Posted on

DLP 14.6 to 15.0.1 Client Upgrade

I need a solution

Hi,

When runnig the "agent_upgrade.bat" file on a computer to try and upgrade the agent from 14.6. to 15.0.1 I am receiving the following error:

MSI (s) (00:88) [10:11:56:524]: Doing action: MsiProcessDrivers

Action ended 10:11:56: RegisterComPlus. Return value 0.

MSI (s) (00:E4) [10:11:56:664]: Invoking remote custom action. DLL: C:\windows\Installer\MSI4464.tmp, Entrypoint: ProcessDriverPackages

Action start 10:11:56: MsiProcessDrivers.

DIFXAPP: ENTER: ProcessDriverPackages()

DIFXAPP: INFO: 'Component' is 'vfsmfd.inf'

DIFXAPP: INFO: Component state 0x3 -> 0x2

DIFXAPP: INFO: 'ComponentId' is {03C8264B-B361-435E-A6B5-C565F24D4A6E}

DIFXAPP: INFO: 'Flags' is 31

DIFXAPP: INFO: component path is

DIFXAPP: INFO: user SID of user performing the install is 'S-1-5-21-2054966371-109381095-1963001494-194691'.

DIFXAPP: INFO: creating HKEY_USERS\S-1-5-21-2054966371-109381095-1963001494-194691\Software\Microsoft\Windows\CurrentVersion\DIFxApp\Components\{03C8264B-B361-435E-A6B5-C565F24D4A6E} (User's SID: 'S-1-5-21-2054966371-109381095-1963001494-194691') ...

DIFXAPP: ERROR 0x57 encountered while creating subkey for component '{03C8264B-B361-435E-A6B5-C565F24D4A6E}'

DIFXAPP: RETURN: ProcessDriverPackages() 87 (0x57)

CustomAction MsiProcessDrivers returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)

0
Posted on

Blue Coat – IE 11 – Scrolling & Loading of pages

I need a solution

Dear all,

When I try to scroll on WebPages with an updated IE 11 on Windows 7 - I observe the loading of the pages is not really fluid when I scroll (the page is still downloading. WebPages with active content inside (Advertisements) takes a long time to load.

If I change to another pac-file linked to another proxy solution, the problems are not present. I can scroll through the pages even they are downloading and the time to load is very quick.

Any ideas what I could check?

Thank a lot.

Crocky

0
Posted on

Exception to allow inhouse written DLL

I need a solution

Hi All,

          Apologies if I have asked this question before. We are still on SEP 12 at the moment. We have a DLL that is an in house written file that keeps alerting in SEP as suspiceous and gets blocked occaisionally. Now, it is usually located in one of 4 paths and I have entered the paths in and the exclusion exceptions work fine. The problem is that this file can also be used in other locations. This means adding loads of extra exception rules which I do not want to do. Is there a way to just allow this filename (no path) to be ignored by SEP (would use the #md5 actually). So is it possible just to create a ADC rule to allow this particular DLL filename to be ignored by SEP?

Cheers

PaulC

0
Posted on

ATP Endpoint Not SEP Managed

I need a solution

Hi, We are running Symantec ATP. We have integrated it with SEPM. To my surprise, there are a few machines that are running SEP clients and are reporting into the SEP Manager. ATP has listed some of these machines under "Actively Infected Endpoints", and under SEP Managed? is "No". We have verified these machines on the SEPM, and yes they do have SEP clients installed and are up-to-date. What could be happening here?

Many thanks for your responses in advanced,

MabundaG

0
Posted on

ATP Endpoint Not SEP Managed

I need a solution

Hi, We are running Symantec ATP. We have integrated it with SEPM. To my surprise, there are a few machines that are running SEP clients and are reporting into the SEP Manager. ATP has listed some of these machines under "Actively Infected Endpoints", and under SEP Managed? is "No". We have verified these machines on the SEPM, and yes they do have SEP clients installed and are up-to-date. What could be happening here?

Many thanks for your responses in advanced,

MabundaG

0
Posted on

Having issues blocking Files & Applications

I need a solution

I'm testing the Applciation & Device Control policy and I've ran in to an issue.

I've created a custom Bat file and I've attempted to block the file using its MD5 hash.

After reading and follwoing the documentation; I can still launch the Bat File.

https://support.symantec.com/en_US/article.HOWTO80...

Has anyone tried to block files by MD5 Hash?

Is there a better discpritive tutorial on how to block rogue files and appliations?

0
Posted on

SEP 14 vs. Cisco Umbrella

I need a solution

We recently upgraded to SEP v14.0 RU1 MP1 build 3876. Our clients have the Cisco Umbrella Client v 2.1.0. Multiple people, including myself, have noticed that SEP doesn't seem to be playing well with the Umbrella client. (SEP 12 did not have any issues.) For me, when I browse the web, CPU use for Chrome & IE both shoot up when I go to a webpage. Even opening blank tab causes it. I am normally playing music in VLC and it stutters something fierce. A couple instances of chrome.exe shoot up to 25 in the Task Manager. Occasionally dnscrypt-proxy.exe, part of the Umbrella client, will also start hogging CPU.

I uninstalled SEP and everything was fine immediately. I reinstalled it and found that the problem started again, though not as bad as before. However, it has gradually gotten worse and is back to where it was.

Has anyone else noticed this kind of behavior or any other conflict between SEP 14 and Cisco Umbrella?

Skip

0
Posted on

SEP 14 vs. Cisco Umbrella

I need a solution

We recently upgraded to SEP v14.0 RU1 MP1 build 3876. Our clients have the Cisco Umbrella Client v 2.1.0. Multiple people, including myself, have noticed that SEP doesn't seem to be playing well with the Umbrella client. (SEP 12 did not have any issues.) For me, when I browse the web, CPU use for Chrome & IE both shoot up when I go to a webpage. Even opening blank tab causes it. I am normally playing music in VLC and it stutters something fierce. A couple instances of chrome.exe shoot up to 25 in the Task Manager. Occasionally dnscrypt-proxy.exe, part of the Umbrella client, will also start hogging CPU.

I uninstalled SEP and everything was fine immediately. I reinstalled it and found that the problem started again, though not as bad as before. However, it has gradually gotten worse and is back to where it was.

Has anyone else noticed this kind of behavior or any other conflict between SEP 14 and Cisco Umbrella?

Skip

0
Posted on

Locked HDD – Symantec Encryption Desktop

I need a solution

I bought a Laptop computer from a pawn shop and the HDD is locked with Symantec Encryption Desktop!!! I can't format or do anything else to the drive. Thinking about just installing a new HDD unless someone has a solution for me. HELP!!! Dell Latitude E7470

0
Posted on

Locked HDD – Symantec Encryption Desktop

I need a solution

I bought a Laptop computer from a pawn shop and the HDD is locked with Symantec Encryption Desktop!!! I can't format or do anything else to the drive. Thinking about just installing a new HDD unless someone has a solution for me. HELP!!! Dell Latitude E7470

0
Posted on

SEP14 clients are getting policy late

I need a solution

i have a problem that symantec clients are getting policy very late even if i go to client and update policy after that it takes 5 to 10 mints or more some time

In SEPM console. i made  Communication settings in Pull mode and Change the HeartBeat Interval 5 mints / Download Randomization also 5 mints but still i am facing that clients are sending logs after 1 hours and getting policies same 1 hours

 .

0
Posted on

SEP14 clients are getting policy late

I need a solution

i have a problem that symantec clients are getting policy very late even if i go to client and update policy after that it takes 5 to 10 mints or more some time

In SEPM console. i made  Communication settings in Pull mode and Change the HeartBeat Interval 5 mints / Download Randomization also 5 mints but still i am facing that clients are sending logs after 1 hours and getting policies same 1 hours

 .

0
Posted on

Getting data from encrypted hard drive

I need a solution

All of our Corporate laptops are encrypted with Symantec Endpoint Encryption - versions 8.2.1, - 10 - 11.1 - 11.2.1 - 11.2.2 and we have issues with the hard drive or encryption going bad.  The hard drives will not boot up to get any data from the drive.  I know there is recovery CDs but they are a pain to use if they work.  At my past job we used PGP Encryption and it allowed me to connect any hard drive via USB to my laptop (which was encrypted), it then prompted for passpharse to unlock the drive.  I was then able to use Windows File Explorer to copy data off the hard drive.  I have read thru these forums and couldn't find the correct answer.  Can I setup a dedciated PC with specific software (PGP or Symantec) so I can connect encrypted drives that will not boot up to get data?  I don't mind encrypting the hard drive in the desktop PC, just want the data recovery part not to be painful.  

Thanks!!

Joey

0