Hi guy
How to replace message in $(exception.last_error) for authentication form ?
Customer need to replace below message with they own message.
- Credentials are missing.
- General authentication failure due to bad user ID or authentication token.
BR
PK
Does DLP Agent support communication through proxy
DLP Server is deployed in AWS, and DLP Agent is deployed inside the company. The client PC access the Internet through proxy.
Does DLP Agent support access to the Internet via a proxy?
Hi All,
We have made a policy to " Monitor File Activity"& "Monitor Registry Activity" on the servers running with SEP Client using the Application & Device Control Policy
We referred the below article for "How to utilize SEP for Incident Response"
https://www.symantec.com/connect/articles/how-util...
We are using SEPM 14.0.1 RU1 MP1 in our environment
Although we are getting logs from the server , the registry logs seems to be fine but the file write logs are not that meaningful as thy say what exe is used but not exactly what file changes have been done like " create,modify or delete"
Can someone help on this so that we can gather logs for user activities on server regarding file creations , modifications or deletions of any files or folders.
Please share any article in this regard
Thanks & Regards
Vivek Parmar
Hi guy
If my proxy SG have only access log main 16G and the Start early upload when sum of all log size reaches is set to16G
The proxy sg is upload log with very big one file 16G or automatic split log file for small size ?
BR
PK
Hi,
Can anyone confirm if Oracle Enterprise Linux is supported/planned to be supported ? Can't see in the list of supported OS', but varius RHEL, CentOS and Fedora aren;t, so it seems strange OEL isn't
Thanks
Hi there,
After runnung 'Download LiveUpdate Content' in SEPM I get the error below:
26 juni 2018 13:56:23 CEST: Symantec Endpoint Protection Manager could not update Virus and Spyware definitions Win64 12.1 RU6. [Site: Site MGMT01] [Server: MGMT01]
26 juni 2018 13:56:23 CEST: Symantec Endpoint Protection Manager could not update Symantec Endpoint Protection Manager Content Catalog 12.1 RU6. [Site: Site MGMT01] [Server: MGMT01]
Anyone any suggestion how to solve this issue?
Sincerely Alex
While Installing SEP SBE Cloud from symantecextractor or Redistirbution Package it shows error message that "Symantec Endpoint Protection stopped working". Application stopped for CEDAR, Symantecextractor and redistribution Packages but Norton Removal Tool works fine.
From CEDAR Log:
CInstallHelper::IsDisableMSIRegKey(694) : Unable to query the DisableMSI value, DisableMSI returns false.
CInstallHelper::IsMSIServerUnavailable(592) : StartService has returned true for MSIServer, and it is in healthy state. dwCurrentState=0x4
I need to find what exactly causing the Problem, I took Process Monitor Logs, when I stopped SVC Host from the Process Monitor than I'm able to run the installer but again it shows error while installing.
We've recently changed our proxy topology from in-line transparent now to WCCP. Our WCCP router ACL forwards all port 80 and 443 traffic to the proxy. The proxy has a number of static bypass entries for both source and destination hosts and networks. We've found that for any session that has a static bypass, the proxy only sees client-initiated packets. This is because for a bypassed session the proxy maintains the client IP address as the source IP when sending the packet to the OCS. The WCCP router simply sends reply packets for these sessions straight to the client, rather than back to the proxy.
That wouldn't necessarily be a problem, but the proxy also sometimes modifies the packets of bypassed sessions by changing payload sizes, thus modifying TCP sequence numbers. Since the client and server are now out of sequence, this causes the session to slow and usually fail.
I don't know if this reflects some problem with router settings or proxy settings. How do we get the router to send the packets back to the proxy? How do we get the proxy to stop modifying packets in bypassed sessions? The only solution we can think of is to move the entire static bypass list to the router, but since that's not mentioned in any documentation as a recommendation or requirement for WCCP, we're unsure what the right course is.
Is WCCP and static bypass fundamentally incompatible? Or is there some configuration change required?
Thanks for any input.
- D
Trying to burn a number of USB sticks with an image and getting Inconsistancy error. Internal Error 8027. At least half of these drives are getting this error. I don't have the option of getting new ones. I have been told to make these work.
Error log says
*********************************
Date : Tue Jun 26 10:08:46 2018
Error Number: (8027)
Message: A GeneralException occurred
Version: 11.0.0.1502 (Dec 4 2006, Build=1502)
OS Version: Professional Service Pack 1 (Build 7601)
Command line arguments:
Active Switches :
AutoName
PathName : 584 ImageRestore.vbs
DumpFile : 1.1:\Users\posluser\Desktop\APTOS GHOST\aptosInstaller.20170330.GHO
DumpPos : 671132489
Last LFO Buffersize : 0
Last LFO Path :
Full Path : 1.1:\Users\posluser\Desktop\APTOS GHOST\aptosInstaller.20170330.GHO
Disk:Partition : 1:1
Drive Letter : C:\
Last LFO Filesystem : Native
FlagImplode : 0
FlagExplode : 3
Operation Details :
Total size.........13469
MB copied..........13462
MB remaining.......7
Percent complete...99%
Speed..............336 MB/min
Time elapsed.......40:03
Time remaining.....0:01
A registry error occurred
Unexpected result - internal error
size > 0
Generated at ..\NtRegistryCell.cpp:57
Any thoughts?
Hi All - I'm looking for a "high level" blocking contingency plan.
How do you and your company implement a Blocking Contingency Plan? Whether its a LOB or a C-Level employee that impacted by blocking, how do they surpass such the challenge?
Thanks in Advance!
I am working on script which will scan perticular file . If files contains virus then script will hanlde accordingly.
Do anyboday have idea how we can implement this ?
Currently I am using below command but it doesnt return any flag by which we can determine whether file is problomatic or not .
sudo /opt/Symantec/symantec_antivirus/sav manualscan -s test.txt
I was looking to see if there was any documentation for best practices as far as updating/changing the uninstall PW for SEP goes? We recently needed to update it and would like to get into the habbit of changing them regularly and wanted to see if there was a suggested interval for this? 90 days, 180 days, a year? If anyone has this info please let me know.
Hi Symantec People.
Need assistance on how to handle the update definition and policy for users that not connected on VPN?
Some users are not connected on VPN - how we can ensure that those clients are using the correct policies?
How we can manage users that not connected on VPN?
We need to move our current SEPM database (Which is on cluster as instance) to New Server Instance which will resultu in new DB IP and hostname
I have gone thorugh all the related articles but I have not really got any exact answers that I need.
Can someone please let me know what are steps need to performed on SEPM sever and how exactly should we point the SEPM to new database ?
Articles I have already gone through are
https://support.symantec.com/en_US/article.TECH132...
https://support.symantec.com/en_US/article.TECH104...
http://www.symantec.com/docs/TECH174821
I know we need to run through "management configuration wizard" and follow next steps, but any detailed answer would be greatly appreciated.
Thank you
Hi;
Upon authentication in an IWA direct realm, to what depth are nested groups returned.
Kindly
Wasfi
Hi;
My understanding is that these cache strores are in the RAM, please correct me if wrong. Also, what is roughly the size of each.
Kindly
Wasfi
Hello - our company just was hit by a "zara 2018" .bip extension ransomeware. We have Symantec Endpoint 14 installed on all of our Windows 7, 8 and 10 clients, as well as our 2008 R2 servers. A Wndows 7 client was the host of the ransomeware, and it went from share to share. Our servers have Symantec Endpoint 14 installed on them as well. Our Symantec Server did not notify me of the activity. The way it was identified is by the user who came into log on to his computer and found the message that all his files were encrypted. Can anyone tell me why the Symantec Endpoint did not detect this intrusion? It also appears that it was before hours so no one had been on the infected client system to initiate the attack via email or other route. I am very concerned & am doubting whether Symantec will catch the next intrusion.
Hello community,
My team and I have been playing around with GSS for a short while now and we seem to be getting nowhere with what we are trying to accomplish.
We have a system that utilizes both Windows and Linux OS's that have built in automation for certain programs and an approved list of applications that can be allowed for security purposes. These systems do not and CAN NOT connect to an external (i.e. Internet) network but are connected internally only to each other. In the past our imaging process consisted of removing the hard drive and connecting it to a secured stand-alone workstation to either build the image or deploy it locally with Clonezilla. Once the image is created, a live image disk is burned and shipped to satellite offices for them to deploy on their systems.
From what I can gather GSS acts as a central management suite for an organization to backup & deploy machines connected to a network. Is it possible for GSS to be installed on a workstation and create an image of an attached external hard drive? As mentioned above there will be zero network connectivity between the workstation and the systems that we need to image, and no additional software can be installed.
Thank you in advanced.
Hi all,
I need to configure some alerts and I view in the options to enable that I can use event code. But where I found the event codes for the DLP. In particular I need to enable an alert when anybody change a policy and change a user.
Where I can find this codes?
Regards,
Carlos Espinoza
Hello - our company just was hit by a "zara 2018" .bip extension ransomeware. We have Symantec Endpoint 14 installed on all of our Windows 7, 8 and 10 clients, as well as our 2008 R2 servers. A Wndows 7 client was the host of the ransomeware, and it went from share to share. Our servers have Symantec Endpoint 14 installed on them as well. Our Symantec Server did not notify me of the activity & it is not recorded in any log file. The way it was identified was by the user who came in & logged onto his computer, and found the message that all his files were encrypted. Can anyone tell me why the Symantec Endpoint did not detect this intrusion? It also appears that it was before hours so no one had been onsite or on the infected client system to initiate the attack via email or other route that we can see. I am very concerned & am doubting whether Symantec will catch the next intrusion. Any advice/input would be greatly appreciated - thanks.