Devices randmoly added to mutiple filters

I need a solution

We have seen over the past couple of months for no reason a device will all of a sudden be added to 10 different filters and start installing software they never requested. At first I blamed our techs for picking the wrong device but after digging into it more I cannot find that anyone even modified the filters that the device is now in, the only way to clear the issue up is to delete the device out of altiris and let it re added its self without all of the filter memberships and have someone uninstall all of the software.

The first started occering after the release of RU5 and we are now using ru7. Its not on a large scale either, out of 10k endpoints maybe seen it on 10 devices. I have tried to do audits on the devices but I get limited info on when or why this device got that added to that filter, anyone seen this before?

0

Related:

  • No Related Posts

Can CAS filter custom content?

I need a solution

I’m looking for a way to filter text strings in content returned from HTTP servers, much like DLP does but for inbound traffic using ICAP RESPMOD.

Since CAS uses RESPMOD and is designed to detect and filter content, can I configure custom strings or regex to filter inbound content? It seems the right place to do this but I can’t find such a feature in CAS 1.3 – is such a thing available in 2.x?

Thanks

0

Related:

  • No Related Posts

Custom Reporter Fields/Filters not showing up in Management Center

I need a solution

I have edited the Reporter dbfields.cfg file to enable the ‘cs_uri_path’ as a filterable option and can now see it as an option in the Reporter GUI, but when looking in the Reports section on Management Center, the filter is not present. Is there anyway it can be enabled or synced to Management Center so the filters match what is shown on the Reporter?

0

Related:

  • No Related Posts

Scheduled Reports Bug

I need a solution

Hi All, we have two Scheduled Reports created by one of our admins. The two reports are using a filter, basically filtering Workstations and Servers into 2 reports. The filter is based on the clients Group location in SEPM.

What we havenoticed is that when the reports is sent to the distribution list of admins (admins email addresses listed in the send to field), the filter is not applying, in that all clients (Workstations and Servers) are appearing in the reports, so there is not separation of workstations and servers. We basically get 2 identical reports.

Also we have noticed that when anyone other that the admin that created the report the 2 reports filters shows as default, not the name of the filter that the creator of the report name the filter.

Has anyone else experienced this issue and have you found a solution or is it a known bug that Symantec need to resolve?

SEPM Version 14.0 RU1 MP1

TIA

0

Related:

  • No Related Posts

Advanced Filters – How to apply a “Contains None Of” Filter DLP 12.5

I need a solution

I’m attempting to create a report that filters out several different email address domains; each domain is for a different part of the customers’ company. However I can’t seem to figure out how to make it check for the email domains from a list; I can’t use ‘Does Not Contain Ignore Case’ because it won’t accept a list, and I can’t use ‘Is None Of’ because I don’t know the exact full emails that I want to exclude. If a ‘Contains None Of’ filter was possible then it would fix my issue; is there any way I can achieve this?

Any help would be greatly appreciated!

0

Related:

Help creating a filter with model and bios version

I need a solution

I have this filter built that pulls based on model name, works fine.

SELECT
   [vri1_Computer].[Guid],
   [vri1_Computer].[Name]
FROM
   [vRM_Computer_Item] AS [vri1_Computer]
      LEFT OUTER JOIN [Inv_HW_Logical_Device] AS [dca2_HW Logical Device]
         ON ([vri1_Computer].[Guid] = [dca2_HW Logical Device].[_ResourceGuid])
WHERE
   (
      (
         ([dca2_HW Logical Device].[Model] LIKE N'Latitude 5480')
      )
   )

Can someone help me expand it to be something like “model like Latitude 5480” and BIOS Not like 1.8.1?  I’m trying to plan mitigation for Spectre/Meltdown as discussed here.

0

1515518778

Related:

  • No Related Posts