Earthlink

Symantec Connect - Security - Discussions http://www.symantec.com/connect/security/forums/feed en SEP 11.05 Client install has no progress on SBS 2008 http://www.symantec.com/connect/forums/sep-1105-client-install-has-no-progress-sbs-2008 We are setting up a new SBS 2008 server.  We are using SEP 11.05  SEPM installed flawlessly and works well on the server. When we go to install SEP (64bit) the installation process just sits there.  The SEP_INST.log file is only at 1kb and goes no further.   There are no entries in the Event Viewer about any installation process starting or failing. I am baffled by this behavior.  I have checked for the Pending registry keys of which there are none.  UAC is turned off.  I have tried server reboots and it still will not install. I look forward to some ideas and a solution. <div class="og_rss_groups"></div> http://www.symantec.com/connect/forums/sep-1105-client-install-has-no-progress-sbs-2008#comments 11.x Endpoint Protection (AntiVirus) Installing Windows Troubleshooting Security Sat, 20 Mar 2010 22:20:29 +0000 REBOOTWNY 1250951 at http://www.symantec.com/connect Scan omissions http://www.symantec.com/connect/forums/scan-omissions Can someone explain to me why there are scan omissions during scheduled FULL scans? I understand there is an issue with busy and or compressed files. For example, on a client one scheduled scan reported 2,848,810 files and the other 1,085,105 files; a difference of 1.7 million files!? Thanks! <div class="og_rss_groups"></div> http://www.symantec.com/connect/forums/scan-omissions#comments 11.x Endpoint Protection (AntiVirus) Documentation Reporting Security Sat, 20 Mar 2010 18:17:14 +0000 rickd 1250901 at http://www.symantec.com/connect Can not get Chat support / Norton file error 1316 http://www.symantec.com/connect/forums/can-not-get-chat-support-norton-file-error-1316 I tried to do a chat, but the file they had me to download will not install.  File nae: SymADataWeb.msi Give me Error 1316 network error I are ran in administrator mode, and I have unblocked, I have turned antivirus and fire wall off and still get same error. <div class="og_rss_groups"></div> http://www.symantec.com/connect/forums/can-not-get-chat-support-norton-file-error-1316#comments Security Information Manager Error messages Troubleshooting Security Sat, 20 Mar 2010 17:36:09 +0000 alpine4133 1250881 at http://www.symantec.com/connect Combined Message Queue Size http://www.symantec.com/connect/forums/combined-message-queue-size Dear Adnan Thanks your valuable support. ************************************** Please find a mail that I recived from SBG. ----- Original Message ----- From: <a class="moz-txt-link-rfc2396E" href="mailto:postmaster@kfupm.edu.sa"><postmaster@kfupm.edu.sa></a> To: <a class="moz-txt-link-rfc2396E" href="mailto:postmaster@kfupm.edu.sa"><postmaster@kfupm.edu.sa></a> Sent: Saturday, March 20, 2010 1:34 PM Subject: Symantec Brightmail Gateway Alert Notification <blockquote type="cite"> Symantec Brightmail Gateway Alert Notification for <a class="moz-txt-link-abbreviated" href="mailto:postmaster@kfupm.edu.sa">postmaster@kfupm.edu.sa</a> ======================= ALERT NOTIFICATION ================================ The combined message queue for the following Scanners is larger than 1048576 KB Scanner                  Combined Message Queue Size (KB) --------------------------------------------------------------------------- antispam2.kfupm.edu.sa   1069635 --------------------------------------------------------------------------- =========================================================================== PLEASE DO NOT REPLY TO THIS MESSAGE. This email was sent from a notification-only address that cannot accept incoming e-mail.</blockquote> *************************************** Is it an error or a notification only.? Kindlu update <div class="og_rss_groups"></div> http://www.symantec.com/connect/forums/combined-message-queue-size#comments Brightmail Gateway Security Sat, 20 Mar 2010 13:25:16 +0000 Ashruakkode 1250851 at http://www.symantec.com/connect SEP 11 "Installation Interrupted" http://www.symantec.com/connect/forums/sep-11-installation-interrupted I am attempting to install Endpoint version 11 on my home computer (licensed for civilian home use by the Department of Defense). I have attempted several of the fixes posted in other forums. Any help that you can provide would be much appreciated! <div class="item-list"><ul class="attachment-list"><li class="first last"><a href="http://www.symantec.com/connect/sites/default/files/SEP_INST.pdf">SEP_INST.pdf</a></li> </ul></div><div class="og_rss_groups"></div> http://www.symantec.com/connect/forums/sep-11-installation-interrupted#comments Endpoint Protection (AntiVirus) Security Sat, 20 Mar 2010 11:53:06 +0000 sixpence 1250831 at http://www.symantec.com/connect SEP clients are not reflecting under replication server http://www.symantec.com/connect/forums/sep-clients-are-not-reflecting-under-replication-server Hi all, SEP clients are directly taking updated from main management server. How to point same to replication serevr. <div class="og_rss_groups"></div> http://www.symantec.com/connect/forums/sep-clients-are-not-reflecting-under-replication-server#comments 11.x Endpoint Protection (AntiVirus) Security Sat, 20 Mar 2010 07:25:04 +0000 sanoj 1250801 at http://www.symantec.com/connect Qurantine message release problem http://www.symantec.com/connect/forums/qurantine-message-release-problem Dear Adnan When we try to release our quarantied messages,we were not able to release massages and have been getting the following error <img alt="" src="https://antispam.kfupm.edu.sa:41443/brightmail/images/Icon_Warning.gif" /><img alt="" height="1" src="https://antispam.kfupm.edu.sa:41443/brightmail/images/Spacer.gif" width="3" /> Cannot release the message. It has either been released or was unable to contact the SMTP host. Kindly help Regards Ashraf <div class="og_rss_groups"></div> http://www.symantec.com/connect/forums/qurantine-message-release-problem#comments 11.x Endpoint Protection (AntiVirus) Security Sat, 20 Mar 2010 07:20:24 +0000 Ashruakkode 1250791 at http://www.symantec.com/connect File Hash from SEP 11... http://www.symantec.com/connect/forums/file-hash-sep-11 How do I convert a file hash from sep 11? I am part of an operation where sometimes SEP 11 fails to log the file name for one reason or another. I would like to know how to convert the file hash accordingly thus getting a file name. Thanks. Brian <div class="og_rss_groups"></div> http://www.symantec.com/connect/forums/file-hash-sep-11#comments Endpoint Protection Small Business Security Sat, 20 Mar 2010 05:56:23 +0000 ekopalm 1250771 at http://www.symantec.com/connect SEP State Event Collector: Invalid Date Alert http://www.symantec.com/connect/forums/sep-state-event-collector-invalid-date-alert Some of the events I receive from SEP State Event Collector generate an invalid date error, showing this as the Original Event Date: Original Event Date -- Thu Jan 01 00:00:00 PST 1970 Has anyone else seen an issue like this? <div class="og_rss_groups"></div> http://www.symantec.com/connect/forums/sep-state-event-collector-invalid-date-alert#comments Security Information Manager Security Sat, 20 Mar 2010 01:59:28 +0000 UltraMagnus 1250711 at http://www.symantec.com/connect Question About SEPM Manager Logs - Network Attack? http://www.symantec.com/connect/forums/question-about-sepm-manager-logs-network-attack So, It seems I have a "trojan" on my computer that SEP is not picking up on one of my local computers, but SEPM is logging and notifying me regarding the attack.  Eventually the continuous probing / scanning of ports blocks the client computer out of existance for awhile, then back online-- unfortunately this annoyance blocks the client computer from accessing network features + shared resources (printers network drives etc)  -- here is a log detail generated by sepm monitor.   <table border="0" width="500"> <tbody> <tr> <td valign="top" width="125"> Event Description:</td> <td class="Menue" width="375"> Somebody is scanning your computer. Your computer's UDP ports: 1900, 3702, 50809, 45507 and 42659 have been scanned from 192.168.100.201.</td> </tr> <tr> <td valign="top" width="125"> Attack Type:</td> <td class="Menue" width="375"> Port Scan</td> </tr> <tr> <td valign="top" width="125"> Event Time:</td> <td class="Menue" width="375"> 03/19/2010 21:06:52</td> </tr> <tr> <td valign="top" width="125"> Remote Host IP:</td> <td class="Menue" width="375"> 192.168.100.201</td> </tr> <tr> <td valign="top" width="125"> Occurrence:</td> <td class="Menue" width="375"> 1</td> </tr> <tr> <td valign="top" width="125"> Alert:</td> <td class="Menue" width="375"> 1</td> </tr> <tr> <td valign="top" width="125"> Begin Time:</td> <td class="Menue" width="375"> 03/19/2010 21:07:06</td> </tr> <tr> <td valign="top" width="125"> End Time:</td> <td class="Menue" width="375"> 03/19/2010 21:07:06</td> </tr> <tr> <td valign="top" width="125"> Domain Name:</td> <td class="Menue" width="375"> Default</td> </tr> <tr> <td valign="top" width="125"> Site Name:</td> <td class="Menue" width="375"> Symantec Media Vault</td> </tr> <tr> <td valign="top" width="125"> Server Name:</td> <td class="Menue" width="375"> HomeServer</td> </tr> <tr> <td valign="top" width="125"> Group Name:</td> <td class="Menue" width="375"> Global\Symantec Media Vault</td> </tr> <tr> <td> Computer Name</td> <td class="Menue">  </td> </tr> <tr> <td width="150"> Current:</td> <td class="Menue"> HomeServer</td> </tr> <tr> <td width="150"> When event occurred:</td> <td class="Menue"> HomeServer</td> </tr> <tr> <td colspan="2">  </td> </tr> <tr> <td width="125"> IP Address</td> <td class="Menue" width="375">  </td> </tr> <tr> <td width="150"> Current:</td> <td class="Menue"> 192.168.100.200</td> </tr> <tr> <td width="150"> When event occurred:</td> <td class="Menue"> 229.157.60.79</td> </tr> <tr> <td colspan="2">  </td> </tr> <tr> <td valign="top" width="125"> Operating system:</td> <td class="Menue" width="375"> Windows Server 2003 Family Standard Edition</td> </tr> <tr> <td valign="top" width="125"> Location Name:</td> <td class="Menue" width="375"> Default</td> </tr> <tr> <td valign="top" width="125"> User Name:</td> <td class="Menue" width="375"> Administrator</td> </tr> <tr> <td valign="top" width="125"> Severity:</td> <td class="Menue" width="375"> Minor</td> </tr> <tr> <td valign="top" width="125"> Local MAC:</td> <td class="Menue" width="375"> 01005E****</td> </tr> <tr> <td valign="top" width="125"> Remote MAC:</td> <td class="Menue" width="375"> 001D60****</td> </tr> <tr> <td valign="top" width="125"> Hardware Key:</td> <td class="Menue" width="375"> BF6956C1A8429***************</td> </tr> <tr> <td valign="top" width="125"> Network Protocol:</td> <td class="Menue" width="375"> UDP</td> </tr> <tr> <td valign="top" width="125"> Traffic Direction:</td> <td class="Menue" width="375"> Inbound</td> </tr> <tr> <td valign="top" width="125"> Send SNMP trap:</td> <td class="Menue" width="375"> 1</td> </tr> <tr> <td valign="top" width="125"> Remote Host Name:</td> <td class="Menue" width="375">  </td> </tr> <tr> <td valign="top" width="125"> Hack Type:</td> <td class="Menue" width="375"> 0</td> </tr> <tr> <td valign="top" width="125"> Application Name:</td> </tr> </tbody> </table> Of course there is little to any information as to what is scanning the computers in local subnet, but at least i've narrowed it down to one computer --  but sep, full virus scan, nothing has come up... is there a method i can use within SEP on the local computer thats "infected" to monitor what program is causing this port scanning issue?  Thanks, any help will be appreciated <div class="og_rss_groups"></div> http://www.symantec.com/connect/forums/question-about-sepm-manager-logs-network-attack#comments 10.x Endpoint Protection (AntiVirus) Internet Security Threat Report Security Sat, 20 Mar 2010 01:36:18 +0000 Diesel2NV 1250701 at http://www.symantec.com/connect