SEPM Firewall Breaking after installation of Creators update

I do not need a solution (just sharing information)

Just as the title says I’m having a serious issue with SEPM firewall breaking when the creators update in windows 10 is installing.  These are the things I’ve done when theyve broken: 

1. installed SEPM 14 MP2

2. run windows update after I’ve fixed the issues. 

This results in a broken firewall driver and I have to uninstall SEPM.  

is this a widely known issue? out of 50 computers I’ve had this happen to 8 so far.  Just looking for guidance. 

0

Related:

Old Virus Definition File “Reminder” message – Get rid of thru command prompt or Registry

I need a solution

I am working in an application in which once virus has been updated and machine is rebooted, “Old virus Definition file” popup message appears. 

I want to get rid of this without manual intervention once the system is rebooted.. 

I understand there is option in GUI.. But i want through REGISTRY modification or any Command Line for this operation. 

Please help. 

0

Related:

TCP Connections To “ent-shasta-rrs-symantec.com”

I do not need a solution (just sharing information)

We have found an enormous amount of blocked traffic on our proxies that is going to tcp://ent-shasta-rrs.symantec.com

I know what the URL is used for, that is not the question.
The big question mark for me is the TCP:// connection that is being blocked. This is expected behaviour by the proxy. Question is why TCP?

The client as in the configuration is using the IE proxy config, which is a PAC-file in the end.
After testing with the URLs listed under https://support.symantec.com/en_US/article.TECH163042.html, I can tell that one of the links is being blocked and the other works.

Is there anyone with an idea why these connections happen?

0

Related:

Regex inside data identifiers

I need a solution

Hi, I am tryinto use regex into custom data identifiers but the very simple regex such as to capture date work fine when using directly in a detection rule but the same regex, when used with custom DI does not work. Is there a specific format for regex to work with custom DIs? Thanks

0

Related:

symantec unmanaged live update remains disabled for nearly 3 minutes at start

I need a solution

Dear Team,

Reqiured help in bleow issues

1> Symantec unmanaged  live update remains disabled for nearly 3 minutes at start

2> How to get rid of Cleanserp.net Redirect

0

Related:

Essential support totally failing, cannot get new serve online

I need a solution

I am absolutely disappointed wwith Symantec essentail support, and they have left me without a working server as they apparently do not know how to configure or troubleshoot it.

After reinstalling Symantec Encryption server fom scratch, they cannot configure this simple implemenmtation. THey ahave no access to anyone who can resolve this new deployment.

A typical call goes with the “senior” technicain putting me on hold every 5 minutes while he runs to get a questin answered. Then asks to call back in two hours because this “senior” technician doesnt know what to do.

Meantime our system is down, and no end in sight.

time to find another solution, Symantec has let me down. You cannot even edit the notes on the ticket anymore. You cannot update your own case!

0

Related:

How to mitigate EDM only scanning first 100K of content

I need a solution

Greetings fellow DLPers!

I just learned that with out of box settings only the first 100K (that’s not a typo!) of extracted content is scanned for policy violations.  I discovered this when asked why a particular document with violating content was not matched by an EDM policy.  This has to do with the Lexer.MaximumNumberOfTokens setting.  See TECH233786 EDM detection does not detect content at the end of a file for details.

Saying it does not detect content “at the end of a file” is a bit of a misnomer in my opinion as I was under the impression DLP scanned files up to 30 MB by default and I wouldn’t call everything after the first 100K “the end of the file” I’d call it everything except the beginning of the file!  If content isn’t in the first tiny 100K of a 30 MB file detection will not occur.

To match content in the entire 30 MB of a file would require increasing the Lexer setting from 12000 (default in 12.5) to about 3,600,000 a 300 times increase.

I ran lexer up to 1.2 M in a test environment (which only matched on the first 4.5 MB Of extracted content) with apparently no effect on RAM and CPU just longer detection times but that was just a limited test.

So I was wondering if anyone else has discovered this limitation and how they have dealt with it.  

Have you decided if you don’t find something in the first 100K that’s OK?  Or have you increased it just some?  What other tuning did you do?  How is it working for you?

Thanks in advance!

0

Related: