Symantec Connect - Security - Discussions(New Window)

  1. SEP fails to replicate properly between servers(External Link)

    Hi,

    we're experiencing a strange issue with SEP (ver. 11) here. We've got two servers to monitor the other servers but somehow these two servers never seem to show the correct amount of machines they're supposed to monitore. Refreshing won't help unless we delete the files in the 'inbox' and 'outbox' folders. Then it will show the correct number (nearly 1000) but over the next days this number declines until it is at around 600 or even 400. Replication is set to auto, we tried to change it to manual but that didn't solve it. Any ideas?

  2. Symantec Endpoint Protection 11.0.5XXX.333: Virus definition update using Intelligent Updater.(External Link)

    I encounter a problem when updating Symantec Endpoint Protection 11.0.5XXX.333 client using Intelligent Updater. The virus definition does not updated. Intelligent Updater prompt a message said the updating is successful but when I check, the virus definition still show outdated. Definition I used is from Symantec Website. The executable file name is "20100906-024-v5i32.exe". and the log message that I get in "Log.IntelligentUpdater.txt" after executing Intelligent Updater are:

    Tue Sep 07 13:05:04 2010 : ******************************************************************

    Tue Sep 07 13:05:05 2010 : Starting Intelligent Updater - Version 5.1.0.9
    Tue Sep 07 13:05:05 2010 : ******************************************************************
    Tue Sep 07 13:05:05 2010 : AUTH SYMSIGNED BEGIN: Started.
    Tue Sep 07 13:05:05 2010 : AUTH SYMSIGNED CLASS3 BEGIN: Entering CriticalSection Initialization .
    Tue Sep 07 13:05:05 2010 : AUTH SYMSIGNED CLASS3: Succeeded find the class 3 ID, returning TRUE.
    Tue Sep 07 13:05:05 2010 : AUTH SYMSIGNED END: Finished processing. Returns TRUE
    Tue Sep 07 13:05:05 2010 : IU RES SYMSIGNED SUCCESS: Successfully verified Symantec Signature for the iuResource.dll
    Tue Sep 07 13:05:05 2010 : IU RES LOAD: Successfully loaded the resource file..
    Tue Sep 07 13:05:05 2010 : IU MODE: IU is running is FULL mode.
    Tue Sep 07 13:05:07 2010 : CONFIG LOAD SUCCESS: Successfully loaded the configuration file: iuConfig.xml.
    Tue Sep 07 13:05:07 2010 : IU INFO: File-name : 20100906-024-v5i32.EXE
    Tue Sep 07 13:05:07 2010 : IU INFO: Creation-date : 20100906
    Tue Sep 07 13:05:07 2010 : PROCESSING ENTRY: VIRSCAN.zip - Virus Definitions
    Tue Sep 07 13:05:07 2010 : Entry details:
    Tue Sep 07 13:05:07 2010 : Update-File: VIRSCAN.zip
    Tue Sep 07 13:05:07 2010 : Update-Desc: Virus Definitions
    Tue Sep 07 13:05:07 2010 : Auth DLL Name: SAVIUAuth
    Tue Sep 07 13:05:07 2010 : Auth DLL Location: local
    Tue Sep 07 13:05:07 2010 : Auth Content-Type: virus definitions x32
    Tue Sep 07 13:05:07 2010 : Deploy Content-Type: virus definitions x32
    Tue Sep 07 13:05:07 2010 : Deplo DLL Name: SAVIUDeploy
    Tue Sep 07 13:05:07 2010 : Deploy DLL Location: local
    Tue Sep 07 13:05:07 2010 : AUTH DLL LOCATION: IU will read the DLL location from registry - SAVIUAuth
    Tue Sep 07 13:05:07 2010 : REG SUCCESS: Success while opening key 
    Tue Sep 07 13:05:07 2010 : REG SUCCESS: Success while fetching the path for DLL : C:\Program Files\Symantec\Symantec Endpoint Protection\IU\LuAuth.dll
    Tue Sep 07 13:05:07 2010 : DEPLOY DLL LOCATION: IU will read the DLL location from registry - SAVIUDeploy
    Tue Sep 07 13:05:07 2010 : REG SUCCESS: Success while opening key 
    Tue Sep 07 13:05:07 2010 : REG SUCCESS: Success while fetching the path for DLL : C:\Program Files\Symantec\Symantec Endpoint Protection\IU\DefUDply.dll
    Tue Sep 07 13:05:07 2010 : AUTH SYMSIGNED BEGIN: Started.
    Tue Sep 07 13:05:07 2010 : AUTH SYMSIGNED CLASS3 BEGIN: Entering CriticalSection Initialization .
    Tue Sep 07 13:05:07 2010 : AUTH SYMSIGNED CLASS3: Succeeded find the class 3 ID, returning TRUE.
    Tue Sep 07 13:05:07 2010 : AUTH SYMSIGNED END: Finished processing. Returns TRUE
    Tue Sep 07 13:05:07 2010 : AUTH SYMSIGNED SUCCESS: Successfully verified Symantec Signature for the authorization dll C:\Program Files\Symantec\Symantec Endpoint Protection\IU\LuAuth.dll
    Tue Sep 07 13:05:07 2010 : AUTH LOAD SUCCESS: Successfully loaded the authorization dll - C:\Program Files\Symantec\Symantec Endpoint Protection\IU\LuAuth.dll
    Tue Sep 07 13:05:07 2010 : AUTH SYMSIGNED BEGIN: Started.
    Tue Sep 07 13:05:07 2010 : AUTH SYMSIGNED CLASS3 BEGIN: Entering CriticalSection Initialization .
    Tue Sep 07 13:05:07 2010 : AUTH SYMSIGNED CLASS3: Succeeded find the class 3 ID, returning TRUE.
    Tue Sep 07 13:05:07 2010 : AUTH SYMSIGNED END: Finished processing. Returns TRUE
    Tue Sep 07 13:05:07 2010 : DEPLOY SYMSIGNED SUCCESS: Successfully verified Symantec Signature for the deployment dll C:\Program Files\Symantec\Symantec Endpoint Protection\IU\DefUDply.dll
    Tue Sep 07 13:05:07 2010 : DEPLOY LOAD SUCCESS: Successfully loaded the deployment dll - C:\Program Files\Symantec\Symantec Endpoint Protection\IU\DefUDply.dll
    Tue Sep 07 13:05:07 2010 : AUTHORIZATION SUCCESSFUL: VIRSCAN.zip is successfully authorized for deployment.
    Tue Sep 07 13:05:07 2010 : DEPLOY PATH SUCCESS: VIRSCAN.zip will be deployed at location C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\tmp7bbf.tmp
    Tue Sep 07 13:05:07 2010 : AUTH SYMSIGNED BEGIN: Started.
    Tue Sep 07 13:05:07 2010 : AUTH SYMSIGNED CLASS3 BEGIN: Entering CriticalSection Initialization .
    Tue Sep 07 13:05:07 2010 : AUTH SYMSIGNED CLASS3: Succeeded find the class 3 ID, returning TRUE.
    Tue Sep 07 13:05:07 2010 : AUTH SYMSIGNED END: Finished processing. Returns TRUE
    Tue Sep 07 13:05:07 2010 : UNRAR LOAD SUCCESS: Successfully loaded the UNRAR DLL.
    Tue Sep 07 13:05:07 2010 : UNRAR OPEN SUCCESS: Success opening RAR file VIRSCAN.zip
    Tue Sep 07 13:05:14 2010 : UNRAR EXTRACT SUCCESS: Succesfully extracted VIRSCAN.zip to C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\tmp7bbf.tmp
    Tue Sep 07 13:05:16 2010 : POST PROCESS SUCCESS: Successfully performed post processing for VIRSCAN.zip
    Tue Sep 07 13:05:16 2010 : Calling ReleaseInstance() on the object of IIntelligentUpdaterDeploymentManager2.
    Tue Sep 07 13:05:16 2010 : PROCESSING ENTRY: VIRSCAN.zip - Virus Definitions
    Tue Sep 07 13:05:16 2010 : Entry details:
    Tue Sep 07 13:05:16 2010 : Update-File: VIRSCAN.zip
    Tue Sep 07 13:05:16 2010 : Update-Desc: Virus Definitions
    Tue Sep 07 13:05:16 2010 : Auth DLL Name: ISAuthDLL
    Tue Sep 07 13:05:16 2010 : Auth DLL Location: local
    Tue Sep 07 13:05:16 2010 : Auth Content-Type: virus definitions x32
    Tue Sep 07 13:05:16 2010 : Deploy Content-Type: virus definitions x32
    Tue Sep 07 13:05:16 2010 : Deplo DLL Name: ISDeployDLL
    Tue Sep 07 13:05:16 2010 : Deploy DLL Location: local
    Tue Sep 07 13:05:16 2010 : AUTH DLL LOCATION: IU will read the DLL location from registry - ISAuthDLL
    Tue Sep 07 13:05:16 2010 : REG SUCCESS: Success while opening key 
    Tue Sep 07 13:05:16 2010 : REG FAILURE: Failed while reading the value for key named 
    Tue Sep 07 13:05:16 2010 : DEPLOY DLL LOCATION: IU will read the DLL location from registry - ISDeployDLL
    Tue Sep 07 13:05:16 2010 : REG SUCCESS: Success while opening key 
    Tue Sep 07 13:05:16 2010 : REG FAILURE: Failed while reading the value for key named 
    Tue Sep 07 13:05:16 2010 : IGNORE ENTRY: Ignoring entry for VIRSCAN.zip because of registry read failure. Error occurred while reading the path for the Authorization DLL from the registry.
    Tue Sep 07 13:05:16 2010 : IU failed while deploying V because a compatible product could not be found on the system. Please make sure that a compatible Symantec product is installed on the system.
     
    Already try on few client machine and getting the same log.

    Appreciate if anyone can give me a suggestion or solution to this problem. Is it a bug on my client? or Is the Intelligent Updater bug? or Other unknown problem.

    Thanks.

  3. Symantec Mail Security for Domino 3.2 for Lotus Notes (Solaris Sparc 10)(External Link)

    Does Symantec Mail Security for Domino 3.2 supports Lotus Notes (Solaris Sparc 10) ? I check the system requirements but I am not sure if it includes in this part Sun Solaris 8 or later thanks

  4. Blocking my router's ip?(External Link)

    I've seen several topics that hint about what my problem is and everything leads to me going into my "Symantec Endpoint Protection Manager Console" to add an exception; however, I do not have that, I have Symantec Endpoint Protection...no manager console.

    What I'm trying to do is set up an exception for my ip address.  I went in: Network Threat Protection and added a firewall rule, but that didn't work, still keeps blocking the ip, 192.168.1.1..  Now the question is...is there two different versions...Symantec Endpoint Protection & Symantec Endpoint Protection Manager?

    Thanks for helping a total idiot if you can...:)

    Chris

  5. Endpoint Protection (AntiVirus) consumes huge disc space on Drive C(External Link)

    I got a similar case as the following link.
    https://www-secure.symantec.com/connect/forums/c-drive-running-out-disk-space-huge-folder-i2ldvptmp

    But my case relate to install latest SEP 11.0.6.562 with Enterprise Vault 8.0 SP3 server.

    I have W2k3 Standard 32 bits server and installed SAV 10.1.6 before. 
    I found upgrade to SEP 11.0.6.562 version and found low space on drive C.

    "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec EndPoint Protection\I2_LDVP.TMP"
    It have a lot file with attribute "O". it mean it is EV placeholder file.
    File Name Start with msl-428-XXXX

    I do exclude folders (Vault storage folder & Index folder) and *.DVS files, but it does not sort it out.

    I can't delete them since it is placeholder files; even save mode, I can't delete them.  

    I attempt to install EV FSA agent on EV server to delete these files. 

    Would someone meet my case and found a way to sort it out completely ?

    Any good practice setting of SEP on Enterprise Vault storage server and FSA agent client ? 

  6. SEP Antivirus and Antispyware Turned Off(External Link)

    I have an unmanaged SEP RU5 client. Few days ago I noticed that a notification saying that my AV was turned off. I tried to log off and login again and the AV was turned on again.

    Can anyone help me with this? I was very annoying to relogin every time the notification pops.

    Thanks in Advance.

  7. SCCM 2007 False Negative(External Link)

    Has anyone had what I suspect as a "False Negative" with SCCM 2007?

    We have recently installed SCCM 2007 (with all the latest service packs) onto a W2K8 R2 server however SEP has started reporting the following files as Trojan.gen:
    tools.exe
    changecache.exe
    located "C:\Program Files (x86)\Microsoft Configuration Manager\AdminUI\XmlStorage\Tools"

    We are running version 11.0.6000.550 with the latest update.

    To mitigate the issue we have added a local exclusion but would be nice to not have to. Not a big issue as we are only running one instance of SCCM but I'm sure we aren't't the only organisation that use this product

    Cheers.

  8. Problem with Wireless and NTP on SEP 11.0.780.1109(External Link)

    Just installed SEP on a Dell Latitude D520 with the Intel Wireless and tried to connect to a NetGear Wireless Router. I was able to successfully to connect to it before installing the software. If I disable NTP, then I can connect to the router. Checking the Wireless Troubleshooting, I fail either on Association or Authentication when NTP is on. The laptop is running XP SP3. Obviously, I am missing a rule to allow access through the firewall, but what is it?

    I have another 18 laptops to do with SEP and I need to know the solution before continuing with installing SEP.

  9. SID 23363 HTTP Nukesploit P4ck Activity Detected(External Link)

    I am running Symantec Endpoint Protection 11.0.6100.645 with the latest updates on Windows 7. 

    I keep getting a message that "HTTP Nukesploit P4ck activity detected."

    I wend to the attack signatures and have disabled system restore, updated the virus definitions and ran a full system scan.  No problems were found. 

    I do not understand the "delete any values added to the registry" task and need some further explination. 

    What else can I do to stop this issue.

    Todd

  10. Open DNS updater false positive Backdoor.IRC.Bot(External Link)

    All of a sudden I'm getting a notification that OpenDNS updater is a threat.  Is this a know issue?  See attached jpeg