimum (100 GB recommended) for the management server; 40 GB
available minimum (200 GB recommended) for the management server and a locally installed database.
Display1024 x 768
Operating systemWindows XP (32-bit, SP2 or later; 64-bit, all SPs; all editions except Home)
Windows 7 (32-bit, 64-bit, RTM and SP1; all editions except Starter and Home)
Windows 8 (32-bit, 64-bit)
Windows Server 2003 (32-bit, 64-bit, R2, SP1 or later)
Windows Server 2008 (32-bit, 64-bit, R2, RTM, SP1, and SP2)
Windows Server 2012 (all editions)
Windows Small Business Server 2003 (32-bit)
Windows Small Business Server 2008 (64-bit)
Windows Small Business Server 2011 (64-bit)
Windows Essential Business Server 2008 (64-bit)
Web browserMicrosoft Internet Explorer 7, 8, 9, or 10
Mozilla Firefox 3.6 through 15.0.1
Google Chrome, through 22.0.1229.79
Note: This list of supported browsers applies to the Symantec Endpoint Protection Manager only. 
DatabaseThe Symantec Endpoint Protection Manager includes an embedded database
SQL Server 2005, SP4
SQL Server 2008
SQL Server 2008 R2
SQL Server 2012
               Symantec Endpoint Protection client, Windows and Macintosh system requirements
Processor32-bit processor for Windows: (1-GHz Intel Pentium III or equivalent minimum)
64-bit processor for Windows: (2-GHz Pentium 4 with x86-64 support or equivalent minimum)
32-bit processor for Mac: (Intel Core Solo, Intel Core Duo)
64-bit processor for Mac: (Intel Core 2 Duo, Intel Quad-Core Xeon)
RAMWindows: 512 MB of RAM (1 GB recommended)
Mac: 1 GB of RAM for OS X 10.6; 2 GB for OS X 10.7 and OS X 10.8
Hard diskWindows: 850 MB free hard disk space for the installation (additional space is required for content and logs)
Note: Space requirements are based on NTFS file systems.
Mac: 500 MB of available hard disk space for the installation
Display800 x 600
Operating systemWindows XP Home or Professional (32-bit, SP2 or later; 64-bit, all SPs)
Windows XP Embedded (SP2 or later)
Windows Vista (32-bit, 64-bit)
Windows 7 (32-bit, 64-bit, RTM and SP1)
Windows Embedded Standard 7
Windows 8 (32-bit, 64-bit)
Windows Server 2003 (32-bit, 64-bit, R2, SP1 or later)
Windows Server 2008 (32-bit, 64-bit, R2, SP1, and SP2)
Windows Server 2012 (all editions)
Windows Small Business Server 2003 (32-bit)
Windows Small Business Server 2008 (64-bit)
Windows Small Business Server 2011 (64-bit)
Windows Essential Business Server 2008 (64-bit)
Mac OS X 10.6.8, 10.7 (32-bit, 64-bit); 10.8 (64-bit)
Mac OS X Server 10.6.8, 10.7 (32-bit, 64-bit); 10.8 (64-bit)

Virtual Image Exception Tool (enterprise version only)

The Virtual Image Exception tool must run in one of the following supported virtual environments:

  • VMware ESX 4.0 Update 1 or later
  • Microsoft Hyper-V 2008 or later
  • Citrix XenServer 5.6 or later

The Symantec Endpoint Protection client must meet all of the following requirements:

  • The client must be installed in one of the supported virtual environments.
  • The client must run Symantec Endpoint Protection client software version 12.1 or later.

       Symantec Network Access Control client system requirements

Processor32-bit processor for Windows (Intel Pentium 4 or equivalent recommended)
64-bit processor for Windows (2-GHz Pentium 4 with x86-64 support or equivalent minimum)
Operating systemWindows XP (32-bit, SP2 or later; 64-bit, all SPs)
Windows XP Embedded
Windows Vista (32-bit, 64-bit)
Windows 7 (32-bit, 64-bit)
Windows 8 (32-bit, 64-bit)
Windows Server 2003 (32-bit, 64-bit, R2, SP1 or later)
Windows Server 2008 (32-bit, 64-bit)
Windows Server 2012 (all editions)
Windows Small Business Server 2008 (64-bit)
Windows Essential Business Server 2008 (64-bit)
RAM512 MB of RAM, or higher if required by the operating system
Hard disk32-bit: 300 MB; 64-bit: 400 MB
Display800 x 600

Symantec Network Access Control On-Demand client system requirements

ProcessorWindows: Intel Pentium II 550 MHz (1 GHz for Windows Vista) or faster
Mac: Intel CPU only
Operating systemWindows XP Home or Professional (32-bit, SP2 and SP3)
Windows Vista (32-bit, 64-bit)
Windows 7 (32-bit, 64-bit)
Windows 8 (32-bit, 64-bit)
Windows Server 2003 (32-bit, 64-bit, R2, SP1 or later)
Windows Server 2008 (32-bit, 64-bit, R2)
Windows Server 2012 (all editions)
Windows Small Business Server 2008 (64-bit)
Windows Essential Business Server 2008 (64-bit)
Mac OS X 10.5, 10.6, or 10.7
Hard disl &  RAMDownload size: 9 MB. The amount of free disk space that is needed to run the client: 100 MB.
Physical RAM for either Windows or Mac On-Demand client: 512 MB
Web browserWindows On-Demand Client: Microsoft Internet Explorer 6.0 or later
For Mac On-Demand Client: Apple Safari 4.0 and 5.0; Mozilla Firefox 2.0, 3.0, 3.5, 3.6.3
Display & otherSuper VGA (1,024 x 768) or higher
At least one Ethernet adapter (with TCP/IP installed)

Some Language Requirements and limitations:-

Restrictions apply when you install Symantec Endpoint Protection Manager in a non-English or mixed-language environment.

Computer names, server names, and workgroup names

Non-English characters are supported with the following limitations:

  • Network audit may not work for a host or user that uses a double-byte character set or a high-ASCII character set.
  • Double-byte character set names or high-ASCII character set names may not appear correctly on the Symantec Endpoint Protection Manager console or on the client user interface.
  • A long double-byte or high-ASCII character set host name cannot be longer than what NetBIOS allows. If the host name is longer than what NetBIOS allows, the Home, Monitors, and Reports pages do not appear on the Symantec Endpoint Protection Manager console.

English characters:

  • Deploying a client package to a remote computer.
  • Defining the server data folder in the Management Server Configuration Wizard.
  • Defining the installation path for Symantec Endpoint Protection Manager.
  • Defining the credentials when you deploy the client to a remote computer.
  • Defining a group name.
    You can create a client package for a group name that contains non-English characters. You might not be able to deploy the client package using the Push Deployment Wizard when the group name contains non-English characters.
  • Pushing non-English characters to the client computers.
    Some non-English characters that are generated on the server side may not appear properly on the client user interface. For example, a double-byte character set location name does not appear properly on non-double-byte character set named client computers.

License Activation Wizard:

Do not use double-byte characters in the following fields:

  • First name
  • Last name
  • Company name
  • City
  • State / Province

What NOT to Click 2: The Legend of Curly's Gold

$
0
0

Introduction

This is the nineteenth in my Security Series of Connect articles but the first to reference a sequel starring Billy Crystal, Jack Palance and Jon Lovitz.  For more information on how to keep your enterprise environment secure using often-overlooked capabilities of Symantec Endpoint Protection (and the OS upon which it functions), see Mick's Greatest Hits: Index of Helpful Connect Security Articles.

Symantec Security Response and Technical Support are always advising end users, "Be suspicious and think before you click: Never view, open, or execute any email attachment unless you expect it and trust the sender."  In What NOT to Click we saw how malicious Office attachments (Word, Excel and so on) would attempt to "social engineer" end users into enabling content and unleashing Macro mayhem on their organization.  Office spam is not your attackers' only trick, though.  This article illustrates what recent phishing PDFs look like so that you are not bamboozled into giving away your valuables to identity thieves.

Let me show you.... Part 2

All of the screenshots below are from .pdf documents sent out in recent phishing spam campaigns. Stampedes of these mails are whipped up every day by no-good varmints, in hopes that at least a few unsuspecting newcomers will be trampled.  The mails have .pdf attachments which open in Acrobat Reader and present some sort of message, often imitating a trusted brand (Including "Norton Secured" logos), designed to hoodwink recipients into clicking on a link.  Those links will (usually) open a phishing webpage or (sometimes) download a malicious file.  

The proper ways to fight phishing are with AntiSpam email security tools and end user education

(Thus this helpful illustrated article!) 

These spammed .pdfs are not malicious code, so AntiVirus is not the right tool to stop them.  Symantec classifies these .pdfs as Threat Artifacts.  

These phishing .pdfs are no more valuable to virus-wranglers than lead bricks painted gold.  Round up and submit any samples that slip through to your AntiSpam vendor.  If that vendor is Symantec, instructions are either in:

Spam email missed (False Negative) in Symantec.cloud
http://www.symantec.com/docs/TECH222389

or

Manually submitting missed messages to the Symantec Security Response Center.
http://www.symantec.com/docs/TECH83081

Now, dear reader, I humbly ask your kind pardon in advance for all the Wild West terminology....     

 

It's For Your Own Protection Part 2

Just like with malicious macro spam, phishing spam will often pretend that the end user's necessary actions are done in the cause of Security. "Secured PDF Online Document"!

 Secured PDF Online Document

"View On Adobe" - as if that makes any sense.  If it sounds like a stranger is trying to hornswoggle you, they probably are. 

Here's another very secret and secure example: "This Document is Password Protected" 

 This Document is Password Protected

Yessir, I always trust anything that switches font in mid-sentence

This next phishing lure seems to tell that network security measures are working!  "Your system firewall rules have stored files online.  Show received doc here." 

 Your system firewall rules have stored files online.  Show received doc here.

Now, I am no firewall expert, but... trust me: storing files online ain't what Symantec's firewalls do.  If in doubt about how your company's firewalls work, ask the IT security team.  Guaranteed, that posse will be glad you did rather than blindly clicking.

Wait Mr. Victim, You're Missing Something Part 2

Oh no! "This pdf version is outdated. Click here to preview online"

Outdated? Really?

No thanks!  I'd rather not get bilked out of my riches by some villain.

Packed Full of Goodness! 2

Oh! Excitement!  Someone is sending me a package!  That's always mighty pleasant.

Fake DHL Phishing

Too bad there is no www.dhl.cn site.  And that page presented when clicking "View File" has a different country's TLD, and looks nothing like a legit DHL site....

Fake DHL website for phishing

Please don't send the scammers a present! Don't give 'em nothing.

Here's a similar phishing lure, but for a document....

Fake Dropbox Phishing Lure

Looks official! Why getting a document is dear like a letter from my auntie back East!  Better click....

Fake Dropbox Phishing Page

Wait a tick.... how come this URL is some site in India, by hooky, rather than the legitimate https://www.dropbox.com/ ?  And how come it looks kinda flim-flam

This here's from some bunko artist.

Wait, Is That A Real Stagecoach-?

Now a national chain in the US, Wells Fargo is a bank that dates back to the Gold Rush days of the Wild West.  Here's a screenshot of some modern-day rustler trying to hijack a greenhorn's claim:

 not the real Wells Fargo

"Dear Valued Customer"? The capitalization, punctuation and spelling mistakes are big smoke signals that something's not right.  Stranger yet is that I don't even have one of them WellsaFargo online profiles.  Let's click anyway and see where this trail leads us....

Sample phishing page

What in tarnation-? This website with the long random domain name is about as legitimate as snake oil.

Sometimes The Creative Juices Just Won't Flow 2: The Legend of Curly's Gold

Here are a couple "Coffee Boiler" phishing lures, plumb-lazy offerings by some skunk who would rather sit around the fire all day than do any work.

This one does not bother with any fancy graphics.  "Click HERE to login and unlock file."

 click here to login and unlock the file.

For who?  Why-?  I ain't some dumb dude, no sir.

This next example can't decide it if it is imitating Dropbox or Docusign. 

Lazy Phishing Lure

So font and punctuation are not their strong suit.  And getting the logo turned the right way around.  Maybe the sender of this important document will earn extra credibility bonus points on spelling-?

Lazy phishing page

Nope.

So What Should We Do?

Remember: Curly looked a lot like his twin brother Duke.  Phishing mails and webpages might seem at first glance to be the real McCoy, but ease on back in the saddle, pardner, and take a good, slow gander...

  1. Keep your eyes peeled for pigs in a poke.  That is, low quality text, graphics, phrasing... these are sure give-aways.
  2. Pay close attention to the URLs.  Go to the legit sight rather than being led up whatever blind trail them outlaws planned.
  3. Submit the suspicious mail and its phishing attachment to your AntiSpam vendor.  They will be able to determine if the attachment is safe or something that will dry gultch ya.
  4. Unless you are certain it is safe, leave it be!  Ride off into the sunset, amigo!

Conclusion

Thanking you kindly for reading!  And for cogitating before opening documents or clicking links. 

Final word:  "When in Doubt, don't click it!"

Please leave your weapons at the saloon door and your comments below. 

Blocking Autorun from Device Control

$
0
0
I need a solution

Will I need to still block the Autorun.inf files from running from the Symantec Device Control even though Windows 10 dropped the Autorun feature? Autorun was a security concern in Windows XP.

0

DNS Queries along with proxy enabled web browser

$
0
0
I need a solution

Hi Guys,

I need some clarification on DNS queries by the client PC enabled with web proxy on its browser. 

Whether the PC defined DNS servers will do DNS resolution or the proxy server does it while browsing websites?

If proxy server does the DNS resolution, what is the solution to get the DNS queries directly from the PC defined DNS servers?

0
Viewing all 21587 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>