Hello! recently acquired the license SEP-NEW-S 25-50-1Y. I do not have any previous version installed, is it possible to implement the cloud version (SEP 15) from 0? 

I am new to Symantec and SQL but have learned to create new reports and canned reports. What is the best way to generate a report that will pull the following information?

Computer name

Serial number

Operating System (WIN7, WIN10, etc.)

Machine Type (desktop, laptop, etc)

Hello,

We have an application we use on site that gets flagged every single time the application updates. We've already created an exceptions policy for the web domain and application. Is there a way to whitelist this application so that every time it updates, the new version doesn't get flagged and quarantined? As of now, even though the web domain and the application has been whitelisted, Download Insight flags it which is very annoying. Please advise. Thank you. 

Hi,

When adding exclusions in our SEPM we can't find them in registry under HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Symantec\Symantec Endpoint Protection\AV\Exclusions even in the SYMDIAG the new exclusions are not listed.

Does somebody have the same behaviour / problem ?

Regards,

Sébastien

Hello,

I have an issue with LiveUpdate service on my SEPM. We are running 2 SEPM version 14.2.1031.0100.

LiveUpdate is failing to download and install Virus Definitions since 22/12. I noticed it 1 week ago, I was able to resolve the issue at this time by reinstalling LiveUpdate and rebooting the server.

But now I cannot update the Virus Definitions at all. This is what I've tried :

- Installing virus definitions using a .jdb file. Result : the file is unzipped and then nothing happens.

- Reinstall LiveUpdate. Result : When I try to lauch a LiveUpdate session, I have an error "A LiveUpdate session is already running." but Virus Definitions are not downloading or installing. And no LUALL or LUCOM.exe process are running.

- Launch LUALL.EXE. Result : I see that the virus definitions are downloading, but not installing. LUALL process is blocked at 00 CPU usage. I am forced to restart the server to kill it. And liveupdate.log is not updating after everything has been downloaded.

Attached, the log.liveupdate for review. I did not find any error in this file, maybe you could help me.

If any suggestions, thanks in advance,

Regards,

Axel

Hello, please let me start off by stating if this is not the correct forum or if this has been asked and answered before, I do apologize, and I will try to dig in more and find the answers. 

I am new to SEP and I am looking for some answers on how to whitelist files/traffic/apps that would be flagged by an IPS policy. 

What we are doing is enabling IPS on our remaining Server 2008 environment and what I have done so far is created our groups based on server function and enabled the IPS in an audit only mode to see what it will pickup and block when we remove that check. What I am looking for is how I actually whitelist the files that are being flagged as "malicious". I was really hoping for a simple right-click and whitelist option from either the SEPM or the endpoint and I am not seeing one. So all of that said, I am really hoping that someone in this community might be able to share some advice or best practices on how this should be done. 

Good morning,

It is from many months that an our IP is inserted in your blacklist.

When you try to use your IP removal tools we obtain the following response:

The IP Address 94.76.192.246 was found to have a negative reputation. Reasons for this assessment include:

• The host has been observed sending spam in a format that is similar to snow shoe spamming techniques.
• The host is unauthorized to send email directly to email servers.

We ask to investigate, after we checked all configuration of our server.

If we ask to other sites as Sender Score o Cisco Talos the IP is marked as Good Reputation.

No other blacklist reveal our IP as listed.

In this moment, your blacklist, blocked many our clean mail.

We ask to remove our IP from your list or indicate clearly what type of problem we must resolve.

Regards

Gianluigi Tufo

Hi,

I working in a Lab for DLP and ICT (Labs@Symantec) for my self and have the next issue.

I am doing the initial configuration and when I try to add a Role [Edit (Create Draft) it seems to doing nothing. It just appear a brief "Loading" messages, but nothing more happens. 

Any idea? 

I uploaded a brief video (302 KB) of the behavior.

Thanks in advanced.

___
Alex Chavez

Hello,

first of all, excuse me for my bad English :)

I've got a problem with deinstalling SEP. I used it on my Windows 7 PC. Then I upgraded Windows 7 to Windows 10 while keeping all datas and programms which worked fine. I tried to deinstall SEP then to use Windows Defender.

Here is my problem: Windows Defender cannot be activated. When opening the "Security at a glance", I see "Symantec Endpoint Production is inactive". When trying to activate or open it, nothing happens (obviously because I deinstalled earlier). But it seems like Windows Defender isn't active either, because Windows stills thinks that I use SEP. And I don't find an option for activating Windows Defender.

Can you help me deinstalling SEP or at least activating Windows Defender?

Thanks in advance :)

With the Cloud intergration of SEP has it improved any in the last year? I heard at that time that it wasnt worth the move, has this changed?

Hi Everyone,

I would like to install Symantec Endpoint Protection on our computers in local network, but we mustn't connect anyone to internet anytime now and later. Is it possible to install SEPM, deploy clients on other computers this way without any interferences? Can SEP work offline? Do we need to uninstall LiveUpdate while doing that or is it necessary to work with .jdb files and working with other nodes? Are there any other tips i need to know?
 

Thanks in advance for answers

After many failed, deploy SEP to computer clients many times, I have found that, 

1. If i deploy by using Build-in admin account (Enable and Set password on that account), It can success deployment BUT
2. If i deploy by using created admin account (Full Permission as build-in account), It cannot success deployment. 

So Do you have any solutions to fix this issue, due to we don't want to enable Build-in admin account for security reason! 

NOTED: Our Computers is WORKGROUP, Not yet in Domain. FYI

Hello,

We cancled our Symantec account a couple of years ago and sicne then quite a few institutuions/business have been unable to email us as emails addressed to our domain are retunred undeliverable.  Recently we were advised that the issues appears to be that as a former Symantec customer that we did not terminate the service properly after we moved to Office 365. We were advised to contact Symantec to have the service compeletly terminated.  Below is a sample of the error message inclusive of the Diagnostic Info,  recieved by someone attemntting to email us.  A Symantec message does appear in the diagnotic in the diagnostic information: 

(using TLS with cipher AES128-SHA (128/128 bits))

        (Client did not present a certificate)

        by znpcpapbrg01i.bnymellon.com (Symantec Messaging Gateway) with SMTP id 18.7C.04270.F113C6C5; 

Below is the full error message.  Please advise if this can be reolved.  Many many thanks. 

Delivery has failed to these recipients or groups:

erogers@bradmer.com
Your message wasn't delivered because the recipient's email provider rejected it.

Diagnostic information for administrators:

Generating server: server-2.bemta.az-d.us-east-1.aws.symcld.net

erogers@bradmer.com
Remote Server returned '554 5.7.0 < #5.7.57 smtp; 530 5.7.57 SMTP; Client was not authenticated to send anonymous mail during MAIL FROM [BN6PR12CA0048.namprd12.prod.outlook.com]>'

Original message headers:

Return-Path: <george.gasson@bnymellon.com>

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bnymellon.com;

        s=BNY071018; t=1550594340; i=@bnymellon.com;

        bh=6CKn9+xMacgVsGmREMvRZd4vqsvhSI3dyrd8owANg1Y=;

        h=From:Subject:Date:Message-ID:Content-Type:MIME-Version:To;

        b=hDVm3hyZkP8nMSAIMHRKbKCHkfVy5CuolxDZMQgfL5c0ZG/8kPeRB5s6iGJy17ny0

        rSvDe2KQlABFBoFpw5do1kJCAOY2zSl7T6CL8bme4Z1HPDQwc1jyGojWI7R+8JO839

        lv8ZXnqSoW4gSfDH+WbyI6Jn1mX7Pq/LGTtJHXXn+Y0VcsI2e3WUUv9P7YcSCwWH53

        l1c87rxg1ZdCbNlL8DYi8j3IsU0jsrJNinG3z6NcF3jklLox0ngbGQtMjXY9TrVBjG

        sm5etZNEnqxZQeR380yZJWKQqc0/WvjttDEZsYB7rjr7cqwBv7wLiRyUvqSXKR1c4E

        ROsTtP5On/0Vw==

Received: from [67.219.247.54] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits))

        by server-2.bemta.az-d.us-east-1.aws.symcld.net id 4B/16-27512-4213C6C5; Tue, 19 Feb 2019 16:39:00 +0000

Authentication-Results: mx.messagelabs.com; spf=pass

  (server-29.tower-426.messagelabs.com: domain of bnymellon.com designates

  67.219.247.54 as permitted sender) smtp.mailfrom=bnymellon.com;

  dkim=none (message not signed); dmarc=none header.from=bnymellon.com

X-Brightmail-Tracker: H4sIAAAAAAAAA2VUe0xTdxT2d1+9IMXy0h+ELbPE7GU7cC47y8b

  ijHE3kC0LZiQ6oxZbabNSSFsmbMmCk7HBeIgQgQKF8X5GkOIEBIoPnmMghsFU3gWCCE7jY06B

  3XLBueyfk++c7zvfOecmv8uSrrUOXqwqyqjS6xRaKeNIVfhXn5D5+GkP+l4/7QCmxgEE46MXK

  VhOfUDCaE09Be02CwnTKfk0xD48Q8CfkxYG+lqsNKwMt9KQUmSjIXXwKg3t8cUkXH4wKII/ho

  Pgae9dBIkX8yiIyXwFruR5QsvVDhoqG7IRTJzspCF7cYyB/sk+CmYzx0hYav2OhNrZERLi0vx

  hfqaFghpLLQ0J/c8ouJdoFcGVLBMN15uLKWg+X4JguqMaQX9+G4LR8WYR9NSdoWDwUR4DdS0m

  ChbKlkQwP15FwoW/ykXw26W/CRjJshBwcrGQgIfTJgbi41cQzFTEELCUdwxKZ54gsHYskfDwa

  rUIOptvMDBcZmWge+FHAgZLivgri8YJSK1JJeBmRxfBf6YC/p65eBIscYnMLiWXXmAjuZqnY4

  gbayoXce0lrSTXOeTCdY7EkFzS3DLBxa40iriaqbM0l/WDmeTSpnIQZy18SnIZyc00d/1+C8U

  lxjfS3EzsPPHZtgO0RhcSHnWEVncV6yLMxSgqp6mejEF9GSgBObBYshM3Fw5TCciRdZW0Efhu

  kpkRkssI9zZlEELyDOEnifMiITnHMyeshL2f4ftrkstWvdwkcjz+u13kwLpL3sbnJ6sJAcvxY

  Osdvs6ylGQbHur/2F4WSz7Ad2qnSTtGks34cXfVqpyUbME3bHmEsJ47nrjWwwjYA89NLdMC9s

  EdxWWUoP8W19fdIwVPF9yVZaOEsd4481Teaq+r5DWcZR5a83kZV5+9R9tvwZLTG7HtRAF9Cm0

  2vTDb9IKv6QVfoX4U30oaYwS8Hec33V/Db+KSn+fJdfyrdYr4f307rhtoWPPZiuPis3mNI48L

  EW6qSiHWRXMLi/S6KP2nCVE+ElegnSF6TajaGKbQaGV+vr4yP78dsvdkfnLF1zKlPNIgUykMR

  nt63CA3RIcd1SrlOpXxHOIfqDLCAV1AltLQS8iTJaQe4szXtQddnUPCldFqhUF9WB+pVRkuIW

  +WlWLxbl+ec9GrQlVRxzRa/pWv05h1krqLx+202BChCDNoQgWqGwWyDY8nckm2azUm187w0TJ

  mj42rcbRtNpd0pXThOpXXFvFHdguJ3UIdqXs+YP1PMoBe8nITow0bNrg6Raj0YRrjf/nbaAuL

  pG7Cnk4anfH5Hrf5FQl+RdPKl/YVjYp/Ka8YlNx7oPf9gMGQPTnKkMmSQJ+iykMb31pxf8f8f

  blNseMrj0/V3p8776UOffLL8eTgrVB+q+dm+iNiVLn/m1mb/yZ9256gRbiWG8080zq+OyIrjS

  rb3V8bLJIu9Kk/rMoMIKdUQQEe+5zLX927b1e/T4X8sH9gZ3Bw36aiI5VfeJrTdu2XUga1wu8

  NUm9Q/ANRxQlcRAUAAA==

X-Env-Sender: george.gasson@bnymellon.com

X-Msg-Ref: server-29.tower-426.messagelabs.com!1550594311!2056042!25

X-Originating-IP: [170.61.173.129]

X-SYMC-ESS-Client-Auth: outbound-route-from=pass

X-StarScan-Received:

X-StarScan-Version: 9.31.5; banners=bnymellon.com,-,bradmer.com

Received: (qmail 8740 invoked from network); 19 Feb 2019 16:38:59 -0000

Received: from znpcpapbrg01o.bnymellon.com (HELO znpcpapbrg01i.bnymellon.com) (170.61.173.129)

  by server-29.tower-426.messagelabs.com with DHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 19 Feb 2019 16:38:59 -0000

X-AuditID: 0aa06eb7-ff3ff700000010ae-64-5c6c311ff12f

Received: from WTPCPHTMEM02.ams.bnymellon.net (wtpcphtmem02.ams.bnymellon.net [160.254.249.175])

        (using TLS with cipher AES128-SHA (128/128 bits))

        (Client did not present a certificate)

        by znpcpapbrg01i.bnymellon.com (Symantec Messaging Gateway) with SMTP id 18.7C.04270.F113C6C5; Tue, 19 Feb 2019 11:38:55 -0500 (EST)

Received: from WTPCPEXMEM50.ams.bnymellon.net (10.88.250.171) by

WTPCPHTMEM02.ams.bnymellon.net (160.254.249.175) with Microsoft SMTP Server

(TLS) id 14.3.408.0; Tue, 19 Feb 2019 11:38:55 -0500

Received: from WTPCPEXMEM47.ams.bnymellon.net (10.88.250.168) by

WTPCPEXMEM50.ams.bnymellon.net (10.88.250.171) with Microsoft SMTP Server

(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id

15.1.1531.3; Tue, 19 Feb 2019 11:38:54 -0500

Received: from WTPCPEXMEM47.ams.bnymellon.net ([10.88.250.168]) by

WTPCPEXMEM47.ams.bnymellon.net ([10.88.250.168]) with mapi id 15.01.1531.003;

Tue, 19 Feb 2019 11:38:54 -0500

From: "Gasson, George"<george.gasson@bnymellon.com>

Subject: Markets in review week ending 2/15/19

Thread-Topic: Markets in review week ending 2/15/19

Thread-Index: AdTIcZkQ+XuS/IPwQHKb7fmVvhjN7A==

Date: Tue, 19 Feb 2019 16:38:54 +0000

Message-ID: <ee9356a4afd54921b7587364d60ee53b@bnymellon.com>

Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach: yes

X-MS-TNEF-Correlator:

x-originating-ip: [167.222.211.240]

Content-Type: text/plain

MIME-Version: 1.0

To: Undisclosed recipients:;

X-CFilter-Loop: Reflected NPC6

X-Brightmail-Tracker: H4sIAAAAAAAAA2WTa0ybZRTHfd5radb5DmF7xGVBdIm6UYduyUncjPGDe78YxUSNCwnr4N0l

        K6UpEwdG0wki7dgY2QK0ENpxE9iQIoVtsJYOgRaQAcOOOsO9BUkHygQncrPwQkLit98553/+

        55wneSRk8DwbJjmjOidoVAplBCOlpGZVXWR4lDLmQLr+WTA2PkAwMnSXgpWcORKGLPUUtHut

        JPiyzTSkz+cS8OeYlYEeu4OGVU8zDdmlXhpy3G00tOvKSPhpzs3Cr56PYLH7DwRZd00UaPPD

        odX0PNjbnDTcuFOAYDTNRUPBzDADvWM9FEzmD5Ow3PwNCbWTgyRkXD0C/gk7BRZrLQ363iUK

        ZrMcLLQajDT028oosDWUI/A5qxH0mu8hGBqxsdBVl0uB+28TA3V2IwXTFcss+EduknD7n0oW

        7rf8S8CgwUpA2kwJAfM+IwM63SqCiSotAcumk/D9xAICh3OZhPm2ahZctkcMeCocDHROZxLg

        Li8NXFk6QkCOJYeA35wdROCZigP3TOlIsGZkMe/E89eKvSRvWRxG/HBTJcu3lzeTvGtgB+8a

        1JL8pakVgk9fbWR5y3gNzRu+KyL5q+OFiHeULJJ83mUbzfc/sVN8lq6R5ifS/cSHe49JD8cL

        yjPJgub1t49LT7d39iO1qQKdL2yqJ7WoJw/pUZAEcwexrcRD6ZFUEsy1ErjeYybFoA3hbwvm

        kBisIlzz1y/sWkswZ0X4ln3PGjOBdsvlinWr5zg5HnnoX9eEcG/ihrFqQmQ5djc/DuQlEorb

        iwd6j66lZdxh/LjWR64x4nbip5031+Uktws/8poIcbsQPNrXxYgciqfGV2iRX8LOsor1rUlO

        i3C39iItmu7AHQYvJc7djfOvmBhx51ewoWhgw2gPrq6Zpa+gUOOWecatXsYtXqIoHnf5pwiR

        92Nz0xNG5H24/Lqf3OSfHePE//P7cd2DOxs+L+IMXcHGsDKEO39vR5uiqekZelN07eIoa0ay

        KhSWqlLHqRXqE5pTB6LkJ1QpCYJSmaiSxyUm/IjED3jrNhrNe7cFcRIUsU3moZQxwbQiOSkl

        oQW9HDAbs9zoRWGUKlElRITIoqSBsixekZIqaBJjNZ8rhaQW9IKEitglu278LCaYO6U4J5wV

        BLWg2awSkqAwLdJ1h+kbihZii79wGXuOedXPhA/fazv/1cclH3D1Lu7T+KfJZ/HS/diDDbPj

        ubYg+depF97q2x5tlO88Hlp56NK+aMOS+Yejvo6+hcaknpPbIj/pr+HeM+vnH7pS2PfjstyF

            8t2HYrZXDUyGgynywpeZr2a/saQ5MpdW5Bvodnozo2MiqKTTiqjXSE2S4j+oY7LtiA

I need to create a rule that blocks communications between servers that have internet connection.

For example:  I want to create a rule for 8 shared servers that prohibits these servers from seeing database servers.

Please help.

Been having issues after updating from SEP 12 to 14.2 RU2.  Since we updated, SEP has been blocking Microsoft onedrive from updating, essentially breaking the install. We don't see anything in the logs that points to onedrivesetup.exe or onedrive.exe being targeted.  There also has been issues installing/using other software as well (USMT restore gets blocked in the delivery optimization folder, Adobe application manager breaks, MSVisual lighting won't install)  We verified without a doubt it is SEP but cannot resolve the issue. Does anyone have any ideas where we should look to resolve this issue?  I can't find anything in the logs except for the application logs that seems like it's a permission issue.  This didn't start until SEP 14. Maybe it's hardening the Temp folders?  Any help would be great!

-S

Hi all,

Necesito saber cuál es el consumo de RAM and CPU, el rango procesado en el punto final.

What is the impact on a File Server (RAM and CPU) when performing a scan with Network Discover.

thanks.

Hi Team,

We are trying to deploy CASB reach agent via GPO. since it's in exe package, can anyone share a manual guide on how to deploy exe pacakge using GPO.

Thank you

Dear support,

I am doing a POC design for the attached layout of network devices placement.

I have a Sandbox(active device 1) and Bluecoat proxy in explicit mode(Active Device 2) both of them are in the path of traffic. Now i need to decrypt the traffic for both those devices. Since i have two SSLV800 devices (and I know that SV800 doesn't support service chaining). I am using SSLV1 with Sandbox and SSLV2 with a proxy. The thing i want to know is , since i will be doing double decryption in the network. How would i be handling certificates for SSLV1 and SSLV2 for traffic decryption?

Also, will that kind of deployment be possible?.

Hi all,

i'm using SED 10.4.2 MP3. Now the SED 10.4.2 MP4 was released and i want to upgrade from MP3 to MP4 but i so not see any upgrade, update setting on SED Windows in User's PC. Is SED support upgrade or i have to install override it ? And there is a lot of User's PC so manually upgrade not a good i dea.

Thanks

I've been asked to configure our DAG exchange 2016 servers to "reflect" email to a DLP server for an audit by our parent company.  It seems like since we aren't going to be running the full suite, and this will be turned off after a few weeks that I should be able to just do a journaling rule that has a send connector to their DLP server.  But I'm not seeing that as an option in the Integration guide, or I haven't come across it yet.  The technical auditors aren't being to helpful about what we need to do, just "set up a send and recieve connector for all your email to flow through us, if you need it to be routed back to you then put this cert in and a xheader".  Seems like it would be a little more work than that.  Both products are on prem VM's.  Some advice would be helpful, thanks!