Hi All,

I have a problem I wanted to integrate snac with sepm 12.1 ru 1 mp1, but i have snac setup file version 12.1.ru1. is it possible to integrate snac 12.1ru1 with sepm 12.1ru1 mp1

Regards

Vinod.

Has anyone else had this issue today after upgrading to Windows 10 pro 64bit?

symantec.cloud SEP SB 2013 -  agent will not manually install on client surface pro 3 running windows 10 pro 64bit or update the service via the symantec.cloud portal

1. Manual install of symantec agent on client computer : agent reports not compatible with current version and requires a reboot tpo complete installation - continous message after reboot when attempting to manually install agent again

2. Symantec cloud portal: remove and re-install service from portal - agent on client computer fails to install service with no errors

I was under the impression that Symantec had updated the agent ready for the windows 29th July kick off according to their news update here:

Is anyone else seeing a sudden increase in Trojan.Swifi being quarantined?  In the past 48 hours, we've seen about 40 workstations affected.  The file location is usually in c:\users\xxx123\appdata\local\google\chrome\user data\default\cache\f_003ca9

This amount of detection is very unusual in our environment.

I'm looking to understand what settings are required to perform HTTP monitoring? 

As I understand, in the Agent Configuration, Agent Monitoring tab the "Web" channel checkbox for "HTTP" must be checked.

Assuming that is correct, what, if any, impact do the Application Monitoring settings have to do with what is and isn't detected with HTTP?  For example, within Application Monitoring there is the option for "Network Access" to be checked. Microsoft IE is listed and "Network Access" is checked, however Chrome is not listed.  Yet, in our environment we see HTTP incidents from both IE and Chrome.  So my question is does checking "Network Access" for Application Monitoring have impact on HTTP monitoring? 

Neither the help or admin guide is clear, and it doesn't seem nessaccary because Chrome incidents are detected despite Chrome not being registered in Application Monitoring.

Any help would be appreciated.

Hello all,

We have a Linux deployment of DLP v14, where for all intensive purposes the Enforce server seems to be running properly. The Enforce server is running the Enforce console and the Oracle database. There will be detection servers on their own Linux server connecting back to the Enforce server.

As I said, the installation of the Oracle and Enforce software completed successfully and seem to be running properly.

The first detection server installed was the Network Discovery. The install completed properly, the VontuMonitor and VontuUpdate services start after a reboot or when manually restarted. Our problem is, the filereader does not start. It attempts to and keeps failing.

Both the Enforce and Network Discovery servers are running firewalls to "hide" the ability to VNC into them and force the use of VNC tunneling through SSH. On the Network Discovery server, port 8100 is open (nmap scans show it to be open and available). And the Network Discovery server was successfully added to the Enforce GUI. Wireshark was run on both servers at the same time to check the communications between the servers and traffic was seen flowing between the Enforce and Network Discovery on port 8100. (pcaps avaiable if needed). The directories SymantecDLP in /opt, /var, and /var/log have been chowned to protect:protect.

Here is how the user and group protect are setup:

[root@xxxx]# grep protect /etc/passwd
protect:x:1001:1001::/home/protect:/bin/bash
[root@xxxx]# grep protect /etc/group
protect:x:1001:
[root@xxxx]#

The filereader on the Network Discovery server just will not start.

Anyone have a fix?

Attached is the section of the FileReader0.log from the Network Discovery server showing an attempt to start the filereader.

I'm running PGP Desktop 10.1.1 on W7 32 bit.

I'm using the freeware / non commercial use functionality at home. This gives me PGPZip

The Windoes 10 advisor is saying that I'll need to uninstall PGP during the upgrade.

I'm thinking this requirement may be related to the PGP WholeDisk Encryption or Virtual Disk functionality - and the upgrade would like to see non encrytped disks for the upgrade.

Does anyone know if this assumption would be correct?

I'm guessing PGP Desktop 10.1.1 PGZip functionality will still run on W10 because it is relatively straight forward. I'd think there may be some compatability issues if I was using WDE or Virtual Disks.

Any views?

I've looked for a more recent freeware / homeware version that would provide PGPZip functionality on the Symantec website, and I've found trial products but it is not clear what happens after the trial. Will I have limited functionality or will I have no functionality?

What is the best way forward?

I guess I could just try it. :-)

Thanks

Hi, I have the SMSMSE in 4 Exchange servers. Since July 21 all of them stopped updating the Virus Definition: The last definition is 7/21/2015, Rev 1, after that the 4 servers are presenting some errors every time they tries to download the definition

Running the LiveUpdate manually:

Downloading SMSMSE Virus Definitions WOW64 (1 of 1), failed.
LU6013: LiveUpdate is unable to continue, because a file needed on the server may be corrupt.  Please run LiveUpdate again later.

At the Liveupdate log I found this:

7/28/2015, 23:55:01 GMT -> ERROR - The requested file, 1438098396jtun_ennlu2.x86, is too large (738742546 bytes) for LiveUpdate to start to download.
7/28/2015, 23:55:01 GMT -> Progress Update: DOWNLOAD_FILE_FINISH: - NOTE - URL: "1438098396jtun_ennlu2.x86", Full Download Path: "C:\ProgramData\Symantec\LiveUpdate\Downloads\1438098396jtun_ennlu2.x86" HR: 0x802A0048

Does the definitions are corrupt?

This is the log

////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////
// Start LuComServer
////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////
7/28/2015, 23:54:56 GMT -> LuComServer version: 3.3.0.78
7/28/2015, 23:54:56 GMT -> LiveUpdate Language: English
7/28/2015, 23:54:56 GMT -> LuComServer Sequence Number: 20081210
7/28/2015, 23:54:56 GMT -> OS: Windows NT, Service Pack: 1, Major: 6, Minor: 1, Build: 7601 (64-bit)
7/28/2015, 23:54:56 GMT -> System Language:[0x0409], User Language:[0x0409]
7/28/2015, 23:54:56 GMT -> IE 7 Support
7/28/2015, 23:54:56 GMT -> ComCtl32 version: 6.16
7/28/2015, 23:54:56 GMT -> IP Addresses: ::1, 10.2.1.55, 10.0.0.8, 10.2.1.164
7/28/2015, 23:54:56 GMT -> Loading C:\ProgramData\Symantec\LiveUpdate\Product.Inventory.LiveUpdate
7/28/2015, 23:54:56 GMT -> Opened the product inventory at "C:\ProgramData\Symantec\LiveUpdate\Product.Inventory.LiveUpdate".
7/28/2015, 23:54:56 GMT -> Account launching LiveUpdate is not a logged in user's account
7/28/2015, 23:54:56 GMT -> Combined Product Inventory Flags 0, Permanent Flags 0, Permanent Flags Filter 0
7/28/2015, 23:54:56 GMT -> LiveUpdate flag value for this run is 0
7/28/2015, 23:54:56 GMT -> **** Starting a Silent LiveUpdate Session ****
7/28/2015, 23:54:56 GMT -> ***********************        Start of New LU Session        ***********************
7/28/2015, 23:54:56 GMT -> The command line is -s
7/28/2015, 23:54:56 GMT -> EVENT - SESSION START EVENT - The LiveUpdate session is running in Silent Mode.
7/28/2015, 23:54:56 GMT -> Check for updates to:  Product: LiveUpdate, Version: 3.3.0.78, Language: English.  Mini-TRI file name: liveupdate_3.3.0.78_english_livetri.zip
7/28/2015, 23:54:56 GMT -> LiveUpdate is about to launch a new callback proxy process for product SMSMSE Virus Definitions WOW64 with moniker {F92F8A7B-F111-4db7-B145-6C41E7D6AE94}.
7/28/2015, 23:54:56 GMT -> Starting Callback Proxy Worker thread.
7/28/2015, 23:54:56 GMT -> The callback proxy for moniker {F92F8A7B-F111-4db7-B145-6C41E7D6AE94} was successfully registered with LiveUpdate.
7/28/2015, 23:54:56 GMT -> LiveUpdate successfully launched a new callback proxy process for product SMSMSE Virus Definitions WOW64.
7/28/2015, 23:54:56 GMT -> LiveUpdate is about to execute a PreSession callback for product SMSMSE Virus Definitions WOW64.
7/28/2015, 23:54:56 GMT -> The callback proxy finished executing the callback with a result code of 0x0
7/28/2015, 23:54:56 GMT -> The PreSession callback for product SMSMSE Virus Definitions WOW64 completed with a result of 0x0       
7/28/2015, 23:54:56 GMT -> Progress Update: TRYING_HOST: HostName: "liveupdate.symantecliveupdate.com" URL: "http://liveupdate.symantecliveupdate.com" HostNumber: 0
7/28/2015, 23:54:56 GMT -> Progress Update: TRIFILE_DOWNLOAD_START: Number of TRI files: 0    Downloading LiveUpdate catalog file
7/28/2015, 23:54:56 GMT -> LiveUpdate will download the first Mini-TRI file, liveupdate_3.3.0.78_english_livetri.zip
7/28/2015, 23:54:56 GMT -> Progress Update: DOWNLOAD_BATCH_START: Files to download: 1, Estimated total size: 0
7/28/2015, 23:54:57 GMT -> Progress Update: PRE_CONNECT: Proxy: "(not-available)" Agent: "Symantec LiveUpdate" AccessType: 0x0       
7/28/2015, 23:54:57 GMT -> Progress Update: CONNECTED: Proxy: "(not-available)" Agent: "uI+a48ZhFv22yR7mPWj4LuySWq0UBa4VQAAAAA" AccessType: 0x0       
7/28/2015, 23:54:57 GMT -> Progress Update: DOWNLOAD_FILE_START: URL: "http://liveupdate.symantecliveupdate.com/liveupdate_3.3.0.78_english_livetri.zip", Estimated Size: 0, Destination Folder: "C:\ProgramData\Symantec\LiveUpdate\Downloads"
7/28/2015, 23:55:00 GMT -> HttpSendRequest (status 404): Request failed - File does not exist on the server.
7/28/2015, 23:55:00 GMT -> Progress Update: DOWNLOAD_FILE_FINISH: - NOTE - URL: "http://liveupdate.symantecliveupdate.com/liveupdate_3.3.0.78_english_livetri.zip", Full Download Path: "C:\ProgramData\Symantec\LiveUpdate\Downloads\liveupdate_3.3.0.78_english_livetri.zip" HR: 0x802A0026
7/28/2015, 23:55:00 GMT -> HR 0x802A0026 DECODE: E_HTTP_NOT_FOUND
7/28/2015, 23:55:00 GMT -> Progress Update: DOWNLOAD_BATCH_FINISH: HR: 0x0       , Num Successful: 0
7/28/2015, 23:55:00 GMT -> LiveUpdate will check for Mini-TRI file support on the server since the first Mini-TRI file was not available (liveupdate_3.3.0.78_english_livetri.zip).
7/28/2015, 23:55:00 GMT -> Progress Update: DOWNLOAD_BATCH_START: Files to download: 1, Estimated total size: 0
7/28/2015, 23:55:00 GMT -> Progress Update: DOWNLOAD_FILE_START: URL: "http://liveupdate.symantecliveupdate.com/minitri.flg", Estimated Size: 0, Destination Folder: "C:\ProgramData\Symantec\LiveUpdate\Downloads"
7/28/2015, 23:55:00 GMT -> HttpSendRequest (status 304): Request succeeded - File up to date so download is not required
7/28/2015, 23:55:00 GMT -> Progress Update: DOWNLOAD_FILE_NOT_MODIFIED: URL: "http://liveupdate.symantecliveupdate.com/minitri.flg", Full Download Path: "C:\ProgramData\Symantec\LiveUpdate\Downloads\minitri.flg"
7/28/2015, 23:55:00 GMT -> Progress Update: DOWNLOAD_FILE_FINISH: URL: "http://liveupdate.symantecliveupdate.com/minitri.flg", Full Download Path: "C:\ProgramData\Symantec\LiveUpdate\Downloads\minitri.flg" HR: 0x0       
7/28/2015, 23:55:00 GMT -> Progress Update: DOWNLOAD_BATCH_FINISH: HR: 0x0       , Num Successful: 1
7/28/2015, 23:55:00 GMT -> Progress Update: HOST_SELECTED: Host IP: "148.243.245.235" URL: "http://liveupdate.symantecliveupdate.com" HostNumber: 0
7/28/2015, 23:55:00 GMT -> Attempting to load SymCrypt...
7/28/2015, 23:55:00 GMT -> SymCrypt.dll does not exist.
7/28/2015, 23:55:00 GMT -> EVENT - SERVER SELECTION SUCCESSFUL EVENT - LiveUpdate connected to server liveupdate.symantecliveupdate.com at path  via a HTTP connection. The server connection connected with a return code of 200, Successfully download TRI file
7/28/2015, 23:55:00 GMT -> LiveUpdate is connected to a server with Mini-TRI file support.  LiveUpdate will download and process the remaining Mini-TRI files.
7/28/2015, 23:55:00 GMT -> Check for updates to:  Product: Automatic LiveUpdate, Version: 3.3.0.78, Language: English.  Mini-TRI file name: automatic$20liveupdate_3.3.0.78_english_livetri.zip
7/28/2015, 23:55:00 GMT -> Check for updates to:  Product: SMSMSE Virus Definitions WOW64, Version: 5.0, Language: SymAllLanguages.  Mini-TRI file name: smsmse$20virus$20definitions$20wow64_5.0_symalllanguages_livetri.zip
7/28/2015, 23:55:00 GMT -> Check for updates to:  Product: Symantec Mail Security For Microsoft Exchange, Version: 1.0, Language: English.  Mini-TRI file name: symantec$20mail$20security$20for$20microsoft$20exchange_1.0_english_livetri.zip
7/28/2015, 23:55:00 GMT -> Progress Update: TRIFILE_DOWNLOAD_END: Number of TRI files: "0"
7/28/2015, 23:55:00 GMT -> Progress Update: TRIFILE_DOWNLOAD_START: Number of TRI files: 3    Downloading Mini-TRI files
7/28/2015, 23:55:00 GMT -> Progress Update: DOWNLOAD_BATCH_START: Files to download: 1, Estimated total size: 0
7/28/2015, 23:55:00 GMT -> Progress Update: DOWNLOAD_FILE_START: URL: "http://liveupdate.symantecliveupdate.com/automatic$20liveupdate_3.3.0.78_english_livetri.zip", Estimated Size: 0, Destination Folder: "C:\ProgramData\Symantec\LiveUpdate\Downloads"
7/28/2015, 23:55:00 GMT -> HttpSendRequest (status 404): Request failed - File does not exist on the server.
7/28/2015, 23:55:00 GMT -> Progress Update: DOWNLOAD_FILE_FINISH: - NOTE - URL: "http://liveupdate.symantecliveupdate.com/automatic$20liveupdate_3.3.0.78_english_livetri.zip", Full Download Path: "C:\ProgramData\Symantec\LiveUpdate\Downloads\automatic$20liveupdate_3.3.0.78_english_livetri.zip" HR: 0x802A0026
7/28/2015, 23:55:00 GMT -> HR 0x802A0026 DECODE: E_HTTP_NOT_FOUND
7/28/2015, 23:55:00 GMT -> Progress Update: DOWNLOAD_BATCH_FINISH: HR: 0x0       , Num Successful: 0
7/28/2015, 23:55:00 GMT -> Progress Update: DOWNLOAD_BATCH_START: Files to download: 1, Estimated total size: 0
7/28/2015, 23:55:00 GMT -> Progress Update: DOWNLOAD_FILE_START: URL: "http://liveupdate.symantecliveupdate.com/smsmse$20virus$20definitions$20wow64_5.0_symalllanguages_livetri.zip", Estimated Size: 0, Destination Folder: "C:\ProgramData\Symantec\LiveUpdate\Downloads"
7/28/2015, 23:55:01 GMT -> HttpSendRequest (status 304): Request succeeded - File up to date so download is not required
7/28/2015, 23:55:01 GMT -> Progress Update: DOWNLOAD_FILE_NOT_MODIFIED: URL: "http://liveupdate.symantecliveupdate.com/smsmse$20virus$20definitions$20wow64_5.0_symalllanguages_livetri.zip", Full Download Path: "C:\ProgramData\Symantec\LiveUpdate\Downloads\smsmse$20virus$20definitions$20wow64_5.0_symalllanguages_livetri.zip"
7/28/2015, 23:55:01 GMT -> Progress Update: DOWNLOAD_FILE_FINISH: URL: "http://liveupdate.symantecliveupdate.com/smsmse$20virus$20definitions$20wow64_5.0_symalllanguages_livetri.zip", Full Download Path: "C:\ProgramData\Symantec\LiveUpdate\Downloads\smsmse$20virus$20definitions$20wow64_5.0_symalllanguages_livetri.zip" HR: 0x0       
7/28/2015, 23:55:01 GMT -> Progress Update: DOWNLOAD_BATCH_FINISH: HR: 0x0       , Num Successful: 1
7/28/2015, 23:55:01 GMT -> LiveUpdate copied the Mini-TRI file from C:\ProgramData\Symantec\LiveUpdate\Downloads\smsmse$20virus$20definitions$20wow64_5.0_symalllanguages_livetri.zip to C:\ProgramData\Symantec\LiveUpdate\Downloads\Tri217\smsmse$20virus$20definitions$20wow64_5.0_symalllanguages_livetri.zip
7/28/2015, 23:55:01 GMT -> Progress Update: UNZIP_FILE_START: Zip File: "C:\ProgramData\Symantec\LiveUpdate\Downloads\Tri217\smsmse$20virus$20definitions$20wow64_5.0_symalllanguages_livetri.zip", Dest Folder: "C:\ProgramData\Symantec\LiveUpdate\Downloads\Tri217"
7/28/2015, 23:55:01 GMT -> Progress Update: UNZIP_FILE_PROGRESS: Extracting file: "liveupdt.grd"
7/28/2015, 23:55:01 GMT -> Progress Update: UNZIP_FILE_PROGRESS: Extracting file: "liveupdt.sig"
7/28/2015, 23:55:01 GMT -> Progress Update: SECURITY_SIGNATURE_MATCHED: GuardFile: "C:\ProgramData\Symantec\LiveUpdate\Downloads\Tri217\liveupdt.grd"
7/28/2015, 23:55:01 GMT -> Progress Update: UNZIP_FILE_FINISH: Zip File: "C:\ProgramData\Symantec\LiveUpdate\Downloads\Tri217\smsmse$20virus$20definitions$20wow64_5.0_symalllanguages_livetri.zip", Dest Folder: "C:\ProgramData\Symantec\LiveUpdate\Downloads\Tri217", HR: 0x0       
7/28/2015, 23:55:01 GMT -> Progress Update: UNZIP_FILE_START: Zip File: "C:\ProgramData\Symantec\LiveUpdate\Downloads\Tri217\smsmse$20virus$20definitions$20wow64_5.0_symalllanguages_livetri.zip", Dest Folder: "C:\ProgramData\Symantec\LiveUpdate\Downloads\Tri217"
7/28/2015, 23:55:01 GMT -> Progress Update: UNZIP_FILE_PROGRESS: Extracting file: "liveupdt.tri"
7/28/2015, 23:55:01 GMT -> Progress Update: UNZIP_FILE_FINISH: Zip File: "C:\ProgramData\Symantec\LiveUpdate\Downloads\Tri217\smsmse$20virus$20definitions$20wow64_5.0_symalllanguages_livetri.zip", Dest Folder: "C:\ProgramData\Symantec\LiveUpdate\Downloads\Tri217", HR: 0x0       
7/28/2015, 23:55:01 GMT -> Progress Update: SECURITY_PACKAGE_TRUSTED: "C:\ProgramData\Symantec\LiveUpdate\Downloads\Tri217\liveupdt.tri"
7/28/2015, 23:55:01 GMT -> Available Update for Product: SMSMSE Virus Definitions WOW64, Version: 5.0, Language: SymAllLanguages, ItemSeqName: VirusDef.  Current Sequence Number: 2015072101, New Sequence Number 2015072803, Update filename 1438098396jtun_ennlu2.x86
7/28/2015, 23:55:01 GMT -> Progress Update: DOWNLOAD_BATCH_START: Files to download: 1, Estimated total size: 0
7/28/2015, 23:55:01 GMT -> Progress Update: DOWNLOAD_FILE_START: URL: "http://liveupdate.symantecliveupdate.com/symantec$20mail$20security$20for$20microsoft$20exchange_1.0_english_livetri.zip", Estimated Size: 0, Destination Folder: "C:\ProgramData\Symantec\LiveUpdate\Downloads"
7/28/2015, 23:55:01 GMT -> HttpSendRequest (status 304): Request succeeded - File up to date so download is not required
7/28/2015, 23:55:01 GMT -> Progress Update: DOWNLOAD_FILE_NOT_MODIFIED: URL: "http://liveupdate.symantecliveupdate.com/symantec$20mail$20security$20for$20microsoft$20exchange_1.0_english_livetri.zip", Full Download Path: "C:\ProgramData\Symantec\LiveUpdate\Downloads\symantec$20mail$20security$20for$20microsoft$20exchange_1.0_english_livetri.zip"
7/28/2015, 23:55:01 GMT -> Progress Update: DOWNLOAD_FILE_FINISH: URL: "http://liveupdate.symantecliveupdate.com/symantec$20mail$20security$20for$20microsoft$20exchange_1.0_english_livetri.zip", Full Download Path: "C:\ProgramData\Symantec\LiveUpdate\Downloads\symantec$20mail$20security$20for$20microsoft$20exchange_1.0_english_livetri.zip" HR: 0x0       
7/28/2015, 23:55:01 GMT -> Progress Update: DOWNLOAD_BATCH_FINISH: HR: 0x0       , Num Successful: 1
7/28/2015, 23:55:01 GMT -> LiveUpdate copied the Mini-TRI file from C:\ProgramData\Symantec\LiveUpdate\Downloads\symantec$20mail$20security$20for$20microsoft$20exchange_1.0_english_livetri.zip to C:\ProgramData\Symantec\LiveUpdate\Downloads\Tri219\symantec$20mail$20security$20for$20microsoft$20exchange_1.0_english_livetri.zip
7/28/2015, 23:55:01 GMT -> Progress Update: UNZIP_FILE_START: Zip File: "C:\ProgramData\Symantec\LiveUpdate\Downloads\Tri219\symantec$20mail$20security$20for$20microsoft$20exchange_1.0_english_livetri.zip", Dest Folder: "C:\ProgramData\Symantec\LiveUpdate\Downloads\Tri219"
7/28/2015, 23:55:01 GMT -> Progress Update: UNZIP_FILE_PROGRESS: Extracting file: "liveupdt.grd"
7/28/2015, 23:55:01 GMT -> Progress Update: UNZIP_FILE_PROGRESS: Extracting file: "liveupdt.sig"
7/28/2015, 23:55:01 GMT -> Progress Update: SECURITY_SIGNATURE_MATCHED: GuardFile: "C:\ProgramData\Symantec\LiveUpdate\Downloads\Tri219\liveupdt.grd"
7/28/2015, 23:55:01 GMT -> Progress Update: UNZIP_FILE_FINISH: Zip File: "C:\ProgramData\Symantec\LiveUpdate\Downloads\Tri219\symantec$20mail$20security$20for$20microsoft$20exchange_1.0_english_livetri.zip", Dest Folder: "C:\ProgramData\Symantec\LiveUpdate\Downloads\Tri219", HR: 0x0       
7/28/2015, 23:55:01 GMT -> Progress Update: UNZIP_FILE_START: Zip File: "C:\ProgramData\Symantec\LiveUpdate\Downloads\Tri219\symantec$20mail$20security$20for$20microsoft$20exchange_1.0_english_livetri.zip", Dest Folder: "C:\ProgramData\Symantec\LiveUpdate\Downloads\Tri219"
7/28/2015, 23:55:01 GMT -> Progress Update: UNZIP_FILE_PROGRESS: Extracting file: "liveupdt.tri"
7/28/2015, 23:55:01 GMT -> Progress Update: UNZIP_FILE_FINISH: Zip File: "C:\ProgramData\Symantec\LiveUpdate\Downloads\Tri219\symantec$20mail$20security$20for$20microsoft$20exchange_1.0_english_livetri.zip", Dest Folder: "C:\ProgramData\Symantec\LiveUpdate\Downloads\Tri219", HR: 0x0       
7/28/2015, 23:55:01 GMT -> Progress Update: SECURITY_PACKAGE_TRUSTED: "C:\ProgramData\Symantec\LiveUpdate\Downloads\Tri219\liveupdt.tri"
7/28/2015, 23:55:01 GMT -> Progress Update: TRIFILE_DOWNLOAD_END: Number of TRI files: "2"
7/28/2015, 23:55:01 GMT -> ********* Finished Finding Available Updates *********

7/28/2015, 23:55:01 GMT -> Progress Update: PATCH_DOWNLOADING_START: Number of patches: 1
7/28/2015, 23:55:01 GMT -> GetUpdates: SMSMSE Virus Definitions WOW64, 5.0, SymAllLanguages ==> 1438098396jtun_ennlu2.x86
7/28/2015, 23:55:01 GMT -> Progress Update: DOWNLOAD_BATCH_START: Files to download: 1, Estimated total size: 738742546
7/28/2015, 23:55:01 GMT -> Progress Update: DOWNLOAD_FILE_START: URL: "1438098396jtun_ennlu2.x86", Estimated Size: 738742546, Destination Folder: "C:\ProgramData\Symantec\LiveUpdate\Downloads"
7/28/2015, 23:55:01 GMT -> HttpSendRequest (status 200): Request succeeded
7/28/2015, 23:55:01 GMT -> ERROR - The requested file, 1438098396jtun_ennlu2.x86, is too large (738742546 bytes) for LiveUpdate to start to download.
7/28/2015, 23:55:01 GMT -> Progress Update: DOWNLOAD_FILE_FINISH: - NOTE - URL: "1438098396jtun_ennlu2.x86", Full Download Path: "C:\ProgramData\Symantec\LiveUpdate\Downloads\1438098396jtun_ennlu2.x86" HR: 0x802A0048
7/28/2015, 23:55:01 GMT -> HR 0x802A0048 DECODE: E_FILE_NOT_TRUSTED
7/28/2015, 23:55:01 GMT -> Progress Update: DOWNLOAD_BATCH_FINISH: HR: 0x802A0048, Num Successful: 0
7/28/2015, 23:55:01 GMT -> HR 0x802A0048 DECODE: E_FILE_NOT_TRUSTED
7/28/2015, 23:55:01 GMT -> EVENT - SESSION END FAILED EVENT - The LiveUpdate session ran in Silent Mode. LiveUpdate found 1 updates available, of which 0 were installed and 1 failed to install.  The LiveUpdate session exited with a return code of 6013, LiveUpdate is unable to continue, because a file needed on the server may be corrupt.  Please run LiveUpdate again later.
7/28/2015, 23:55:02 GMT -> LiveUpdate is about to execute a PostSession callback for product SMSMSE Virus Definitions WOW64.
7/28/2015, 23:55:02 GMT -> ProductRegCom/luProductReg(PID=2836/TID=12080): Successfully created an instance of an luProductReg object!
7/28/2015, 23:55:02 GMT -> ProductRegCom/luProductReg(PID=2836/TID=12080): Path for calling process executable is C:\Program Files (x86)\Symantec\LiveUpdate\LuCallbackProxy.exe.
7/28/2015, 23:55:02 GMT -> ProductRegCom/luProductReg(PID=2836/TID=12080): Destroyed luProductReg object.
7/28/2015, 23:55:02 GMT -> The callback proxy finished executing the callback with a result code of 0x0
7/28/2015, 23:55:02 GMT -> The PostSession callback for product SMSMSE Virus Definitions WOW64 completed with a result of 0x0       
7/28/2015, 23:55:02 GMT -> Successfully released callback {0D7E9ED3-A063-4BB1-B3E6-E826F5D68306}
7/28/2015, 23:55:02 GMT -> LiveUpdate has called the last callback for product SMSMSE Virus Definitions WOW64, so LiveUpdate is informing the callback proxy that it can exit.
7/28/2015, 23:55:02 GMT -> The callback proxy executable for product {F92F8A7B-F111-4db7-B145-6C41E7D6AE94} is exiting with no errors
7/28/2015, 23:55:02 GMT -> ***********************           End of LU Session           ***********************
////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////
// End LuComServer
////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////

Thnaks!

Some of my users have a signing key configured in PGP Desktop. We don't want a signing key, but I can't find a command anywhere to remove it. We don't have anything set in the Master Keys. But when you try to encrypt a file, it always defaults to a signing key instead of <none>. How do I remove the signing key?

Thank you!!

Chuck

Unable to install SEP client on a 2003 Server Os - Rolling back action

No error message

Event Viewer the "Error: Symantec Endpoint Protection cannot be installed without 32-bit application support"

Note: Please suggest on how to check the 32 bit application support is enabled or disabled in 2003 server

​When using Email Security.cloud Track & Trace feature, the page does not render properly in Safari. Im testing on Mavericks 10.9.5 and Yosemite 10.10.5 (Safari Version 9).  Track & Trace page shows two "search" buttons. Pressing either button yields no results. Pressing a second time produces the below captioned error. I found another reference to the same issue linked below. Is Safari explicity unsupported? What is the support status of Safari on all of the .cloud suite of products?

https://www-secure.symantec.com/connect/forums/issue-messagelabs-track-trace-and-safari-71

Hello,

I am trying to get a Cisco AnyConnect Mobility Client to work with the SEP 12.1.6 client.

When I attempt to run the AnyConnect I get an error stating:

"The VPN client driver encountered an error. Please restart your computer or device , then try again"

I currently have the following exceptions for the AnyConnect client:

• DNS or Host File Change exception
• Application Exception
• File Exception
• Tamper protection

Even with these exceptions I still recieve the VPN client error above.

Originally I was receiving a SONAR error (shown in the SEPM logs and Windows Events on the client) because the AnyConnect client was trying to update the Hosts file. But once I added the first exception "DNS or Host File Change exception" the error in the SEP client and Event Logs disappeared but the connection problem did not ("The VPN client driver encountered an error. Please restart your computer or device , then try again")

Any suggestions other on how to not scan this application?

Cheers :)

Cameron Mottus

Guys

A quick question.

Im a little confused about single gup setup.

If i setup a single GUP, does that mean all clients in my SEPM site will get its update from the GUP? (No matter what subnet they are on?).

Thanks, DM.

After upgrading our SEPM to SEP12 RU6, we are noticing a few clients that have a new icon in the Health state column that looks like a text and magnifying glass. After clicking on it , it displays "Detailed Threat Analysis" report with risks/virusses that the machine had almost 2-3 months back. Is there any way of clearing this as the machine does not have any more risks/events logged for it? By the way, the clients are on RU4MP1 so I can't do the Power scan analysis option...

Any ideas?

Hi,

I dont know if I gave them any password and I need to remove this software. I am not a tech guy so I dont know any complex procedure. Any help would be appreciated

Symantec Endpoint Protection (SEP) adds support for Windows 10 with 12.1.6 MP1.

For Symantec Endpoint Protection 12.1, a maintenance patch has been released on July 29, 2015. Customers will need to be current on maintenance to receive the maintenance patch update. For more information, visit our SEP 12.1 Windows 10 Knowledge Base.

You can upgrade to Windows 10 with Symantec Endpoint Protection 12.1.6 MP1 installed. You must uninstall earlier versions of Symantec Endpoint Protection. The operating system upgrade stops if it detects an earlier version of Symantec Endpoint Protection.

The following operating system upgrade paths are supported with 12.1.6 MP1 installed:

• Windows 8.1 to Windows 10
• Windows 8 to Windows 10
• Windows 7 to Windows 10

For more details check the following article:

http://www.symantec.com/docs/INFO2746

SEP Knowledgebase:

https://support.symantec.com/en_US/endpoint-protection.54619.html

Hi Team,

IPS- Need Information on this,

How this works and if we enabled,Is there any impact to users. Do we need to take care of any exculssion before we enable IPS.

Is there any specifc version which this works on.

Hello, I got an alert that LiveUpdateSvc got quarantined. Here's the alert below,

At least one security risk found:

Risk name: WS.Reputation.1
File path: LiveUpdateSvc
Event time: Jul 30, 2015 9:18:23 AM
Database insert time: Jul 30, 2015 9:20:08 AM
Source: Real Time Scan
Description: 

Why is SEP quarantining LiveUpdateSvc and do I need to take any action?

The IT Analyst responsible for imaging all of our laptops is having a problem logging on after installing the SEE Management and FDE agents,  it doesn’t accept the Analyst credentials after installing the agents on start-up via GPO but will accept anyone else’s.

It’s a strange problem that I have no explanation for…very annoying. The Analyst domain account is a local administrator of the machines.

Steps on build

Image laptop with Windows 7

Add laptop to the domain

Log onto Laptop with Domain login (local admin rights)

Add machine into Active Directory location where group policy for SEE packages are applied

Perform gpupdate / force and reboot – Packages install successfully

Log onto the machine at Windows screen with Domain login

Shut down and restart the computer

Use the same Domain log in credentials to access SEE screen

It doesn’t work, credentials are invalid!

Unlock the machine

Analyst then Use’s helpdesk tool (F4 option) to bypass the SEE pre-boot screen to get access back onto machine – at least that works fine!!

Analyst Logs on successfully at Windows login screen

Logs off and asks a different user to log on, this works with a standard domain user account!! (not local admin)

Shut down and restart the computer

Standard user uses the same log in credentials to access SEE screen

It works under that account!

Try again

Log standard user off to get back to Windows Login screen, Analyst logs on

Shut down and restart

Use’s the same log in credentials to access SEE screen

It doesn’t work!

I’ve absolutely no idea or explanation … I need to get to the bottom of this in case it happens to anyone else.

If I run the below command on the laptop I can see the analysts domain account is registered correctly as a windows user, attribute is set to: S for single sign on

“C:\Program Files\Symantec\Endpoint Encryption Clients\Drive Encryption\eedAdminCli.exe” –list-users –au FDEadmin --ap Pass

Can anyone shed any light on this or give some troubleshooting steps on where I go next…..

Thanks 

Hello, 

troubleshooting Invisible silent enrollment problem, 

Error in PHPlog.txt is 

*A 19:21:52 ----- Encryption Desktop started -----
*A 19:21:52 Encryption Desktop 10.3.2 (Build 16620) (16620)
*A 19:21:52 Today's date is Thursday, July 30, 2015
IP 19:21:54 Setting logging level to: normal
IP 19:21:58 Initiating daily maintenance procedures
EP 19:21:58 Certificate Enrollment has failed with error: PGPError #-10970 (-10970)
*A 19:22:14 ----- Encryption Desktop stopped -----

PHPssoLog.txt is

SSO Enrollment Log
Passed PGP_INSTALL_DISABLESSOENROLL registry check
Attempting to impersonate user...
Username is *bd101105* on domain *sgs.socgen*.
DsGetDcName *\\sgs-dc001.sgs.socgen*.
NetUserGetInfo *\\sgs-dc001.sgs.socgen* *bd101105*.
LoadUserProfile *\\sgs-dc001.sgs.socgen* *bd101105* **.
LoadUserProfile Succeeded
Impersonate user OK!
Passed impersonation
Saving SSO password...
Universal server: crypto.sgs.socgen
Created user app data folder: C:\Users\bd101105\AppData\Roaming\PGP Corporation\PGP\
Common app data folder: C:\ProgramData\PGP Corporation\PGP\
PGPtrustedcerts.asc path: C:\ProgramData\PGP Corporation\PGP\PGPtrustedcerts.asc
orgkey.asc path: C:\ProgramData\PGP Corporation\PGP\orgkey.asc
PGPsso.dat path: C:\Users\bd101105\AppData\Roaming\PGP Corporation\PGP\PGPsso.dat
PGPprefs.xml path: C:\Users\bd101105\AppData\Roaming\PGP Corporation\PGP\PGPprefs.xml
Deleting old PGPsso.dat file.
Non-fatal error: Pref file doesn't exist
Using orgkey.asc.
PGPFilterKeySet found 1 keys that matched
sFilterForEncryptKeys found 1 keys that matched
Success: Writing out data!

Encryption server client log is 

 client request <AuthenticateInternalPassphrase> returning fault -11976 (corrupt data)

Everything is setup according to HOWTO77014

Any ideas?

Hello,

I am using SEPM 12.1.3 and I am searching for solution how to schedule a report that could give me all computers that are visible in the SEPM console with their hostnames and SEP clients' versions and optionally their group location. I'd like to schedule this report on a daily basis.

How can I do that?

Thank you in advance for your help.

Best regards,

emz