Dear Experts , Can you please let me know does disabling/ uninstalling the Autolog on feature on the preboot screen of Windows, decrypt the Encryption by any chance? I am updated with the information that it does not decrypt the machine’s encryption. However it will be helpful if you can provide me a knowledge Base Article from the Symantec support which states regarding the Autologon feature and does it Decrypt the drive or the encryption still remains in the computer . Thanks you . Regards, Pritam Chakraborty
Can the management centre send a Radius attribute “AVP” to the Radius server? I mean in the Radius Authentication Request? ideally, I would like the Management Centre to send the IP address of the user device supplying the username and password on the Management Centres login page, which in turn will be sent to the Radius server.
So ideally, the MC should send the following to the Radius server: “username+password+the IP address of the device of the user trying to authenticate”.
there is a NetApp NFS file share that needs to be scanned and all the files classified (add meta data, visual tags, etc.) based on content. Can ICT connect to and scan NFS shares hosted on NetApp? would it need DLP Network Discover to perform the scanning? I know Network Discover is supposed to be abel to connect to and scan NFS shared, but I have never done it.
We are in a trial of the cloud based enterprise SEP 15 (SES). I cannot get any rfirewall ules to apply. I have a firewall policy assigned. I creeated a new rule at the top of all the rules to block all ICMP rule atest if the rules apply and none do. SEP is in control of the 3 categoires expected under netsh advfirewall show global but no SEP firewal rules work.
If I change the rule to not diasable windows filrewall then Windows blocks ICMP as expected.
When I turn back on SEP firewall policy its rules do not go into affect.
We use SEP SBE in production and that firewall works as expected.
we are perplexed, any ideas?
Following the update to Symantec Endpoint Protection 14.2 RU2 MP1 version, when I send my package in push mode on my non-administrator win 10 clients, once the client is updated, they get the window to be able to push the update or restart the set but no button is active, although it can be seen flashing.
The only way to make the window disappear is to go through windows, restart.
No worries in administrator mode!
Is this a bug?
Thanks for your feedback
We as a user have a licensed version of SPE which we have installed in Windows Server 2012 Server.
We are using .Net Library of Symantec to send File for scanning. When we were testing out the solution we came to know that the Syamntec is not detecteing virus MS office files. We are using stand EICAR test files for the testing. Normal EICAR .txt files are dtected as a threat by syamntec and the ScanResult object gives out proper message.
But incase of EICAR MS Office files send to Symantec, server the responds as file not infected. The ScanResult object from Symantec says a proper connection to server is establised (ERR_CONN_SUCCESS) but just that file is not infected. The same file is flagged by my local laptop McAfee as infected.
Server Installed : Windows Server 2012
SPE Version : 8.0
In Symantec Console settings, set to scan all files & Bloodhound level is Medium
Could you please let us know what could be the possible issue over here and Could you also send out some Sample test file of all file types which can be tested.
It would be really great if you could respond ASAP, because our production deployment is waiting on this.
Thanks & Regads
according to Symantec KB, a “TCP Tunnel” service with Detect protocol enabled should be equivalent to “SSL Proxy” service when encountering SSL traffic:
Yet the behavior is confusing in the following scenario:
– SSL intercept on exception is enabled (the default)
– TCP Tunnel on port 443 with Detect protocol enabled
– Category “Technology/Internet” is set to Deny in web access policy (this is just an example)
– web site https://veracompadria.com is categorized as “Technology/Internet” and its IP adress has the same category, too.
When accessing the web site, the proxy manages to perform intercept on exception and return HTTP response 403 (denied) to the client, which is expected.
However, the exception template returned is not the HTML data for HTTP traffic but rather the exception text used for all protocols: “$(exception.id): $(exception.details)”. This is a very basic message omitting any HTML code we usually return to the user. So, the proxy performs full interception and is able to return HTTP(S) response to the client, but it incorrectly uses the exception template for all protocols (without the html).
Furthermore, if the site above were not categorized as “Technology/Internet” for its *IP address* (but was categorized on url level), the proxy would have returned the full HTTP exception with HTML i.e. “$(exception.format)”
This is completely unexpected behavior. What should be done to get expected HTML exception for https traffic in such cases? I know that reverting to SSL Proxy instead of TCP tunnel would “solve” the problem, but that’s not possible for this customer due to other apps not tolerating “SSL proxy” service only.
any insights appreciated.
Above is the expected exception with HTML, below is the unexpected exception.
I have generated a new client to push manually to several systems. Our companies requirements dictate that this be a completely silent install, which with /QN should not be an issue.
We have done it plenty of times in the past. But with this newest client, no matter what command line options I use, for example, Setup.exe /qn /L*V C:log.txt
Nothing happens. Ever. But if I just type setup.exe poof it is off and running with minimal gui. I have tried all manner of the command line switches, alone and in groups.. it never runs on any test boxes, with any of them.
What am I doing wrong?
Gartner in last report about EPP solution wrote about SEP:
Symantec EDR is missing advanced functions for large enterprise customers, such as case management workflow, remote shell response function (due 1Q20) and rapid pivot capabilities from one query to another. EDR does not provide blocking rules although automated actions can be scripted for specific detections. The user interface lacks guided investigation tips or contextual information, which makes it difficult to use for mainstream buyers. EDR and SEP are different management consoles.
What are these blocking rules?