Peer-to-peer authentication

I need a solution

Hi all!

We have Symantec Endpoint Protection v 14.2.4815 on our endpoints. I’m trying to configure peer-to-peer authentication on some servers, to prevent network connection from hosts without Symantec.

When I activate firewall policy with “peer-to-peer authentication” enabled on that server, it begins to block all traffic from hosts that are not excluded,  even if SEP is installed on them and host integrity check is passed. 

Am I doing something wrong, or peer-to-peer authentication works in different manner?

Thanks in advance.

Elvin

0

Related:

SEP installer for Mac OS X Catalina fails

I need a solution

Hi,

we are testing the new SEP 14.2.2MP1 and the installer for Catalina keeps giving me an error ‘The application “Symantec Endpoint Protection Installer” can’t be opened’. I checked in ‘System Preferences|Security & Privacy’ if the installer needs special permission but it is not listed there. Anyone else has seen this issue and how can it be resolved?

Thanks

0

Related:

Endpoint Protection Manager 14.2 starts to report Unexepected Server Errors

I do not need a solution (just sharing information)

Failed to read C:Program Files (x86)SymantecSymantec Endpoint Protection Managertomcattempthreatcon.zip

This is under investigation. Please subscribe to the following KB for updates.

https://support.symantec.com/us/en/article.TECH257…?

0

Related:

Comparison of every Symantec Features with Next Gen AV

I do not need a solution (just sharing information)

Hello,

I am doing a comparision of security features of Symantec Endpoinnt Protection which in On Prem. It is somewhat difficult to compare each element of Symantec Endpoint Protection On-Prem.

I would be comparing Symantec Endpoint Protection with Next Gen Antivirus (Both EPP + EDR), currently we are Symantec Shop only with End point protection not with Symantec ATP.

Does anyone could help me with proper document which should have all the featurs from Symantec Endpoint Protection with description of the same so it could help me to compare with Next Gen AV.

Basically it would be a topic of coming out from Traditionl Antivurs and to move to Next Gen AV, but I am personally with the opinion of having Traditional Antivirus with Next Gen EDR

Any Document or reference could help me to take the discussion further.

0

Related:

Can Symantec Endpoint Protection 14.2 be installed and work offline?

I do not need a solution (just sharing information)

Hi Everyone,

I would like to install Symantec Endpoint Protection on our computers in local network, but we mustn’t connect anyone to internet anytime now and later. Is it possible to install SEPM, deploy clients on other computers this way without any interferences? Can SEP work offline? Do we need to uninstall LiveUpdate while doing that or is it necessary to work with .jdb files and working with other nodes? Are there any other tips i need to know?
 

Thanks in advance for answers

0

Related:

Reputation check for unproven files failed because of network errors for the last 3 days

I need a solution

Hi,

We have Client Server topology for Symantec Endpoint Protection Server 14.1 

One of the lcient is getting “Reputation check for unproven files failed because of network errors for the last 3 days.” the client contains sensitive info and is not connected to the internet. I was reading online that for Reputation Check, you need access to the internet. 

The client has no internet connectivity. What should I do to get rid of this error?

Thanks

Jamshed

0

Related:

SECURITY at RISK in combination with SEP and App volumes VmWare + Slow login/app performance. 

I need a solution

We`ve been troubleshooting slow login and poor application performance on our Non Persistent VDI for a while now. App Volumes and Symantec Endpoint Protection 14.x doesn`t seem to like each other.

Without a SEP client installed everything is performing well and user experience feels like a persistent VDI. When SEP is installed including all obvious exceptions and even using the virtual image exception tool no significant change in performance is noticed. We`ve been testing all scenario`s disabling components of SEP. Only disabling “Application & Device Control” seems to improve login and application performance.

By accident we found out that SEP didn’t work at all !! Everything looked fine from SEPM and SEP side.The SEP GUI indicated that there were no problems detected “Your computer is protected”, but stopping and then starting the smc.exe resulted in a crash. It may seem that the service is running, but in reality the Symantec client has crashed see image below. The only way to start the SEP client was rebooting. We also saw that a simple EICAR test virus was not detected even when the SEP client was running and the GUI indicating that the computer was protected. Then we discovered that this behavior only occurs when an app stack is attached. 

With the knowledge we had that this behavior only occurs when an app stack is attached, we added exceptions for Symantec in the snapvol.cfg of the App Stack. These exceptions have solved the problem that the client could be restarted/stopped and also a EICAR test virus was detected again. 

Since Symantec is working now we see better startup times of thinapps in an app stack . Login times unfortunately not. We declared all the collected log files to be unreliable before the exceptions in snapvol.cfg, because the SEPclient did not work at all. And so we believe that specific non-persistent SEP policies and exceptions may not have worked at all.  We collected a large set of logs and offered it to Symantec for a second review. 

Another Interesting fact that is noticed by ‘Scarlito’ on the VMware forum (see link at the end of this post) is that this problem only appears after I applying Microsoft Security KB4056897 or later (and of course, with SEP agent installed and AppStacks mounted)

This means the problem is not only with SEP + AppVolumes, but SEP + AppVolumes + MS Updates (starting january 2018 and all the Intel security breaches fixes).

If I remove ANY ONE of these 3 elements, everything works well.

Until now, no Monthly security updates from Microsoft has solved anything.

These are the standard exceptions in the snapvol.cfg:

>

exclude_path=ProgramDataSymantec
exclude_path=Program FilesSymantec
exclude_path=Program FilesCommon FilesSymantec
exclude_path=Program Files (x86)Symantec
exclude_path=Program Files (x86)Common FilesSymantec

These are the custom exceptions we added to the snapvol.cfg:

Disclaimer: I would like to warn you and everyone else that this is at your own risk. On the other hand, without these exclusions the virus scanner probably didn’t work at all !

For validation of these exceptions we opened a PR at VMware. Please report to VMware if you’re facing the same problem. 

>

# Custom Exclusion Symantec Performance Issues

exclude_registry=REGISTRYMACHINESOFTWARESymantec
exclude_registry=REGISTRYMACHINESOFTWAREWow6432NodeSymantec

exclude_registry=REGISTRYMACHINESYSTEMControlSet001servicesBHDrvx64
exclude_registry=REGISTRYMACHINESYSTEMControlSet001serviceseeCtrl
exclude_registry=REGISTRYMACHINESYSTEMControlSet001servicesEraserUtilRebootDrv
exclude_registry=REGISTRYMACHINESYSTEMControlSet001servicesIDSVia64
exclude_registry=REGISTRYMACHINESYSTEMControlSet001servicesSepMasterService
exclude_registry=REGISTRYMACHINESYSTEMControlSet001servicesSNAC
exclude_registry=REGISTRYMACHINESYSTEMControlSet001servicesSRTSP
exclude_registry=REGISTRYMACHINESYSTEMControlSet001servicesSRTSPX
exclude_registry=REGISTRYMACHINESYSTEMControlSet001servicesSyDvCrtl
exclude_registry=REGISTRYMACHINESYSTEMControlSet001servicesSymEFASI
exclude_registry=REGISTRYMACHINESYSTEMControlSet001servicesSymELAM
exclude_registry=REGISTRYMACHINESYSTEMControlSet001servicesSymEvent
exclude_registry=REGISTRYMACHINESYSTEMControlSet001servicesSymIRON
exclude_registry=REGISTRYMACHINESYSTEMControlSet001servicesSYMNETS
exclude_registry=REGISTRYMACHINESYSTEMControlSet001servicesSysMain
exclude_registry=REGISTRYMACHINESYSTEMControlSet001servicesSysPlant
exclude_registry=REGISTRYMACHINESYSTEMControlSet001servicesTeefer2

exclude_registry=REGISTRYMACHINESYSTEMControlSet001servicesEventlogApplicationSymantec Antivirus
exclude_registry=REGISTRYMACHINESYSTEMControlSet001servicesEventlogApplicationSymantec Endpoint Protection
exclude_registry=REGISTRYMACHINESYSTEMControlSet001servicesEventlogApplicationSymantec Network Protection
exclude_registry=REGISTRYMACHINESYSTEMControlSet001servicesEventlogApplicationSymantec WSS Traffic Redirection
exclude_registry=REGISTRYMACHINESYSTEMControlSet001servicesEventlogSymantec Endpoint Protection Client

exclude_path=Program FilesCommon FilesSymantec Shared
exclude_path=Program Files (x86)Common FilesSymantec Shared

exclude_process_name=ccSvcHst.exe
exclude_process_name=SmcGui.exe
exclude_process_name=SISIDSService.exe
exclude_process_name=SISIPSService.exe
exclude_process_name=SISIPSUtil.exe
exclude_process_name=sepWscSvc64.exe

>

This is the link of the topic we posted on the VMware forum. 

https://communities.vmware.com/thread/617203

I’m curious if there are more people who have this problem. Hopefully this post has also made people aware of the fact that their security may not function without them noticing. 

Currently we have cases for these problems ongoing at Symantec and Vmware

0

Related: