Quantcast
Channel: Symantec Connect - Products - Discussions
Viewing all 19880 articles
Browse latest View live

Symantec DLP incident retention

January 3, 2017, 11:20 pm
$
0
0
I need a solution

Hello,

This is a query on symantec DLP - We are using endpoint prevent for our environment.

If we have a end user machine which is not connecting to network - how long would the incidents be retained in endpoint. ?

(say if there is an employee who is not connecting to corporate network(endpoint server) for a year - will the incidents be logged in enforce after the machine connects to network after 1 year)

In above scenario what will the maximum data that will show up in incidents - User has copied or transfered data upto 100 Gb or 200 Gb during this period will all this transfer be showing in the enforce console when the machine connects back to network?

Thanks.

0
Search

Risk names

January 4, 2017, 4:19 am
$
0
0
I need a solution

Hello,

i have a risk detected whit Trend and i want to know the name that symantec use for the same risk .

is there any way to know that ?

Exemple of Trend detections:

VAN_RANSOMWARE.UMXX
JS_NEMUCOD.SMK13
JS_NEMUCOD.SMF1
JS_NEMUCOD.SMKYO
W2KM_CERBER.BYX
VAN_DROPPER.UMXX
VAN_MALWARE.UMXX
VAN_BOT.UMXX

Thank you for your answers.

Kind regards

0

Monitor Mainframe Downloads to Endpoint

January 4, 2017, 6:42 am
$
0
0
I need a solution

Has anyone done any work with the DLP endpoint agent to monitor downloads from the mainframe when using a Reflections 3270 client?  If so, have you had good success with this and would you be willing to share information about how you accomplished this?

Thanks,

Ed

0

suspicious activity

January 4, 2017, 7:08 am
$
0
0
I need a solution

Hello,

Today i recieved 2 notification from my SEPM's that i never saw before.
I checked the log files and didnt found anything "suspicious"

The first e-mail: Security alert: suspicious activity from x.x.x.x was detected on Symantec Endpoint Protection Manager 1. Check the log files for details.

right after that from my Symantec Endpoint Protection Manager 2:

All accounts for system administrators are currently locked. Go to the Forgot your password link on the logon page and change your password to unlock an account.

Im not sure but i think the following could have caused this issue:

The first email about suspicious activity from x.x.x.x and on SEPM1 is one and the same server, so SEPM1 detects activity on itself.
After that SEPM2 kicks in and locks all system admin accounts, because SEPM1 might be compromized.
After some research i found the SEP that protects the SEPM1 server had problems updating itself for the past kopple of day, i think somehow SEPM1 marked the update process for the SEP as suspicious activity.
Deinstalled and reinstalled SEP, ran liveupdate, no more e-mails.

Could this be the case?

LEVD

0

Switch SEPM to Symantec Cloud

January 4, 2017, 11:00 am
$
0
0
I need a solution

Hello all,

We have about 50 devices, there are 50 licenses anyway for SEPM. Several Windows server VMs and 40 some clients.  We would like to switch from SEPM to Symantec Cloud.

Currenty we have SEPM 12.1.6 MP5. SEPM runs on a Windows 10 desktop onsite, SEPM 14 does not allow that according to the system requirements so this is necessitating  the switch. We do not have a server to take the installation.

Does anyone have a link to a migration doc?

Additionally, will our current licenses "migrate" to cloud or would we have to purchase new licenses for Cloud?

Appreciate any help, thank you.

0

Broken video link on Connect page

January 4, 2017, 12:45 pm

My IP is rejected by policy [7.7] 11911

January 4, 2017, 5:16 pm
$
0
0
I need a solution 
Hi. Im getting the following error on certain emails I send out:

501 Connection rejected by policy [7.7] 11911, please visit www.messagelabs.com/support for more details about this error message.

The server IP is 103.16.130.29 and its not on any blacklists, can you please check and remove this IP from your ban list?

0

SEPM Not opening...DB stuck at starting..

January 4, 2017, 9:48 pm
$
0
0
I need a solution

Am not able to login into the SEPM...i have checked the forum & tried to run the DB servicer but it stuck at starting...please help me as all clinet systems are in out of date error...

0
Search

Remove "Apply this justification to subsequent dialogs" from User-Cancel Response Rule

January 5, 2017, 12:09 am
$
0
0
I need a solution

I've applied User Cancel response rule. After the eplased timeout seconds, it shows the BLOCK action. And with the same options for User Justification it also provides a checkbox, that says "Apply this justification to subsequent dialogs".
Can the checkbox “Apply this justification to subsequent dialogs resulting from this action”, be removed? Leaving this checkbox ticked is a “lazy” option and allows the user to re-use the same option every time without much consideration.

0

Symantec Management Server

January 5, 2017, 12:26 am
$
0
0
I need a solution

I have one symantec Management Server at primary location (Hyderabad) and I have installed site servers in Delhi, Bangalore and Pune. We have installed 50 machines in each location. All the 150 machines are reporting to primary location (Hyderabad). However, when we look at Delhi location, it shows Delhi machines as well as other 2 location machines (pune and bangalore) and the same is reflecting when we check other locations also (In pune location it shows bangalore and delhi machines and In bangalore it shows Pune and Delhi machines. 

But we want the respective locations to show its machines (50 each) and all 3 location machines should be reflected in primary server. Please assist. 

0

501 Connection rejected by policy [7.7] 13210

January 5, 2017, 1:25 am
$
0
0
I need a solution

Hello,

It is been more than 2 weeks we are facing this issue that our Server's MAIN IP is getting blocked in symantec RBL, However we sent delist request many times but Symantec did not delist our IP, also i am continously checking the mail queue there is no spam found in my server queue.

Here are few failure messages which are related to symantec :

1.

  WDiedrich@zoll.com

    host server4.inboundmx.com [216.82.242.115]

    SMTP error from remote mail server after initial connection:

    501 Connection rejected by policy [7.7] 13210, please visit www.messagelabs.com/support for more details about this error message.

2.

  noman.zahid@shifa.com.pk

    host mta2.nayatel.com [115.186.188.91]

    SMTP error from remote mail server after initial connection:

    554 5.7.1 You are not allowed to connect.

Please check what is the issue with my IP and please unblock.

Server IP: 192.99.35.22

Thank You.

0

Shortcut Virus

January 5, 2017, 2:27 am
$
0
0
I need a solution

Hi,I have detected that some files have become hidden and that the virus has created shortcuts for these folders.

Symantec Endpoint 12.1 RU6 MP4

Windows server 2012 r2 updated

Thank you

0

SEP exclusions for Cisco ISE

January 5, 2017, 4:10 am
$
0
0
I need a solution

Hi all and a Happy New Year everyone.

I have a question. Do any of you know of any exclusions that I may need add to our SEP 12.1 solution that allow Cisco ISE to work without being impeeded by SEP? Any info would be greatly appreciated.

Cheers

PaulC 

0
1483630548

Microsoft Outlook Auto-Protect: Is it worthwhile?

January 5, 2017, 10:55 am
$
0
0
I need a solution

I'm trying to figure out if the outlook protection function under virus protection policy->email scans is worth using.  Here’s all I see in manual regarding the outlook add-in. Downloads incoming Microsoft Outlook email attachments and scans for viruses and security risks when the user reads the message and opens the attachment. Based on this definition this seems to duplicate the file system AV functionality but it will catch a malicious file before the user opens it.  So it is worth it?

We tested it and had some compatibility issues with users who like to modify message subject lines in shared/group mailboxes and have disabled this feature.

Comments?  Thanks.  Paul

0

SEP Found trojan on it own folder

January 5, 2017, 7:36 pm
$
0
0
I need a solution

Hi Guys,

Just purchased SEP and configured the policy. While testing on my PC, i found very weird notification from SEP. It found trojan on it's own folder.

Below are the copy paste from the pop up that i'm getting.

----

Scan type: Auto-Protect Scan

Event: Risk Found!

Security risk detected: Trojan Horse

File: C:\ProgramData\Symantec\DefWatch.DWH\dwh3545.exe

Location: C:\ProgramData\Symantec\DefWatch.DWH

----

hope someone can help me to ensure that it's not actually a trojan and a way to resolve it. i do not want to exclude any folder as a solution.

thank you

Z

0
1483676818
Search

User Policy based on Active Directory

January 5, 2017, 8:34 pm
$
0
0
I need a solution

Hi there,

I have a unique (maybe not) requirement for my users.
i'm blocking most of USB drive from the client PC however, some PC will be shared with some people which are allowed to use USB drive. 

i'm thinking to create a group of users which allowed to use USB drive and link it with SEP. Can it be done?. Or anyone can suggestion another solution.

thank you

Z

0

database "sem5" Problem

January 6, 2017, 1:53 am
$
0
0
I need a solution

Hi everyone.The database processes can no longer runs, so i got:  database "sem5" cache how to clear??

Sorry for my bad English :( 
Thanks

0

Email Notifications

January 6, 2017, 2:16 am
$
0
0
I need a solution

So I had an issue the other day,

Some bright spark thought it would be fun to install McAfee VirusScan (with Agent) on my SEPM server.

I've managed to get McAfee removed and the Symantec client reinstalled but I think since then, it has stopped emailing alert notifications.

The test email works fine but I've not had any alerts, I've been using an EICAR file on the SEPM server and it is displaying the pop-up alert and it is being logged in the SEPM but I don't get an alert email.

I assumed that the SEPM would see EICAR as a Risk Event and trigger the Single Risk Event condition.

Is that wrong?

0

Symantec DLP 14.5 system requirement

January 6, 2017, 3:52 am
$
0
0
I need a solution

Hello,

I am new to symantec DLP implementation, have a query on system requirements for DLP components.

can we deploy/install multiple dlp components on sinlge server in production envirorment, we plan for 3 tier installation and we have around 3K users.

such as endpoint server(prevent and discover) on sinlge server.

storage (Network Discover and Network Protect) on single server.

Network (network prevent for web and email) on one server.

please suggest.

0

Data Loss Prevention Enforce Server traffic

January 6, 2017, 6:32 am
$
0
0
I need a solution

What are the kind of traffic Enforce Server is getting from Detection servers?

0
Viewing all 19880 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>