Quantcast
Channel: Symantec Connect - Products - Discussions
Viewing all 19880 articles
Browse latest View live

SEE 8.2.1 MP14 pre-boot authentication

July 30, 2015, 5:47 pm
$
0
0
I need a solution

OS: Windows Server 2k8 R2

Network: a closed secured network

Version: Symantec Endpoint Encryption 8.2.1 MP14

All deployed workstations currently do not require pre-boot authentication.

Question:

1. For pre-boot authentication, can users use their AD accounts to authenticate or do users require to register a separate account?

2. Where can I get more information about the pre-boot feature for SEE?

3. What's the easiest / best way to add the pre-boot feature to the already deployed workstation clients? Will I need to generate a new install package, decrypt the hard drive and re-install with the new SEE install package?

Thank you!

Search

Service Expired but its a new install and trial

July 30, 2015, 7:57 pm
$
0
0
I need a solution

Well I am dissapointed wiht symantec, I have signed up for teh endpoint small business trial, Installed it on 9 machines so far and I am having the following issue. It belives the system is secure, even the host that yesterday warned me today belives it is secure ???? WTF that is scary it should flag issues not mark them safe. Now this sytem had IS on it a while back then was running Security essentials and now has been on the trial of this since yesterday and this is day 1. Even my PC as a sideline whent from IS to endpoint and is warning me I have 2 days left WTF ? the trial expires in 26 september. Symantec wont help as I have not paid money eyt, but why would I pay if I cant help ? there is a logical flaw here. ANyway back to the issue I have used symantec uninstaller to rip out any symantec refrences, I have used CEDAR to rip out all Symetc End point and yet it still belives it is expiring :( and the host and the warnig system tells me everything is fine. This i s very disconcerning. Can any give any advice please?

Capture2.PNGCapture.PNGCapture3.PNG

1438317430

PGP command line: "key invalid" when encrypting for multiple recipients

July 31, 2015, 1:22 am
$
0
0
I need a solution

I got a strange problem: I am using PGP Command Line 10.3.2 build 12281 and I want to encrypt a file for multiple recipients. The public keys of them are imported and signed, and they work fine when used individually ("user1" and "user2" are just placeholders for the real key names):

$ pgp --encrypt test.dat -r "user1"
test.dat:encrypt (0:output file test.dat.pgp)

$ pgp --encrypt test.dat -r "user2"
test.dat:encrypt (0:output file test.dat.pgp)

$ pgp --list-keys|grep -e "user1" -e "user2"

 RSA4 pub  2048/2048 [VT---] 0xD6742E99 user1
 RSA4 pub  2048/2048 [VT---] 0xBAE71BC0 user2

However when used together I get a warning message about an invalid key of the second recipient:

$ rm test.dat.pgp; pgp --encrypt test.dat -r "user1" -r "user2"
0xBAE71BC0:encrypt (3064:key invalid)
test.dat:encrypt (0:output file test.dat.pgp)

When I switch the order of the recipients (...  -r "user2" -r "user1"), then the key of user1 is shown as "invalid". If I use more than 2 recipients, then the "key invalid" line is printed for every recipient specified after the first. The encryption process itself seems to work, an encrypted file is being created. But it leaves me worried and I am wondering why this is happening here.

Am I doing anything wrong?

How to see the license count in Symantec Encryption Management Server

July 31, 2015, 1:27 am
$
0
0
I need a solution

Hey guys,

I''ve been looking around the Symantec Encryption Management Server, and I can't find the license count. Anyone here know this?

Thank you,

Vulnerabilities in SEP Client and SEPM: Upgrade to SEP 12.1 RU6 MP1

July 31, 2015, 1:44 am
$
0
0
I do not need a solution (just sharing information)

Just raising awareness of these known vulnerabilities in all previous releases of the 12.1 Symantec Endpoint Protection Manager (SEPM) and SEP client:

Security Advisories Relating to Symantec Products - Symantec Endpoint Protection Multiple Issues (SYM15-007)
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00

...

The management console for Symantec Endpoint Protection Manager (SEPM) is susceptible to multiple vulnerabilities including SQL Injection, authentication bypass, possible path traversal and the potential for arbitrary file read/write. SEP clients are susceptible to a binary planting vulnerability that could result in arbitrary code running with system privileges on a client.
....

Symantec product engineers verified these issues. SEPM 12.1-RU6-MP1 contains updates that address these issues. Customers should implement the mitigations described below until the available update can be installed to address these issues. Symantec is not aware of exploitation of or adverse customer impact from this issue.

....

CVE

BID

Description

CVE-2015-1486

BID 76074

SEPM Authentication Bypass

CVE-2015-1487

BID 76094

SEPM Arbitrary File Write

CVE-2015-1488

BID 76077

SEPM Arbitrary File Read

CVE-2015-1489

BID 76078

SEPM Privilege Escalation

CVE-2015-1490

BID 76081

SEPM Path Traversal

CVE-2015-1491

BID 76079

SEPM SQL Injection

CVE-2015-1492

BID 76083

SEP Client Binary Planting

Please take measures to upgrade your environment.  Mitigations are also available if it is not possible to upgrade immediately.  Also, ensure that SEP's IPS component is installed and enabled.  The following new IPS signatures will offer protection against attempted exploits of the vulnerabilities:

With thanks and best regards,

Mick

Live update Version: 2.3.4.16 purge errors

July 31, 2015, 1:53 am
$
0
0
I need a solution

Hi,

We have some problems with purge on our LUA server (download and distribute don't intersect with purge schedule), here some logs from server:

2015-07-31 07:30:08,220 [pool-2-thread-5] INFO  cleanCLU.PurgeCluThread  - Server: Default Production Distribution Center -- Not Deleting file as isCZ is false : 1438227827jtun_irev150723007.7z
2015-07-31 07:30:08,220 [pool-2-thread-5] INFO  cleanCLU.PurgeCluThread  - Server: Default Production Distribution Center -- Not Deleting file as isCZ is false : 1438227827jtun_irev150716024.7z
2015-07-31 07:30:08,220 [pool-2-thread-5] INFO  cleanCLU.PurgeCluThread  - Server: Default Production Distribution Center -- Not Deleting file as isCZ is false : 1438227827jtun_irev150714003.7z
2015-07-31 07:30:08,220 [pool-2-thread-5] INFO  cleanCLU.PurgeCluThread  - Purging: Started deleting the updates
2015-07-31 07:30:08,221 [pool-2-thread-5] INFO  cleanCLU.PurgeCluThread  - Server: Default Production Distribution Center --  Deleting file : 1437578062jtun_iron2012_150721003.irn
2015-07-31 07:30:08,267 [pool-2-thread-5] ERROR cleanCLU.PurgeCluThread  - Server: Default Production Distribution Center --  Error while deleteFilesFromServer: java.lang.NullPointerException
java.lang.NullPointerException
    at com.symantec.lua.util.rcl.HttpHelper.deleteFile(Unknown Source)
    at com.symantec.lua.adapter.queue.cleanCLU.PurgeCluThread.deleteFilesFromServer(Unknown Source)
    at com.symantec.lua.adapter.queue.cleanCLU.PurgeCluThread.call(Unknown Source)
    at java.util.concurrent.FutureTask.run(FutureTask.java:262)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:745)
2015-07-31 07:30:08,283 [pool-2-thread-5] INFO  rcl.HttpHelper  - Http Client Stop Connection pool info: Connections in pool: 1 Default max connections: 10 Max active connections:20
2015-07-31 07:30:08,283 [pool-2-thread-5] INFO  threadpool.LUAThreadPool  - Execute: LUA THREAD POOL SIZE: 0 total task count: 6 Active task count: 1
2015-07-31 07:30:08,283 [DistributionCenterPurgeThread30] INFO  cleanCLU.CleanUpThreadPool  - The result returned by thread for base server Default Production Distribution Center is : false
2015-07-31 07:30:08,284 [DistributionCenterPurgeThread30] INFO  cleanCLU.CleanUpThreadPool  - The result returned by thread for base server Default Testing Distribution Center is : false
2015-07-31 07:30:08,284 [DistributionCenterPurgeThread30] INFO  common.CleanUpLock  - Write Lock on CleanUpLock released
2015-07-31 07:30:08,284 [DistributionCenterPurgeThread30] INFO  cleanCLU.CleanUpThreadPool  - ************LUA_PURGING DISTRIBUTION CENTERS_END************
2015-07-31 07:30:08,284 [DistributionCenterPurgeThread30] INFO  cleanCLU.CleanUpThreadPool  - ********************Event End************************
*************************************************
*************************************************

Confusion over "Explicit Group Update Providers" GUPs not becoming GUPs!

July 31, 2015, 3:00 am
$
0
0
I need a solution

Hi all,

I have the following setup which im testing in a lab environment,

I have a central site (named CEN) with a subnet of 10.101.0.0/16 and a remote site (named LON) with subnet 10.111.0.0/16. Clients should download from the GUPs as follows:

Subnet -> GUP

10.101.0.0/16 -> 10.101.0.51 (CEN-FP1)

10.111.0.0/16 -> 10.111.0.51 (LON-FP1)

I have the following liveupdate policy configured at the root level applied to all clients:

1.png

2.png

3.png

The problem is that the GUPs are not becoming a GUP!

I can check on the server and the SharedUpdates folder is not created ... what am I doing wrong?

Thanks in advance

Ben

1438357626

How to access information on a failing disk? Symantec Endpoint Encryption 11.0.1

July 31, 2015, 3:44 am
$
0
0
I need a solution

Hi All,

I recently deployed SEE 11.0.1 and I am facing a big issue. SEE is configured to encrypt all partitions on the hard drives of all my users. 

One of the hard drives is failing and I cannot access windows. I wish to recover the data or repair windows 7 x64.

Unfortunately when I try reinstalling the windows, it sees the partitions as blank. I checked online and there seem to exist Symantec Access and Recovery disks.

I would like to know if these disks can help me solve my problem. If so, where do i download them?

Additional Info

- Machines are running windows 7 (x64 or x86)

- Users authenticate through with there MS Active Directory credentials

- The SEE server is installed on Windows Server 2008

Thanks for your answers.

1438365471
Search

Symantec Encryption Management Server on VMWare vSphere 6

July 31, 2015, 3:46 am
$
0
0
I need a solution

SEMS is yet to be certified for use on VMWare 6, but we're looking to attempt it as we need to migrate SEMS from the physical server we currently use it on. Has anyone here attempted this yet, and did you find any issues?

We use SEMS to provide the webmail system for external users so they can send and receive encrypted email to our Exchange server. We don't use it to encrypt email sent over the Internet and we don't use it for drive encryption.  

Thanks!

Liveupdate error downloading file.

July 31, 2015, 2:14 pm

Symantec Encryption Desktop Exportable Private Keys

August 1, 2015, 10:58 pm
$
0
0
I need a solution

Hello,

I'm pretty new to file system encryption and had a quick question.

What is the downside to having a private key exportable? Is this more of a security risk?

In the situation of getting a new computer, I would assume keys would have to be exportable, otherwise how would you get the private key onto the new machine....?

Also what about this scenario - Say an attacker logged onto my computer somehow, and took a copy of some data that was encrypted with my PGP key, and also took a copy of the pubring.pkr and secring.skr files that Symantec Encryption Desktop creates in c:\users\username\Documents. The data is pretty secure as it uses the whole public/private key technology to encrypt the data, but none of this really matters as all the attacker would need to know is the passphrase for the keyring.

So in the scenario, is the data only as secure as the passphrase used to secure the keyring?

Thanks in advance for the responoses.

Cheers

Peter

Upgrade SEPM from 12.1.5 to 12.1.6

August 3, 2015, 4:29 am
$
0
0
I need a solution

Hi All,

           I want to upgrade my SEPM's from version 12.1.5 to 12.1.6. I have the 12.1.6 install files that I downloaded via Symantec Fileconnect a couple of weeks a go. Are these still the current ones to use as i also need to make sure I have good Windows 10 client compatability. I had an email last week or the week before from Symantec indicating that they would would be issuing an update to cover Windows 10 clients on its release date. But I have seen nothing more since. As I have to go through a change request procedure at work to carry out the updates I was hoping to get this done in one go. Not just to have to update to 12.1.6 and then a few days later have to apply another update patch for the Windows 10 client compatability.

Thanks

PaulC

Endpoint Protection Manager Incremental Firewall Policy

August 3, 2015, 5:10 am
$
0
0
I need a solution

OK so here is the scenario in the clients section inside the SEPM console.

- My Company (default policy)

  - Server Group A (Web Servers) - TCP/80

  - Server Group B (TACACS servers) - TCP/49

  - etc. etc.

Is there a way to define a baseline policy at the "My Company" Level with for example block all inbound except RDP from a specified IP range and SNMP from a single IP.

Then at each Server Group level to use the preceding default policy but append application specific inbound rules.

It seems that you can copy the preceding policy to a lower folder and add rules which is OK but would be a pain when you need to add a new default service to the default policy as you'd need to redo each container to absorp the new rule (unless I'm missing something here..)

I hope this is clear...

Please feel free to ask questions if you need this clarifying at all.

regards

Rob

VULNERABILITIES IN SYMANTEC ENDPOINT PROTECTION 12.1

August 3, 2015, 5:14 am

Exluding specific folder from SEP scan

August 3, 2015, 5:20 am
$
0
0
I need a solution

Hello,

I have SEPM 12.1.5 with 300 SEP clients on several locations.

I need to exclude from schedule scan "users desktop" and "users documents" folders for all workstation in a specify group.

I see "Centralized Exception" solution but i read on symantec forum :

The SEP client does not support the use of UNC paths in exceptions.

I found two prefix : COMMONDESKTOP_DIRECTORY and COMMON_DOCUMENTS.

Someone has already use them ?

Are there other solutions ?

Thanks.

Sébastien

Search

Upgrade sep 12.1.5 to SEP.cloud

August 3, 2015, 5:26 am
$
0
0
I need a solution

Hello,

I want to migrate to SEP.cloud, clients are ok.

but I´ve got a problem on my Server (Server 2008 R2, Exchange, Mail Security for Exchange 7.5).

On the Server I´ll get the error on the install of SEP.Cloud agent : "reboot pending".

Manually uninstalled the 12.1 agent, rebootet the server, but still the same mesage!

What could I do?

Thanks in advance

1438621872

SEP status: not reported yet

August 3, 2015, 7:42 am
$
0
0
I need a solution

Hi All,

A few machines, although online in my network, but showing their "deployment status" as "No Status Reported" after searching them in SEPM console. What could be the issue here? Please suggest.

For reference, screen shot is attached here.

What is Threat Reporter

August 3, 2015, 8:34 am
$
0
0
I do not need a solution (just sharing information)

Hi All,

Could you please let me know waht is Symantec Threat  Reporter and what kind of reports we can create with it.
If possible, please provide Installation, best prctices, etc., documents and sample reports for my understanding.

Thanks & Regards
Vamsikrishna

SQL Database.

August 3, 2015, 8:36 am
$
0
0
I need a solution

Hello,

First of all, Thank you.

Second of all ;), i need to know how can i check the health of an existing SQL database (sem5)

I want to upgrade an old manager (Has been used for some sites. Now we dont use it, cause we had an issue in a replication attempt) befor doing the upgrade i want to be sure if the Database is correpted or not.

I know that dbvalidator.bat can do that, im looking for more :)

best regards.

anekkab

script to Run Clean_Agent.exe with a “Yes” comand automaticly and quite comand

August 3, 2015, 9:56 am
$
0
0
I need a solution

Hi All,

Could anyone help me, please?

I need to send the Clean_Agent from DLP Agent remotely.

How Can a script Run Clean_Agent.exe with a “Yes” comand automaticly and quite comand?

Thank you so much!

Viewing all 19880 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>