Showing posts with label Anti Virus. Show all posts
Showing posts with label Anti Virus. Show all posts

Sunday 3 July 2016

What is difference between managed SEP Client and Unmanaged SEP Client?

Or, Difference between managed and unmanaged AV package in Symantec Endpoint Protection.
Unmanaged SEP Clients:
1. Take definition updates from Internet (Symantec’s public update distribution server).
2. It does not communicate with management server, so you will not be having it listed in your
management server console AV clients list. Due to this Administrator can’t manage this type of clients
3. End users have full access of all features of the AV agent installed for them and perform all administrative actions locally with no restrictions.

Managed SEP Clients:
1. Take definition updates from local SEPM management server.
2. It communicates with management server, so you will be having it listed in your management server console AV clients list. Due to this Administrator can manage this type of clients and apply any policy or restrictions centrally.
3. End users have limited, restricted or administrator defined access of all the features of the AV agent installed for them and can perform only allowed actions locally within administrator defined restrictions.

Cheers, please write me back if you have query of feedback on this.

How to create AV client package using Symantec Endpoint Protection Manager Server?

Or, How to create Managed or Unmanaged AV clients package in Symantec Endpoint Protection Manager Server?
Or, How to create standalone AV client package in SEPM (Symantec Endpoint Protection Manager)?
Or, Creating AV client package in Symantec Endpoint Protection Manager server.

Descriptions: There are two type AV package you can create using Symantec Endpoint Protection Manager, Managed AV Package and Unmanaged AV package.
AV clients installed with Managed AV package, will take update from Symantec Endpoint Protection Manager Server or Management Server whereas, the AV clients installed with unManaged AV package will take update from Internet (Symantec's public update distribution server).

Steps:
1. Login to SEPM Server console > Go to Admin > Click on Install Packages > Select Client Install Package > Right Click on any of the package template > Click Export














2. Choose the path to save the package file > Enable check mark on “Create a single .EXE file for this package” > Select appropriate installation settings and features > Select the contents you need> Under Export settings option, choose the type of package you need (Managed or unmanaged package) > Select the AV Group > Click on OK
















3. Wait for the package file to be exported completely and you are done.

Friday 1 July 2016

Upgrading Symantec Endpoint protection Manager 12.1 RU6 MP4 to 12.1 RU6 MP5

Or, How to upgrade Symantec Endpoint Protection Manager Server?
Or, Step by step Upgrade guide for Symantec Endpoint Protection Manager (SEPM).

Descriptions: This article will guide you through “How to upgrade the Symantec Endpoint Protection Manager” and what all the prerequisites you should be having before proceeding to upgrade your SEPM server.  Upgrading SEPM is not just about upgrading the Server; you will have to upgrade the SEP clients as well. This is well explained in my other article “How to auto upgrade Symantec clients after upgrading SEPM Server?”…


Prerequisites:
1. Download RU6 version from below Symantec URL (better to download full version):











2. If you are running this SEPM server on Virtual Machine, please take a snapshot (http://www.techiessphere.com/2016/06/how-to-take-vms-snapshot-and-restore-vm.html ).
If using on physical machine, please take backup of following files before you start with SEPM upgrade:

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\apache\conf











3. You can pick any of the latest file from below path:
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\Server Private Key Backup








4. You can pick any of the latest Backup File from below path:
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\data\backup








5. Overview of prerequisites (you must have with you), have a look:








Upgrade Steps:
1. Open Services.msc (go to RUN > type Services.msc > Hit Enter).
















2. First Stop, Symantec Endpoint protection Manager Service, then stop all other SEPM related Services.








3. Now Run the Setup.exe (do Run as Administrator) of latest downloaded SEPM Installation Package.













4. Click Yes, If UAC prompted.















5. Click on “Install Symantec Endpoint Protection



















6. Click Next

















7. Click Next

















8. Check on “I accept the terms in the license agreement” > Click Next

















9. Click Next (if you want to take Database Backup again, you can do it from here as well).

















10. Click Next

















11. Wait for the Installation to be completed, this may take several minutes.
















12. Click Next

















13. Click Next


















14. Check on “Run LiveUpdate during upgrade” > Click Next


















15. Wait for the Server Upgrade Process to be completed.


















16. Click Next


















17. Once the Upgrade Completed, you will be able to see the below “Upgrade Succeeded” windows        > Click on Finish


















18. Launch Your SEPM Server Console > Login with your ID and Password to see if everything is working fine.






















19. If you login to the SEPM server console just after completing the Upgrade, the AV client update status will be appearing like below.










IMP Note: The Second stage is to schedule automatic upgrade of all SEP agents across the organization. You can check this below article to know how to schedule automatic update all SEP agent across the organization (This is must to do activity after upgrading SEPM server).

Article: How to Deploy Auto Upgrade of Symantec Endpoint Clients?)

Cheers! Let me know if you have any query of feedback on this.

Thursday 30 June 2016

How to deploy auto upgrade of Symantec Endpoint Clients?

Or, Schedule auto upgrade of SEP clients after upgrading the SEPM server.
Or, How to upgrade Symantec Endpoint Clients centrally across organization after upgrading SEPM server?

Scenario Descriptions: You want to upgrade Symantec Endpoint Protection 12.1 clients after upgrading the Symantec Endpoint Protection Manager Server.
Steps:
1. Login to SEPM server > Go to Admin tab > Click on Install Packages


















2. Click on Client Install Package > Select the Latest Package and version of the package you need (in my case, its Windows 64Bit) > Click on “Upgrade Clients with Package










3. Click Next





















4. Select the Appropriate package (Make sure its latest one) > Click Next





















5. Select the AV Groups you want to cover in this auto upgrade (I have deselected my Server’s Group, as I will be doing it manually for some internal reasons) > Click Next





















6. Check on “Download from the management server” > Click on “Upgrade Settings” > Do the settings you wish as per your organizational requirements > Click Next to proceed further.





















7. If upgrade warning appears like below, Click on Yes > Click on Next





















8. Click Finish





















Cheers friends, Please write me back if you have any query or feed on this.

Sunday 26 June 2016

Kaspersky Endpoint Security error “database is corrupted”

Troubleshooting Steps-

1. Open Services (In Run command line type: services.msc) (If on your own pc, you can  check the pc in question by clicking “Action”, then “Connect to another computer…”,  then typing in the computer name of the pc you want to check).
2. Check both Kaspersky Endpoint Security Service and Kaspersky Lab Network Agent are  running .(Stop here if it works else follow the next step)
3. Go to Event viewer to Check for corrupted file in Kaspersky.
4. Delete corrupted files found in Kaspersky event viewer. (When deleting the corrupted    files, also delete the backup files with the similar name. It will start with a “~” before the  file name.
5. Verify that you have deleted all of the corrupted files.
6. Clear Kaspersky Event Log by Right clicking Kaspersky Event Log, click Clear Log…
7. Restart the Kaspersky services
8. Wait. The deleted corrupted files will be rebuilt immediately. However, updates runs automatically every hour(approximately). 

Monday 13 June 2016

OS Attack: GNU Bash CVE-2014-6271 attack blocked (Symantec AV)

Or, [SID: 27907] OS Attack: GNU Bash CVE-2014-6271 attack blocked. Traffic has been blocked for this application: SYSTEM
Or, Windows Event Log - Symantec Endpoint Protection "[SID: 27907] OS Attack: GNU Bash CVE-2014-6271 attack blocked. Traffic has been blocked for this application: SYSTEM".

Description:
This error event log occurs when you have Network Threat Protection component installed. When AV agent detects any unwanted or suspicious traffic from any IP/URL, it blocks whole traffic for approximately 10 minutes on the machine, coming from any IP/URL.


To avoid this type of issues/errors, you may think of following:
1. Delete any unwanted IPs assigned to the affected machine. Sometime people assigns multiple IP to one computer which may lead to this kind of issues.
2. Update windows patches completely, no security or critical updates should be left un-patched.
3. If this issue is occurring on server which is already protected by multiple layer of security like,           Firewall, Proxy filtering, etc.… you can think of removing the Network Threat Protection                  component. But, please understand the risk properly before doing it.

Few reference KBs must to check..
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=27907
https://www.symantec.com/security_response/vulnerability.jsp?bid=70103
http://www.symantec.com/connect/forums/recurring-message-cve-2014-6271

Please write me back if you have any query or feedback.. Cheers!!!

Friday 26 February 2016

How to Configure SMTP Settings in Symantec Endpoint Protection Manager?

Or,  How to Configure Email Notification in Symantec Endpoint Protection Manager?

Or, SEPM Server SMTP Configurations


Steps:
>> Login to SEPM Console with Admin Privilege 
>> Go to Admin (left menu bar bottom) 
>> Click on Servers 
>> Click on Edit the Server Properties under Tasks 
>> Click on Email Server Tab 
>> Provide all the necessary details here and Test the email flow.

Reference screenshot is given below:


How to configure logs settings in Symantec Endpoint Protection Manager (SEPM)?

Or, How to Change Logs Settings in Symantec Endpoint Protection Manager to keep 30 days, 60 days, 90 days or xyz days logs in server?


1In the SEPM console, click on Admin
2. Scroll down to lower left and click on Servers.
3Select Local Database or the Choose any Database you want to configure for logging.
4Under Tasks click on Edit Database Properties.
5. On the Log Settings tab (as highlighted below), set the number of entries and number of days to keep log entries for each type of log and Click on OK