Why SPE Doesn’t detect virus in Office files

I need a solution

Hi,

We as a user have a licensed version of SPE which we have installed in Windows Server 2012 Server.

We are using .Net Library of Symantec to send File for scanning. When we were testing out the solution we came to know that the Syamntec is not detecteing virus MS office files. We are using stand EICAR test files for the testing. Normal EICAR .txt files are dtected as a threat by syamntec and the ScanResult object gives out proper message.

But incase of EICAR MS Office files send to Symantec, server the responds as file not infected. The ScanResult object from Symantec says a proper connection to server is establised (ERR_CONN_SUCCESS) but just that file is not infected. The same file is flagged by my local laptop McAfee as infected.

Server Installed : Windows Server 2012

SPE Version : 8.0

In Symantec Console settings, set to scan all files & Bloodhound level is Medium

Could you please let us know what could be the possible issue over here and Could you also send out some Sample test file of all file types which can be tested.

It would be really great if you could respond ASAP, because our production deployment is waiting on this.

Thanks & Regads

Rahul S

0

Related:

Spotted “Chrome Elevation Service” Virus or Malware Please Help

I do not need a solution (just sharing information)

Hi Guys,

We have Symantec Endpoint Protection on our systems, however, looking through task manager I have found Elevation_Service.exe It is causing our laptops cpu usage to go up for no reason even though nothing is running in the task bar? We have run full system scans which took a couple hours and came out clean however I am still very concerned about it and wanted to ask other peoples opinions, Does it mean the chrome browsers have been hijacked? I have done some research and found out it is Google Chrome trying to do some sort of updates in the background causing load on the CPU. According to this site https://securedyou.com/what-is-google-chrome-elevation-service-exe/ I have followed what they suggested and got rid of it manually but it keeps coming back once you reboot the system? Any ideas or recommendations would be appreciated, can someone please confirm that this is not a virus and is harmless. Thank you

0

Related:

  • No Related Posts

Latest from Symantec shows “Information is currently unavailable” on the Endpoint Protection Manager Home page

I do not need a solution (just sharing information)

Latest from Symantec shows “Information is currently unavailable” on the Endpoint Protection Manager Home page

Known issue being investigated. Please subscribe to this KB for updates:

https://support.symantec.com/us/en/article.TECH257…?

0

Related:

Silent Uninstall For Tonight’s Removal

I need a solution

We recently aquired a customer who’s previous support used symantec.cloud, we worked with them to temp remove the uninstall password but for some reason the uninstall key listed in the registry did not work.

If someone could let us know how to mass deploy a silent uninstal it would most helpful as we lost our ability now to remove the uninstall password since it was curtesy of them and they dont want to remove the password for too long since it effects all of their clinets, and all I can find is the cleanwipe tool but for some reason it doesnt seem to have any built-in switches.

If Symantec does not have a way then we will have to remote into each individual machine large count and perform the uninstall manually, please help!

0

Related:

  • No Related Posts

Client Status is Off-line. Newly added client can’t have the license

I do not need a solution (just sharing information)

Symantec Endpoint Protection Manager (SEPM) reports that a Client Health State is “Off-Line” in status. It only started when I changed the workgroup name and add a user.

So what I did first as a solution is I uninstall the SEP software to each client, delete the client in the client group in SEPM (by deleting the client, it reduces the license “seat used”) and try to install again the SEP via Remote Push. It worked in one client but the rest are not. 

So what I did is I save the installer SEP package and manually install it to each client.

But since the Server Connection status to the SEPM is Not Connected to the SEPM, the newly added client does not show in the SEPM Client Group and it did not distribute its license, “Seat Used” number in the licensing details in SEPM is still the same.

(On the Symantec Endpoint Protection (SEP) client, the tray icon has a green dot. Within the client, under Help,Troubleshooting… > Server Connection Status, the client shows “Status: Not Connected.”)

I found a solution in the forum that I should perform Rebuild Indexes, but unfortunately, it does not work.

What would be some possible solutions? Cause it seems that my connection between SEPM and SEP is broken.

0

Related:

  • No Related Posts

Can’t purchase SEP?

I need a solution

Hi all.  Has anyone been able to order SEP any time in the past month?  As a Symantec partner, I do my SEP ordering at Ingram.  Ingram is unprepared for this Broadcom merger and they’re falling apart over there.  I have been nearly a month trying to place some orders for new customers.  These customers have purchased new computers as part of the Win 7 situation, and we’re having to deploy them WITHOUT ANY ENDPOINT SECURITY.   To say this situation is riduclous is an udnerstatement.  

When I do get a reply from Ingram, it was at first to say things like they are in training for the new procedures and have reduced staff etc. while adapting to tthe Broadcom stuff.  So I let it go a bit what with the holidays and all.  Inquiring further a couple weeks later, now I’m told they’re prioritizing renewals it seems at least to the end of January, so basically will not get my orders in anytime soon, and really in my mind who knows if Feb 1 we’ll just be told sorry we’re backed up for a nother month. 

What I find odd is that SEP will keep on functioning just fine whether you’re license is current or not, at least for 30 days or more.  So why not let existing customers continue as-is and fix up their licensing renewals later, and prioritize taking on new customers who, unless they’re loyal Symantec people like me, will end up moving elsewhere.   

So again I have business clients that are running computers without any form of endpoint security.  Am I the only Symantec partner finding this situation utterly idiotic?  . 

Also is there a Symantec parnter group on here?  The PartnerNet doens’t seem very active.  

Thanks!  

0

Related:

Encrypted mails by PGP server doesn’t go out via symantec messaging gateway.

I need a solution

Hi All,

We have a setup like below;

Client –> Exchange Server –> Symantec Encryption Management Server (aka PGP server) –> Symantec Messaging Gateway –> Internet.

The unencrypted emails are processed and going through as expected. No issues.

When I excrypt that message and send, It doesn’t go through. 

Is there something I need to do in my Messaging Gateway or PGP server? 

Please advise. 

Thanks

0

Related:

Symantec Endpoint Protection 14.2.1.1 (14.2 RU1 MP1) doesn’t patch to 14.2.2.0 (14.2 RU2)

I need a solution

Hello,

I wanted to update my Symantec 14 to 14.2 RU2. The starting version was 14.0.1 becaue I’m using Windows 10 64bit. I successively updated to newer versions which was successful till version 14.2.1.1 (14.2 RU1 MP1)  14.2.4814.1101 but when I run the patch to update to the newest version, hence, 14.2.2.0 (14.2 RU2) 14.2.5323.2000, it doesn’t work. The SEP_INST_PATCH.log shows the following output:

01/09 09:04:49.949 [ec]  SymDelta FileVersion: 14.0.0.0
 Log initialized: LogLevel=4 Log, Size=2097152, RotationCount=2
01/09 09:04:49.965 [ec]  (SymDelta::CSymDelta::invokeUnzip)  Inflating…\?C:UsersxxxAppDataLocalTemppft34D4.tmpPatch.dax
01/09 09:04:50.684 [ec]  (SymDelta::CSymDelta::invokeUnzip)     UnZipTask took (milliseconds): 703
01/09 09:04:50.684 [ec]  (SymDelta::CSymDelta::PerformApplyDelta) Performing [ XDELTA3 – Apply Delta ]
01/09 09:04:50.699 [ec]  (SymDelta::CXDeltaTool::Apply) Dir: \?C:ProgramDataSymantecSymantec Endpoint Protection14.2.4814.1101.105DataCached Installs
01/09 09:04:50.699 [ec]  (ApplyPackage) Apply package command line: “DummyXdeltaPath” -d -s %src% %patch% %out%
01/09 09:04:50.699 [121fc]  (LaunchXDeltaInternalAndWait) Launching: “DummyXdeltaPath” -d -s “\?C:ProgramDataSymantecSymantec Endpoint Protection14.2.4814.1101.105DataCached InstallsSetup.exe” “C:UsersxxxAppDataLocalTempSymDelta_65416Patch.dax.tmpSetup.exe.DIFF” “\?C:UsersxxxAppDataLocalTemppft34D4.tmpSmcLUSetup.exe”:
01/09 09:04:50.746 [121fc]  (LaunchXDeltaInternalAndWait) Launching: “DummyXdeltaPath” -d -s “\?C:ProgramDataSymantecSymantec Endpoint Protection14.2.4814.1101.105DataCached Installsdcsagent.cab” “C:UsersxxxAppDataLocalTempSymDelta_65416Patch.dax.tmpdcsagent.cab.DIFF” “\?C:UsersxxxAppDataLocalTemppft34D4.tmpSmcLUdcsagent.cab”:
01/09 09:04:50.949 [121fc]  (LaunchXDeltaInternalAndWait) Launching: “DummyXdeltaPath” -d -s “\?C:ProgramDataSymantecSymantec Endpoint Protection14.2.4814.1101.105DataCached InstallsSep64.msi” “C:UsersxxxAppDataLocalTempSymDelta_65416Patch.dax.tmpSep64.msi.DIFF” “\?C:UsersxxxAppDataLocalTemppft34D4.tmpSmcLUSep64.msi”:
01/09 09:04:51.152 [121fc]  (CDeltaApplyThread::run) 74236 \?C:ProgramDataSymantecSymantec Endpoint Protection14.2.4814.1101.105DataCached Installssep_NE.slf CRC match failed.
01/09 09:04:51.152 [ec]  (SymDelta::CXDeltaTool::Apply)     Return Code: 31
01/09 09:04:51.152 [ec]  (SymDelta::CSymDelta::processDirs) ApplyDelta Operation failed.

What’s the problem?

0

Related:

When will the Google Chrome v78/79 “Aw Snap” issue be fixed (not worked-around)?

I do not need a solution (just sharing information)

Hi,

I know Symantec has release the following workaround – https://support.symantec.com/us/en/article.tech256047.html – for the Google Chrome 78/79 ‘Aw Snap…’ issue.

I also noticed that SEP 14.2 RU2 was released on November 12, 2019, and the release notes don’t mention this issue been fixed.

When does SEP plan to address this issue?

Thanks

0

Related:

  • No Related Posts