Cisco ISE 1.2 and Symantec Endpoint Protection

Similar Messages

• Cisco Anyconnect 3.X and Symantec Endpoint Protection(SEP11)

  We are currently using Cisco Anyconnect ver 3.0.3050 with SEP11. Some users are getting a Port Scan Attack message from SEP11. Never saw this when using our previous Nortel VPN client. Has anyone seen this before?

  Try adding an Application exception to your SEP policy.
  Creating Centralized Exceptions Policies in the Symantec Endpoint Protection Manager 11
  http://www.symantec.com/business/support/index?page=content&id=TECH104326&locale=en_US

• BSOD on XP with Zenworks and Symantec Endpoint Protection

  After upgrading to Symantec Endpoint Protection (SEP) we are getting Blue Screen after imaging.
  We have SEP included in our image and after pushing the image to another computer, we instantly get a BSOD, when trying to boot up the newly imaged machine:
  *** STOP: 0x00000024 (0x00190203,0x8A4B0DE8,0xC0000102,0x00000000)
  Disable or uninstall any anti-virus, disk defragmentation or backup utilities. Check your hard drive configuration, and check for any updated drivers. Run CHKDSK /F to check for hard drive corruption, and then restart your computer.
  For test purpose I have tried doing the imaging job with Ghost 2003. This works perfectly, so I guess it is the combination of SEP and ZfD that is causing the problem. If I exclude SEP from the image, imaging with ZfD works fine. Imaging with Symantec antivirus ver. 10 also works perfect.
  Anyone out there running ZfD and SEP 11?
  Environtment:
  Windows XP SP3
  ZfD 7.01 sp1 ir1 running on Netware 6.5
  Symantec Enpoint Protection 11.0.3001.2224 (getting the same error with 11.0.2010.25)

  There should an updated patch for ZDM7 available withing a few days. (ZDM7
  SP1 IR3A HP1.)
  I would strongly suggest testing with the updated files when they are
  released.
  The is a much newer Linux Kernal starting with IR3A which could effect your
  problem.
  If you are still seeing an issue, I would suggest opening a ticket with
  Novell.
  Unless somebody here happened to have a copy of SEP, helping here would be
  tough.
  But I have not heard of this issue myself, but anything is possible.
  Craig Wilson - MCNE, MCSE, CCNA
  Novell Support Forums Volunteer Sysop
  Novell does not officially monitor these forums.
  Suggestions/Opinions/Statements made by me are solely my own.
  These thoughts may not be shared by either Novell or any rational human.
  "martinusen" <[email protected]> wrote in message
  news:[email protected]...
  >
  > After upgrading to Symantec Endpoint Protection (SEP) we are getting
  > Blue Screen after imaging.
  >
  > We have SEP included in our image and after pushing the image to
  > another computer, we instantly get a BSOD, when trying to boot up the
  > newly imaged machine:
  >
  > *** STOP: 0x00000024 (0x00190203,0x8A4B0DE8,0xC0000102,0x00000000)
  >
  > Disable or uninstall any anti-virus, disk defragmentation or backup
  > utilities. Check your hard drive configuration, and check for any
  > updated drivers. Run CHKDSK /F to check for hard drive corruption, and
  > then restart your computer.
  >
  > For test purpose I have tried doing the imaging job with Ghost 2003.
  > This works perfectly, so I guess it is the combination of SEP and ZfD
  > that is causing the problem. If I exclude SEP from the image, imaging
  > with ZfD works fine. Imaging with Symantec antivirus ver. 10 also works
  > perfect.
  >
  > Anyone out there running ZfD and SEP 11?
  >
  > Environtment:
  > Windows XP SP3
  > ZfD 7.01 sp1 ir1 running on Netware 6.5
  > Symantec Enpoint Protection 11.0.3001.2224 (getting the same error with
  > 11.0.2010.25)
  >
  >
  > --
  > martinusen
  > ------------------------------------------------------------------------
  > martinusen's Profile: http://forums.novell.com/member.php?userid=26795
  > View this thread: http://forums.novell.com/showthread.php?t=345351
  >

• Oracle RAC and Symantec Endpoint Protection

  Hello DBAs
  I am installing Oracle 1gR2 (10.2.0.3.0) two node RAC on Windows 2003 Server.
  The client has installed Symantec Endpoint Protection on the servers. It didnt allow us to install the clusterware successfully.
  But we disabled the whole syamntec service and installation went smooth.
  After that today we enabled SEPP and Clusterware services are not coming up properly...
  Is there any setting in SEPP to be disabled or enabled ........
  Please help...
  The client needs SEPP itself on the server.
  This is a Priority one case...Installer on site....
  Please help...

  Hi Mahesh,
  for: "+After that today we enabled SEPP and Clusterware services are not coming up properly...+" would be good to know why it did not come up... Besides, did you try restarting Clusterware before enabling SEPP? Just to be sure that the restart would work fine at all (without SEPP enabled). Anyways, while I assume the latter, we need some CRSD / CSSD and event manager information why clusterware would not start up.
  Well, let me try a wild guess first (I was lucky lately ;-)): Do you use OCFS? If so, first thing, you may want to try is: exclude all OCFS file systems from SEPP.
  Hope that helps. Thanks,
  Markus

• MARS and Symantec Endpoint Protection (SAV 11.x)

  MARS uses AMS to retrieve/parse messages from older versions of Symantec Antivirus. AMS doesn't exist in the newest version (aka Symantec Endpoint Protection). Is there a way to integrate SEP messages into MARS? If not, does anyone know if Cisco has any plans to support SEP with MARS?

  Hi -
  Supporting Symantec Endpoint Protection is under consideration for a future release.
  Have you written a custom parser for this in the meantime?
  thxs
  peter

• MARS 6.1.1 and Symantec EndPoint Protection

  Does Mars support EndPoint, or will it in the near future?

  No, unfortunately it is not supported in MARS 6.1.1. This only supports Symantec Anti Virus (latest version supported is 10.2)
  Here is what is supported in MARS 6.1.1 for your reference:
  http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.1/compatibility/local_controller/dtlc6x.html

• Settings for symantec endpoint protection

  Given the tumultuous relationship between Hyperion and Symantec Endpoint Protection, what are the settings in the exceptions that will guarantee minimal intrusion so that the performance of applications don't hurt ?We had to remove the software for 11.1.1.3 since it caused a major performance degradation for financial reports.. Now we are moving to 11.1.2.2 .

  Hello,
  Yes, every version may have minor bugs fixes.
  Check these Articles:
  About Maintaining Consistency of Software Versions throughout a SEP 11 Organization
  http://www.symantec.com/business/support/index?page=content&id=TECH131660
  What are the Symantec Endpoint Protection (SEP) versions released officially?
  http://www.symantec.com/connect/articles/what-are-symantec-endpoint-protection-sep-versions-released-officially
  Hope that helps!!
  Edited by: Mithun Sangavi (Symantec) on Feb 15, 2013 10:33 AM

• Symantec Endpoint Protection incompatible with Win7?

  I had Symantec Endpoint Protection running under Vista Ultimate.  Upgrading to Win7 i get a message that SEP's "Confidence Online Utility Driver" has been disabled because it may create stability problems.  Symantec says they're working on it. In the meantime? Are end users are still protected?  No answer from Symantec.  Is there a Microsoft soluition?

  Hi Craig,
  Symantec Endpoint Protection is compatible with windows 7.Please check the below link.
  http://www.microsoft.com/windows/compatibility/windows-7/en-us/Search.aspx?type=Software&s=Symantec%20Endpoint%20Protection
  Because of compatibility issues, the currently provided versions of Symantec Endpoint Protection do not install properly .To install Symantec properly on Windows 7,you can follow the below link wherein the steps are mentioned in clearly.
  http://kb.wisc.edu/helpdesk/page.php?id=12029
  SEP 11.0.5 is also released. If you have the serial number for the SEP you can use it in the below link.
  https://fileconnect.symantec.com/licenselogin.jsp?localeStr=en_US
  Please check the below link for further detials.
  http://snydersoft.com/2009/09/23/windows-7-and-symantec-endpoint-protection/
   If you have SMP 11.0.2 you need to call Customer care and can ask for a serial number to download SEP 11.0.5.
  Thanks,
  Saraga Mala
  NOTE - Disclaimer
  The links in this message may lead to third-party Web sites. Microsoft provides third-party resources to help you find customer service and/or technical support resources. Information at these sites may change without notice. Microsoft is not responsible for the content at any third-party Web sites and does not guarantee the accuracy of third-party information.

• Cisco ISE Vs Cisco Anyconnect Posture module with Advanced Endpoint Protection

  We are planning to use cisco Anyconnect posture module with Adv Endpoint protection to examine the VPN users- This can check whether they a antivirus/anti spyware software installed on their work station and can force to update def file if its older than specified number of days, it can also check the firewall status on their workstation and enable if its not already.This can detect keylogger and emulation softwares also.
  Do we get any additional advantages in using ISE compared to Anyconnect posture module ......
  Siddhartha       

  These are good questions. We had them last year before we decided to purchase ISE, specifically for our VPN users.
  I will be watching this thread to see what kind of responses you get.
  As of right now, I can verify the ISE can indeed check if specific Anti-Virus is installed (i.e., your corporate AntiVirus), or if ANY (supported by Cisco within ISE) antivirus is installed, and it can force an update process for the AV if it detects that the DAT files are older than a admin specified amount of time.
  Our issue at the moment (if you haven't searched the forums) is ISE detected the proper WSUS updates are indeed installed on the users systems and allowing the users system to talk to our internal WSUS server.
  We are now wondering if the Advanced Endpoint licensing on the ASA would have been a better way to go.
  Wishing you luck in finding your answers for us all.
  Dirk

• Symantec Endpoint Protection 12.1 and Peopletools 8.53

  Hello,
  We're currently enabling virus scan for PT 8.53 with Symantec Endpoint Protection (SEP) v12. However, we are unable to configure it correctly. Our set up looks like this:
  * PS webserver is insatalled on server 1, this is where we configure the virusscan.xml file
  * SEP 12 is installed on a separate server, server 2. client and SEP manager is installed on this server.
  * OS is Windows 2008 R2 64-bit for both servers.
  May I know if  anyone here have successfully used SEP for scanning attachments?
  Unfortunately, as per oracle, only symantec scan engine was verified to work with peoplesoft, other versions are still not tested to work.
  another question is, what should be the value for the virusscan.xml parameters below?
      <Provider>
       <name>SymantecManagementClient</name>
      <class>psft.pt8.virusscan.provider.GenericVirusScanProviderImpl</class>
      <icapversion>ICAP/1.0</icapversion>
      <service-name>/SmcService</service-name>
      <policycommand>?action=SCAN</policycommand>
      <address>server2</address>
      <port>8014</port>
      <disable>false</disable>
       </Provider>
  we've mixed and matched the available service names from server 2, but we are still getting the error below:
  Sep 10, 2013 11:14:19 PM psft.pt8.virusscan.ICAPClient connectAndCheckOptions
  INFO: Input OPTIONS Header = OPTIONS icap://server2:8014/SmcService ICAP/1.0
  Sep 10, 2013 11:14:19 PM psft.pt8.virusscan.ICAPClient connectAndCheckOptions
  INFO: OPTIONS recieve header= HTTP/1.1 200 OK
  Date: Tue, 10 Sep 2013 15:14:19 GMT
  Server: Apache
  Allow: GET,HEAD,POST,OPTIONS
  Content-Length: 0
  Connection: close
  Content-Type: text/plain
  ICAP header = ICAP/1.0 200
  Sep 10, 2013 11:14:19 PM psft.pt8.virusscan.ICAPClient scanStream
  SEVERE: Unable to connect to the Scan server SymantecManagementClient; Reason = CONNECTERROR
  Sep 10, 2013 11:14:19 PM psft.pt8.virusscan.VirusScanProviderManager scanStream
  INFO:  Scanning completed using provider = SymantecManagementClient Provider classname = psft.pt8.virusscan.provider.GenericVirusScanProviderImpl
  Sep 10, 2013 11:14:19 PM psft.pt8.virusscan.VirusScanProviderManager scanStream
  INFO: Finish Scanning Request.
  port 8014 is the client communications port for SEP and its the only port that gives us a response (INFO: OPTIONS recieve header= HTTP/1.1 200 OK..etc), when we try other ports we get a "SEVERE: Unable to connect to SymantecManagementClient" message on this line.
  Hoping for your responses, thank you in adance for your help.

  Hello,
  Just to give an update. We were able to make this work but we used Symantec Protection Engine for Cloud Services instead. Also, for anyone having problems with the parameters - we used the exact same parameters listed in Peoplebooks or on the delivered virusscan.xml file, just update the IP address. We also saved the xml file on both the Portal.war and PSIGW.war directories.

• Problem with Symantec Endpoint protection and iCloud

  iCloud does not function on my PC with Symantec Endpoint Protection. I think it is the stopping of Auto-run that is the problem, but I don't know how to solve this

  Hi Xung,
  Can you elobrate as what is that you are trying to achive and its blocking
  IS it TMG not getting updated
  Client is unable to get live update from internet
  SEPM manager unable to get updates ?
  can you do a logging and share the screenshot of the traffic getting blocked.
  If TMG is unable to get updates then allow the belwo
  From : Localhost
  To : SEPM / GUP servers
  Port : 2967 - Outbound and 8014 Outbound
  Allow for All Users

• T6x: IP Conflict after sleep mode using Symantec Endpoint Protection server.

  Here is the problem I'm having: We have several t6x laptops running various versions of Vista (business, enterprise, ultimate, x86 and x64), and we have Symantec Endpoint Protection server with client distributed to laptops.
  Every possible thing is at the latest level downloadable from MS, Symantec, Lenovo. HW is not malfunctioning in any way.
  If a laptop enters sleep mode and wakes up, windows return an error stating there is an IP conflict with the other computer on the network (with the same IP address and the same MAC addr !?). Other than that bluetooth and tpm drivers fail as well.
  If Endpoint protection is uninstalled laptops wake from sleep/hibernation without problem.
  If anyone has a clue what is going on please share the info...
  moderator note: title specified.
  Message Edited by Agotthelf on 24-03-2009 05:25 PM

  Hello redrum781, welcome to Lenovo forums!
  I have done a forums search for "symantec endpoint protection".
  It reveals there were a lot of problems with it, wireless disconnects or C++ errors.
  I would suggest to use a different antivirus solution, if this is applicable for you.
  Follow @LenovoForums on Twitter! Try the forum search, before first posting: Forum Search Option
  Please insert your type, model (not S/N) number and used OS in your posts.
  I´m a volunteer here using New X1 Carbon, ThinkPad Yoga, Yoga 11s, Yoga 13, T430s,T510, X220t, IdeaCentre B540.
  TIP: If your computer runs satisfactorily now, it may not be necessary to update the system.
   English Community       Deutsche Community       Comunidad en Español

• Symantec Endpoint Protection Manager Installer Information Script Error

  hi
  I can't install SEP Manager 14.1 in our windows 2012 R2 server I got an error during the installation.While was installing symantec endpoint production 14.01 , I am getting an error right at the end of the install. I understand that . I should do it with
  vbs running for symantec installing. however I dont know How can I do it ?,
  "Symantec Endpoint Protection Manager Installer Information - Error 1722. There is a problem with this Windows Installer package. A
  program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action RunFIPSScript, location: c:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\, command: C:\Windows\SysWOW64\...\FIPSMode.vbs"
  -install"

  Hi,
  I am Chetan Savade from Symantec Technical Support Team.
  I think you are talking about SEP 12.1 product. There is not any product by code 14.1.
  With reference to mentioned issue there is a Public Kb available. Refer the following KB:
  Symantec Endpoint Protection "Error 1722: There is a problem with this Windows Installer package..."
  http://www.symantec.com/docs/TECH103131
  Possible Solution as per KB: To fix the problem, run the Windows Installer CleanUp utility and then remove Symantec AntiVirus manually. Then, install Symantec Endpoint Protection again.
  To learn how to obtain and use the Windows Installer CleanUp utility, read the
  Microsoft article Description of the Windows Installer CleanUp Utility.
  Click the entry for Symantec AntiVirus or Symantec Client Security, and then click Remove.
  If more than one entry appears, remove the earliest program version first. After you remove all entries for Symantec AntiVirus and Symantec Client Security, remove Symantec AntiVirus manually.
  To find directions for your version of Symantec AntiVirus, read
  Manual uninstallation documents for Symantec Client Security products.
  Symantec connect forum link to raise SEP related issue: https://www-secure.symantec.com/connect/security/forums/endpoint-protection-antivirus
  Best Regards,
  Chetan

• I can't print with symantec endpoint protection

  I can't print with symantec endpoint protection.
  I have to disable the firewall, or reboot my windows 7 computer for the print job to print.  Any ideas what is blocking the printing process and how do I allow so I can print using my HP P2033dn that is connected via ethernet to my time capsule.  Thanks

  In the meanwhile I detected the problem. I made a new user account in windows and now it works correctly. So it isn't a photoshop problem but probably a register error. I have to find out furtherThanks for your reaction.
  [ excessive quoting removed by admin ]

• Installing Symantec endpoint Protection installtion failed

  Hi ,
   I have Symantec endpoint protection and have setup.exe. I have create a package and created a program as
  setup.exe /s /v"/qn RUNLIVEUPDATE=0 REBOOT=REALLYSUPPRESS" but unfortunately installation fails as part of Task sequence.
  just wondering if I am using some wrong command line arguments...pls. share any pointers. pls. find the screen shot attach from smstslog
  Regards.

  Hi,
  I am Chetan Savade from Symantec Technical Support Team.
  See if Windows defender is causing any issue.
  Can change it to setup /s /v"/l*v log.txt /qn RUNLIVEUPDATE=0 REBOOT=REALLYSUPPRESS DISABLEDEFENDER=0"
  Refer these articles:
  Keeping Windows Defender Enabled when Deploying and Installing Symantec Endpoint Protection Client package.
  http://www.symantec.com/docs/TECH168501
  Using MSI Command Line Switches to install Symantec Endpoint Protection (SEP) 12.1 fails to install or fails to abide by switch parameters
  http://www.symantec.com/docs/TECH177946
  MSI command line reference for Symantec Endpoint Protection
  http://www.symantec.com/docs/TECH102668