Endpoint Protection

 View Only

  • 1.  Arcsight smartconnector not working properly since we installed SEP

    Posted Feb 25, 2015 06:25 AM

    Hi All

    My organization uses Arcsight and I am having issues getting Arcsight smartconnector to work properly since we installed SEP. I already thrown this problem to the Arcsight forums and we came to the conclusion that we have to exclude the smartconnector directory from the anti-virus scanner and if the application does some other special monitoring on its software make sure the smartconnector processes are excluded from it.

    I tried folder exception but is not helping

    i want to know in detail how to correctly do the exemption for my arcsight connectors, what is the difference between folder and application exemption? do i need to do from the SEP client or the manager or from both?

    Anyone have any ideas?

    Hatem Metwally



  • 2.  RE: Arcsight smartconnector not working properly since we installed SEP

    Posted Feb 25, 2015 06:27 AM

    You need to setup the exception on the SEPM so the policy gets pushed down to clients.

    Application exception excludes the .exe while folder excdeption excludes the folder and all of its contents.

    What version of SEP here?



  • 3.  RE: Arcsight smartconnector not working properly since we installed SEP

    Posted Feb 25, 2015 12:07 PM

    Thanks Brian for your fast response, so you wanted to say that applying the exception on the client level alone doesn't take effect? i made the exception on the client level but when i reboot the client machine, i can see the exception is still applied so this gave me the indication that the settings are permanent and in effect,

    I will check the SEP version tomorrow and update you

    BR,

    Hatem



  • 4.  RE: Arcsight smartconnector not working properly since we installed SEP

    Posted Feb 25, 2015 12:09 PM

    Yes, applying to client is fine as well. Just saying that for managed clients, policy is usually pushed down thru the SEPM.



  • 5.  RE: Arcsight smartconnector not working properly since we installed SEP

    Posted Feb 25, 2015 12:17 PM

    But how can I make sure that the exception takes effect, just adding the desired folder to exceptions and press ok, that's it? or do i need to restart the symantec service or reboot the whole client?

    i started to believe it's not the exception that gonna solve my issue but instead is to remove the SEP completely :(

    BR,

    Hatem



  • 6.  RE: Arcsight smartconnector not working properly since we installed SEP

    Posted Feb 25, 2015 03:40 PM

    You can check the registry to verify the exception exists but what you did is the correct method so I have no reason to believe the exception isn't working.

    What happens if you disable the firewall?



  • 7.  RE: Arcsight smartconnector not working properly since we installed SEP

    Posted Feb 26, 2015 05:03 AM

    is there a specific keyword i can use to search through the registery for that?

    i think you mean disable the SEP itself, yes i tried this but no hope as i can see the serive is running in task manager, even i tried to stop the service using smc.exe -stop command but in vain

     

    BR,

    Hatem



  • 8.  RE: Arcsight smartconnector not working properly since we installed SEP

    Posted Feb 26, 2015 05:45 AM

    follow this document to verify exclusion on clinet

    http://www.symantec.com/business/support/index?page=content&id=TECH105814