Confusion with SEPM 14.2 upgrade

I need a solution

Hello guys,

 

I’m trying to upgrade Symantec_Endpoint_Protection_Manager_14.2_RU1(3335) to Symantec_Endpoint_Protection_Manager_14.2.1_MP1(4814) but there is an error that I need to stop some SEPM process.

I’ve stopped all process and servicess that Administrator account can stop including Symantec Endpoint Protection Manager service but still have this error.

Please see screenshot.

I need your help.

 

 

0

Related:

  • No Related Posts

Splunk to identify all the “url.domain” conditions that has not had coverage for a long time?

I need a solution

Hi;

I would like to send access logs from a Proxy SG device to a Splunk server, then do a search against a list of specific URLs to see the number of hits against each of these URL. 

A. Can this be done in Splunk as a search 

B. Does anyone know what the Splunk search syntax can be?

Kindly

Wasfi

0

Related:

  • No Related Posts

Splunk to identify all the “url.domain” conditions that has not had coverage for a long time?

I need a solution

Hi;

I would like to send access logs from a Proxy SG device to a Splunk server, then do a search against a list of specific URLs to see the number of hits against each of these URL. 

A. Can this be done in Splunk as a search 

B. Does anyone know what the Splunk search syntax can be?

Kindly

Wasfi

0

Related:

  • No Related Posts

Splunk to identify all the “url.domain” conditions that has not had coverage for a long time?

I need a solution

Hi;

I would like to send access logs from a Proxy SG device to a Splunk server, then do a search against a list of specific URLs to see the number of hits against each of these URL. 

A. Can this be done in Splunk as a search 

B. Does anyone know what the Splunk search syntax can be?

Kindly

Wasfi

0

Related:

  • No Related Posts

Splunk to identify all the “url.domain” conditions that has not had coverage for a long time?

I need a solution

Hi;

I would like to send access logs from a Proxy SG device to a Splunk server, then do a search against a list of specific URLs to see the number of hits against each of these URL. 

A. Can this be done in Splunk as a search 

B. Does anyone know what the Splunk search syntax can be?

Kindly

Wasfi

0

Related:

  • No Related Posts

Splunk to identify all the “url.domain” conditions that has not had coverage for a long time?

I need a solution

Hi;

I would like to send access logs from a Proxy SG device to a Splunk server, then do a search against a list of specific URLs to see the number of hits against each of these URL. 

A. Can this be done in Splunk as a search 

B. Does anyone know what the Splunk search syntax can be?

Kindly

Wasfi

0

Related:

  • No Related Posts

Cisco NX-OS Software NX-API Denial of Service Vulnerability

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart.

The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP request to the NX-API on an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition in the NX-API service; however, the NX-OS device itself would still be available and passing network traffic.

Note: The NX-API feature is disabled by default.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-nxos-api-dos

Security Impact Rating: Medium

CVE: CVE-2019-1968

Related:

  • No Related Posts

Windows Updates on Win7 & 2008 and SEP – latest word.

I do not need a solution (just sharing information)

Anyone else get an email from their Symantec TAM such as this?

Hello Everyone,

Symantec has completed its evaluation of the impact of this update and future updates to Windows 7/Windows 2008 R2 and has determined that there is no increased risk of a false positive detection for all in-field versions of Symantec Endpoint Protection.

Microsoft KB4512506/KB4512486 and future updates can be safely installed and we are expecting the soft block on these updates to be removed on August 27th, 2019.

Symantec will continue to maintain the safety of these updates via content, but in order to return the client’s ability to gather SHA-2 information on Microsoft signed files, we recommend that one of these upgrades be applied:

SEP 14.2 RU1 MP1 (14.2.4814.1101) has been certified and is available for download via MySymantec.

SEP 14.2 RU1 (14.2.3357.1000) has been certified and is available upon request through Symantec Technical Support.

SEP 14.2 MP1 (14.2.1057.0103) has been certified and is available upon request through Symantec Technical Support.

These can be applied as part of any upcoming routine operational activities associated with maintaining Symantec Endpoint Protection.

All this is documented in our Knowledge Base article.

https://support.symantec.com/us/en/article.tech255857.html

From the way I read this, we no longer have to push out SEP 14.2 RU1 MP1 (14.2.4814.1101) in a hurry so that our Win7 and Server 2008 machines can then be patched…unless I’m reading this wrong.

-Mike

0

Related:

  • No Related Posts

Windows Updates on Win7 & 2008 and SEP – latest word.

I do not need a solution (just sharing information)

Anyone else get an email from their Symantec TAM such as this?

Hello Everyone,

Symantec has completed its evaluation of the impact of this update and future updates to Windows 7/Windows 2008 R2 and has determined that there is no increased risk of a false positive detection for all in-field versions of Symantec Endpoint Protection.

Microsoft KB4512506/KB4512486 and future updates can be safely installed and we are expecting the soft block on these updates to be removed on August 27th, 2019.

Symantec will continue to maintain the safety of these updates via content, but in order to return the client’s ability to gather SHA-2 information on Microsoft signed files, we recommend that one of these upgrades be applied:

SEP 14.2 RU1 MP1 (14.2.4814.1101) has been certified and is available for download via MySymantec.

SEP 14.2 RU1 (14.2.3357.1000) has been certified and is available upon request through Symantec Technical Support.

SEP 14.2 MP1 (14.2.1057.0103) has been certified and is available upon request through Symantec Technical Support.

These can be applied as part of any upcoming routine operational activities associated with maintaining Symantec Endpoint Protection.

All this is documented in our Knowledge Base article.

https://support.symantec.com/us/en/article.tech255857.html

From the way I read this, we no longer have to push out SEP 14.2 RU1 MP1 (14.2.4814.1101) in a hurry so that our Win7 and Server 2008 machines can then be patched…unless I’m reading this wrong.

-Mike

0

Related:

  • No Related Posts