Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

GUP not able to update the definition for themselves and their clients.

Migration User

Migration UserDec 15, 2010 06:12 AM

.
Migration User

Migration UserDec 20, 2010 06:50 AM

Anyone have any idea what can I do ?

  • 1.  GUP not able to update the definition for themselves and their clients.

    Posted Dec 13, 2010 01:15 PM
     
    Hello sorry for my English because I do not speak very well ...

    I have had problems to realize the definition update my GUPs, some are usually updated a little but soon ceased to update, other than updates back to the update itself. I realized a secars but returned without any problem. I use the 11.0.6 version of SEP, the policies make all GUPs seek update on a single server and distribute these GUPs for the rest of the clients. In some cases clients have the same problem looking for a single GUP but have different definitions as well as GUPs.

    Could someone help me please?

    Dicionário - Ver dicionário detalhado

    1. interjeição
      1. hello
      2. hi
      3. hoy

     



  • 2.  RE: GUP not able to update the definition for themselves and their clients.

    Posted Dec 13, 2010 01:17 PM

    When you say the GUP's get updates from a single server, does that mean the SEPM or do you have a LiveUpdate Administrator somewhere that they get updates from?



  • 3.  RE: GUP not able to update the definition for themselves and their clients.

    Posted Dec 13, 2010 06:12 PM

    Check the following article and see if GUP has bene configured properly

    Title: 'Best Practices with Symantec Endpoint Protection (SEP) Group Update Providers (GUP)'
    Web URL: http://www.symantec.com/business/support/index?page=content&id=TECH93813&locale=en_US



  • 4.  RE: GUP not able to update the definition for themselves and their clients.

    Posted Dec 14, 2010 12:45 AM

    How many GUPs you have?

    How many GUPs having problem?

    In how many clients you are facing problem?Are all they belongs to same GUP? 

    What is the OS of SEPM,GUPs and clients?

    How long this problem is there?From the day one of installation? or all on a sudden?



  • 5.  RE: GUP not able to update the definition for themselves and their clients.

    Posted Dec 14, 2010 07:11 AM

    Yes,

    I have a master server that distributes updates to the other.



  • 6.  RE: GUP not able to update the definition for themselves and their clients.

    Posted Dec 14, 2010 07:25 AM

    Hello,

    I'm 47 GUPs. Many GUPs have problems to not update the settings. Face problems in little more than 170 clients in a total of 791 clients. There are all the same GUP, I have problems with several GUPs, and are intermittent problems. The SEPM works with version 11.0.6, the GUPs with Windows Server 2003 64 bit, and mostly with Vista clients, some with very few and 7 with XP. I have had these problems for some time intermittently, not always with the same GUP.

    Hope you can help me ...

    TKS.



  • 7.  RE: GUP not able to update the definition for themselves and their clients.

    Posted Dec 14, 2010 07:36 AM

    Thanks, but many of the settings already deprived persons are taken on my machine park, but still miss the problem.

     



  • 8.  RE: GUP not able to update the definition for themselves and their clients.

    Posted Dec 14, 2010 07:38 AM

    What do you mean by "Master Server"?

    Is it Symantec Endpoint Protection Manager or you are using Livepdate Administrator to push Definitions?

    Is the issue with the Symantec Endpoint Protection Clients not taking updates from GUPs?

    Are the GUPs updated with the latest definitions?



  • 9.  RE: GUP not able to update the definition for themselves and their clients.

    Posted Dec 14, 2010 07:55 AM

    Yes I use the SEPM, and the problem is not that we GUPs update on SEPM and its clients that has not been updated in their proper GUPs.



  • 10.  RE: GUP not able to update the definition for themselves and their clients.

    Broadcom Employee
    Posted Dec 14, 2010 08:05 AM

    can you post the sylink logs from the non working machine?



  • 11.  RE: GUP not able to update the definition for themselves and their clients.

    Posted Dec 14, 2010 09:32 AM

    Check the below 2 articles

    Title: 'How to enable Sylink Debugging for Symantec Endpoint Protection in the registry'
    Web URL: http://www.symantec.com/docs/TECH104758

    Title: 'Troubleshooting Content Delivery to the Symantec Endpoint Protection client.'
    Web URL: http://www.symantec.com/business/support/index?page=content&id=TECH106034&locale=en_US



  • 12.  RE: GUP not able to update the definition for themselves and their clients.

    Posted Dec 15, 2010 06:12 AM

    .



  • 13.  RE: GUP not able to update the definition for themselves and their clients.

    Posted Dec 15, 2010 12:28 PM

    It did not work, follow the step by step but without results.

    Dicionário - Ver dicionário detalhado

      1. not
      2. no
      3. non
      4. nay
      5. nope
    2. interjeição
      1. no
      2. nope

     



  • 14.  RE: GUP not able to update the definition for themselves and their clients.

    Broadcom Employee
    Posted Dec 15, 2010 01:13 PM

    did you collect the sylink logs, can you please post those logs?



  • 15.  RE: GUP not able to update the definition for themselves and their clients.

    Posted Dec 15, 2010 02:08 PM
      <?xml version="1.0" encoding="UTF-8" ?>
    - <Profile NameSpace="agent">
      <SerialNumber>7E28-12/02/2010 18:43:54 843</SerialNumber>
      <GroupInfo Description="" Name="Servidores" Path="My Company\Aeroportos\MCZ\Servidores" />
      <Version>5.0.0</Version>
      <AdminPassword ExitNeedPassword="1" ImportExportNeedPassword="1" UINeedPassword="0" UninstallNeedPassword="1">324A3244BF8D10587218E74992C54E7F</AdminPassword>
      <NAPEnforcer Enable="0" />
      <Log MaxProcessLogDays="14" MaxProcessLogSize="1048576" MaxRawTrafficLogDamperIdleTime="10" MaxRawTrafficLogDamperPeriod="7200" MaxRawTrafficLogDays="14" MaxRawTrafficLogSize="1048576" MaxSecurityLogDamperIdleTime="10" MaxSecurityLogDamperPeriod="7200" MaxSecurityLogDays="14" MaxSecurityLogSize="524288" MaxSystemLogDamperIdleTime="10" MaxSystemLogDamperPeriod="7200" MaxSystemLogDays="14" MaxSystemLogSize="524288" MaxTrafficLogDamperIdleTime="10" MaxTrafficLogDamperPeriod="7200" MaxTrafficLogDays="14" MaxTrafficLogSize="524288" />
      <MasterSwitchButton ActiveTimer="0" Enable="1" />
      <AttackingSelfTestButton Enable="1" />
      <SmcServiceProtection EnableNetStopProtection="0" />
      <DefaultLocation>Default</DefaultLocation>
      <EnableAutoLocationSwitching LocationCheckFrequency="4">1</EnableAutoLocationSwitching>
    - <Locations>
    - <Location Description="Created automatically during product installation." Id="7585BCB40A010511000E1E3271DE9B26" Name="Default">
      <LocalSecuritySettingLink>Security_Setting_Default@6B898D280A010511005D5DD7D6ED84A2</LocalSecuritySettingLink>
      <ControlMode Mode="0" />
      <SilentModeEx Enable="0" />
    - <UserInterface HideSystemTrayIcon="0">
      <AttackingSelfTestButton Enable="0" />
      <MasterSwitchButton ActiveTimer="0" AllowedAttempts="-1" Enable="0" />
      </UserInterface>
      <OSProtectionSettingGroupLink>OP_Policy_Azul - Device Control Policy@33521651C0A8F95B01BCCDCC8451B6A4</OSProtectionSettingGroupLink>
      <DeviceManagerSettingGroupLink>7585BCB40A010511000E1E3271DE9B26</DeviceManagerSettingGroupLink>
      <EAPAuthentication Enable="0" EnableSNACNP="0" EnableSupplicant="0" EnableTransparentMode="0" SNACNPWaitTimeout="3" />
    - <AVPolicy>
      <Link Type="AVGeneral" Zone="AVGeneralZone">AVGeneral@6B898D280A010511005D5DD7D6ED84A2</Link>
      <Link Type="AVAutoProtect" Zone="AVAutoProtectZone">AVAutoProtect@6B898D280A010511005D5DD7D6ED84A2</Link>
      <Link Type="MacAVAutoProtect" Zone="MacAVAutoProtectZone">MacAVAutoProtect@6B898D280A010511005D5DD7D6ED84A2</Link>
      <Link Type="AVEmailAutoProtect" Zone="AVEmailAutoProtectZone">AVEmailAutoProtect@6B898D280A010511005D5DD7D6ED84A2</Link>
      <Link Type="AVAdminDefinedScanOptions" Zone="AVAdminDefinedScanOptionsZone">AVAdminDefinedScanOptions@6B898D280A010511005D5DD7D6ED84A2</Link>
      <Link Type="AVCommandScanOptions" Zone="AVCommandScanOptionsZone">AVCommandScanOptions@6B898D280A010511005D5DD7D6ED84A2</Link>
      <Link Type="MacAVAdminDefinedScanOptions" Zone="MacAVAdminDefinedScanOptionsZone">MacAVAdminDefinedScanOptions@6B898D280A010511005D5DD7D6ED84A2</Link>
      <Link Type="MacAVCommandScanOptions" Zone="MacAVCommandScanOptionsZone">MacAVCommandScanOptions@6B898D280A010511005D5DD7D6ED84A2</Link>
      <Link Type="AVQuarantine" Zone="AVQuarantineZone">AVQuarantine@6B898D280A010511005D5DD7D6ED84A2</Link>
      </AVPolicy>
      <HPPPolicyLink>HPPPolicy@6B898D280A010511005D5DD7D6ED84A2</HPPPolicyLink>
    - <GEHPolicy>
      <Link Type="GEHGeneral" Zone="GEHGeneralZone">GEHGeneral@6B898D280A010511005D5DD7D6ED84A2</Link>
      <Link Type="MacGEHGeneral" Zone="MacGEHGeneralZone">MacGEHGeneral@6B898D280A010511005D5DD7D6ED84A2</Link>
      </GEHPolicy>
      <SymcIPSSettingGroupLink>Symc_IPS_C51F4926C0A8F95B017C01EC1674179C</SymcIPSSettingGroupLink>
      <Link Type="AVVirusDefOptions" Zone="AVVirusDefOptionsZone">AVVirusDefOptions@6B898D280A010511005D5DD7D6ED84A2</Link>
      <Link Type="MacAVVirusDefOptions" Zone="MacAVVirusDefOptionsZone">MacAVVirusDefOptions@6B898D280A010511005D5DD7D6ED84A2</Link>
      <Link Type="SymProtectPolicy" Zone="SymProtectPolicyZone">TamperProtectionPolicy</Link>
      <Link Type="LUPolicy" Zone="LUPolicyZone">LUPolicy@6B898D280A010511005D5DD7D6ED84A2</Link>
      </Location>
      </Locations>
    - <GlobalGroups>
    - <SecuritySettingZone>
    - <SecuritySetting AllowTokenRingTraffic="0" Description="Security Setting for Default" EnableBackTracing="1" EnableDosProtection="1" EnableIds="1" EnableLocalAppBlockingNotification="0" EnablePortScanDetection="1" EnableSmartArp="1" EnableSmartDhcp="1" EnableSmartDns="1" EnableSmartNetbios="0" EnableSmartSmcTraffic="1" EnableSmartWins="1" MatchedRuleIdInTrafficLog="1" Name="Security_Setting_Default@6B898D280A010511005D5DD7D6ED84A2" NotifyVpnEnforcerMessage="0">
    - <SecurityRuleGroupOnNI>
      <SecurityRuleGroupLink>Rule_Group_For_NicGroup_All Adapters@04F31B72C0A8F95B01C870D4710BFF13@B9F2BDE5C0A8F95B00FFA6EB57BDF7D7</SecurityRuleGroupLink>
      <NetworkInterface Include="1" />
      <NetworkInterfaceGroupLink>NicGroup_All Adapters@04F31B72C0A8F95B01C870D4710BFF13</NetworkInterfaceGroupLink>
      </SecurityRuleGroupOnNI>
      <TrojanProtection AdditionalText="" AutoTerminate="0" Enable="0" PromptUser="0" />
      <AppAuthenticationProtection Action="ASK" Enable="0" EnableDllAuthentication="0" />
      <UserNotification Enable="1" NotifyLocalAppBlocking="0" NotifySecurityEvent="0" />
      <DriverLevelProtection Enable="1" />
    - <TsePluginStore>
      <TsePlugIn Enable="0" Name="Anti IP spoofing" />
      <TsePlugIn Enable="0" Name="Anti-Mac spoofing" />
      <TsePlugIn Enable="0" Name="Stealth mode browsing" />
      <TsePlugIn Enable="0" Name="Fingerprint Masquerade" />
    - <TsePlugIn Enable="1" Name="Attacker Seal">
    - <AttackerSeal DefaultAbusePeriod="600">
      <Seal Include="1" SecurityLogId="202,203,206,208" />
      </AttackerSeal>
      </TsePlugIn>
      </TsePluginStore>
      <ReverseDNS Enable="0" />
      </SecuritySetting>
      </SecuritySettingZone>
    - <SecurityRuleGroupZone>
    - <SecurityRuleGroup Name="Rule_Group_For_NicGroup_All Adapters@04F31B72C0A8F95B01C870D4710BFF13@B9F2BDE5C0A8F95B00FFA6EB57BDF7D7">
    - <SecurityRule Enable="1" Id="00000000000000000000000000000000" Name="lan|sensor|rule" Priority="1" Severity="3">
    - <TriggerCondition>
    - <TrafficCondition>
    - <Services>
      <RawEthernet ProtocolNumber="2054" />
      </Services>
      </TrafficCondition>
      </TriggerCondition>
      <Actions>lan|sensor|action</Actions>
      </SecurityRule>
    - <SecurityRule Id="43CABEA5C0A8F95B01BDD310AFFA1B17" Name="Block IPv6" Priority="1" Severity="10">
    - <TriggerCondition>
    - <TrafficCondition>
      <ServiceGroupLink>Service_Group_@7BB3A656C0A8F95B00FFA6EBC44AEFD5</ServiceGroupLink>
      </TrafficCondition>
      </TriggerCondition>
      <Actions>Action_Group_@EAD8ED4DC0A8F95B00FFA6EB6161939A</Actions>
      </SecurityRule>
    - <SecurityRule Id="C2839683C0A8F95B018C47CAEC7BCBC4" Name="Block IPv6 over IPv4 (Teredo)" Priority="2" Severity="10">
    - <TriggerCondition>
    - <TrafficCondition>
      <ServiceGroupLink>Service_Group_@03D16BE5C0A8F95B00FFA6EB36FB90F9</ServiceGroupLink>
      </TrafficCondition>
      </TriggerCondition>
      <Actions>Action_Group_@85A10AEBC0A8F95B00FFA6EBEB755E3C</Actions>
      </SecurityRule>
    - <SecurityRule Id="20DB4F83C0A8F95B006B6D38C3871BF3" Name="Block IPv6 over IPv4 (ISATAP)" Priority="3" Severity="10">
    - <TriggerCondition>
    - <TrafficCondition>
      <ServiceGroupLink>Service_Group_@91BFC95FC0A8F95B00FFA6EB56CA05FA</ServiceGroupLink>
      </TrafficCondition>
      </TriggerCondition>
      <Actions>Action_Group_@41CC982CC0A8F95B00FFA6EBBFBF9ECE</Actions>
      </SecurityRule>
    - <SecurityRule Id="36078D22C0A8F95B009C302DA0FA317B" Name="Allow fragmented packets" Priority="4" Severity="10">
    - <TriggerCondition>
    - <TrafficCondition>
      <ServiceGroupLink>Service_Group_@8DB84B7AC0A8F95B00FFA6EB73B11A39</ServiceGroupLink>
      </TrafficCondition>
      </TriggerCondition>
      <Actions>Action_Group_@45F2A0E3C0A8F95B00FFA6EBB54B0994</Actions>
      </SecurityRule>
    - <SecurityRule Id="E51DFBFCC0A8F95B000A7E3BB0763BE4" Name="Allow wireless EAPOL" Priority="5" Severity="10">
    - <TriggerCondition>
    - <TrafficCondition>
      <ServiceGroupLink>Service_Group_@292255F3C0A8F95B00FFA6EBB023E90E</ServiceGroupLink>
      </TrafficCondition>
      </TriggerCondition>
      <Actions>Action_Group_@4ECACD14C0A8F95B00FFA6EB38552619</Actions>
      </SecurityRule>
    - <SecurityRule Id="C1A8EFAEC0A8F95B00365E0F9196C601" Name="Allow LLT protocol" Priority="6" Severity="10">
    - <TriggerCondition>
    - <TrafficCondition>
      <ServiceGroupLink>Service_Group_@B3526AEFC0A8F95B00FFA6EB8C34477C</ServiceGroupLink>
      </TrafficCondition>
      </TriggerCondition>
      <Actions>Action_Group_@4985DF9CC0A8F95B00FFA6EBBC5739E0</Actions>
      </SecurityRule>
    - <SecurityRule Id="902BFBAFC0A8F95B015DA1EE4C02CDB1" Name="Allow MS Remote Access and Routing ARP Driver" Priority="7" Severity="10">
    - <TriggerCondition>
      <LocalApplication>Application_Group_Of_null@11BB1815C0A8F95B00FFA6EBE14A5A1D</LocalApplication>
      </TriggerCondition>
      <Actions>Action_Group_@026BDC3CC0A8F95B00FFA6EB00712224</Actions>
      </SecurityRule>
    - <SecurityRule Id="64025D66C0A8F95B00325B8A8EF81094" Name="Allow all applications" Priority="8" Severity="10">
    - <TriggerCondition>
      <LocalApplication>Application_Group_Of_null@A6FBE3A3C0A8F95B00FFA6EB1080F762</LocalApplication>
      </TriggerCondition>
      <Actions>Action_Group_@950E4866C0A8F95B00FFA6EB34FF9324</Actions>
      </SecurityRule>
    - <SecurityRule Id="4F617E81C0A8F95B01D1D5DD0C4E04ED" Name="Allow ping, pong and tracert" Priority="9" Severity="10">
    - <TriggerCondition>
    - <TrafficCondition>
      <ServiceGroupLink>Service_Group_@1DD4C789C0A8F95B00FFA6EB3419494F</ServiceGroupLink>
      </TrafficCondition>
      </TriggerCondition>
      <Actions>Action_Group_@D3CEB8F4C0A8F95B00FFA6EB49A6C05E</Actions>
      </SecurityRule>
    - <SecurityRule Id="BB3A8A24C0A8F95B016599C59F4D7B00" Name="Allow VPN" Priority="10" Severity="5">
    - <TriggerCondition>
    - <TrafficCondition>
      <ServiceGroupLink>Service_Group_@36E5F826C0A8F95B00FFA6EBC2638E41</ServiceGroupLink>
      </TrafficCondition>
      </TriggerCondition>
      <Actions>Action_Group_@B3F3D1EFC0A8F95B00FFA6EB87D44501</Actions>
      </SecurityRule>
    - <SecurityRule Id="8E73DB05C0A8F95B01B70500CA0E13B8" Name="Allow all other IP traffic" Priority="11" Severity="15">
    - <TriggerCondition>
    - <TrafficCondition>
      <ServiceGroupLink>Service_Group_@497E23DDC0A8F95B00FFA6EBBB3C1B78</ServiceGroupLink>
      </TrafficCondition>
      </TriggerCondition>
      <Actions>Action_Group_@91FA664AC0A8F95B00FFA6EB218BFEFB</Actions>
      </SecurityRule>
    - <SecurityRule Id="26CEA62CC0A8F95B00448491C3733BD0" Name="Don't log broadcast and multicast traffic" Priority="12" Severity="15">
    - <TriggerCondition>
    - <TrafficCondition>
      <Hosts Local="Host_Group_@8EAD55B1C0A8F95B00FFA6EB1B27CAC1" />
      </TrafficCondition>
      </TriggerCondition>
      <Actions>Action_Group_@48993C9BC0A8F95B00FFA6EB6DFBF957</Actions>
      </SecurityRule>
    - <SecurityRule Id="31A684F8C0A8F95B009A8D1154C2CEF1" Name="Block all other traffic" Priority="13" Severity="15">
      <TriggerCondition />
      <Actions>Action_Group_@84E2F64AC0A8F95B00FFA6EBD0EF207C</Actions>
      </SecurityRule>
      </SecurityRuleGroup>
      </SecurityRuleGroupZone>
    - <HostGroupZone>
    - <HostGroup Name="Host_Group_@8EAD55B1C0A8F95B00FFA6EB1B27CAC1">
      <MacAddress>FF-FF-FF-FF-FF-FF</MacAddress>
      <IpRange End="239.255.255.255" Start="224.0.0.0" />
      </HostGroup>
      </HostGroupZone>
      <TimeGroupZone />
    - <ApplicationGroupZone>
    - <ApplicationGroup Name="Application_Group_Of_null@11BB1815C0A8F95B00FFA6EBE14A5A1D">
      <Executable FileName="wanarp.sys" />
      </ApplicationGroup>
    - <ApplicationGroup Name="Application_Group_Of_null@A6FBE3A3C0A8F95B00FFA6EB1080F762">
      <Executable FileName="*" />
      </ApplicationGroup>
      </ApplicationGroupZone>
    - <ActionGroupZone>
    - <ActionGroup Name="Action_Group_@EAD8ED4DC0A8F95B00FFA6EB6161939A">
      <Action LogEvent="1" PacketProcess="DROP" />
      </ActionGroup>
    - <ActionGroup Name="Action_Group_@85A10AEBC0A8F95B00FFA6EBEB755E3C">
      <Action LogEvent="1" PacketProcess="DROP" />
      </ActionGroup>
    - <ActionGroup Name="Action_Group_@41CC982CC0A8F95B00FFA6EBBFBF9ECE">
      <Action LogEvent="1" PacketProcess="DROP" />
      </ActionGroup>
    - <ActionGroup Name="Action_Group_@45F2A0E3C0A8F95B00FFA6EBB54B0994">
      <Action PacketProcess="PASS" />
      </ActionGroup>
    - <ActionGroup Name="Action_Group_@4ECACD14C0A8F95B00FFA6EB38552619">
      <Action PacketProcess="PASS" />
      </ActionGroup>
    - <ActionGroup Name="Action_Group_@4985DF9CC0A8F95B00FFA6EBBC5739E0">
      <Action PacketProcess="PASS" />
      </ActionGroup>
    - <ActionGroup Name="Action_Group_@026BDC3CC0A8F95B00FFA6EB00712224">
      <Action PacketProcess="PASS" />
      </ActionGroup>
    - <ActionGroup Name="Action_Group_@950E4866C0A8F95B00FFA6EB34FF9324">
      <Action PacketProcess="PASS" />
      </ActionGroup>
    - <ActionGroup Name="Action_Group_@D3CEB8F4C0A8F95B00FFA6EB49A6C05E">
      <Action PacketProcess="PASS" />
      </ActionGroup>
    - <ActionGroup Name="Action_Group_@B3F3D1EFC0A8F95B00FFA6EB87D44501">
      <Action PacketProcess="PASS" />
      </ActionGroup>
    - <ActionGroup Name="Action_Group_@91FA664AC0A8F95B00FFA6EB218BFEFB">
      <Action LogEvent="0" LogRawTraffic="0" PacketProcess="PASS" />
      </ActionGroup>
    - <ActionGroup Name="Action_Group_@48993C9BC0A8F95B00FFA6EB6DFBF957">
      <Action PacketProcess="DROP" />
      </ActionGroup>
    - <ActionGroup Name="Action_Group_@84E2F64AC0A8F95B00FFA6EBD0EF207C">
      <Action LogEvent="1" PacketProcess="DROP" />
      </ActionGroup>
    - <ActionGroup Name="lan|sensor|action">
      <Action Enable="1" LogEvent="1" PacketProcess="PASS" />
      </ActionGroup>
      </ActionGroupZone>
    - <NetworkInterfaceGroupZone>
    - <NetworkInterfaceGroup Name="NicGroup_Any_Adapter_1">
      <NetworkInterface Include="1" />
      </NetworkInterfaceGroup>
    - <NetworkInterfaceGroup Name="NicGroup_All Adapters@04F31B72C0A8F95B01C870D4710BFF13">
      <NetworkInterface Include="1" NetworkInterfaceType="ALL" />
      </NetworkInterfaceGroup>
      </NetworkInterfaceGroupZone>
    - <ServiceGroupZone>
    - <ServiceGroup Name="Service_Group_@7BB3A656C0A8F95B00FFA6EBC44AEFD5">
    - <Services>
      <RawEthernet ProtocolNumber="34525" />
      </Services>
      </ServiceGroup>
    - <ServiceGroup Name="Service_Group_@03D16BE5C0A8F95B00FFA6EB36FB90F9">
    - <Services>
      <RawUdp RemotePort="3544" />
      </Services>
      </ServiceGroup>
    - <ServiceGroup Name="Service_Group_@91BFC95FC0A8F95B00FFA6EB56CA05FA">
    - <Services>
      <RawIp FollowingFragment="0" ProtocolNumber="41" />
      </Services>
      </ServiceGroup>
    - <ServiceGroup Name="Service_Group_@8DB84B7AC0A8F95B00FFA6EB73B11A39">
    - <Services>
      <RawIp FollowingFragment="1" ProtocolNumber="" />
      </Services>
      </ServiceGroup>
    - <ServiceGroup Name="Service_Group_@292255F3C0A8F95B00FFA6EBB023E90E">
    - <Services>
      <RawEthernet ProtocolNumber="34958" />
      </Services>
      </ServiceGroup>
    - <ServiceGroup Name="Service_Group_@B3526AEFC0A8F95B00FFA6EB8C34477C">
    - <Services>
      <RawEthernet ProtocolNumber="51966" />
      </Services>
      </ServiceGroup>
    - <ServiceGroup Name="Service_Group_@1DD4C789C0A8F95B00FFA6EB3419494F">
    - <Services>
      <RawIcmp IcmpType="0" Incoming="1" />
      </Services>
    - <Services>
      <RawIcmp IcmpType="8" Incoming="0" />
      </Services>
    - <Services>
      <RawIcmp IcmpType="11" Incoming="1" />
      </Services>
      </ServiceGroup>
    - <ServiceGroup Name="Service_Group_@36E5F826C0A8F95B00FFA6EBC2638E41">
    - <Services>
      <RawIp FollowingFragment="0" ProtocolNumber="47,50" />
      </Services>
    - <Services>
      <RawTcp IncomingCall="0" RemotePort="1723" />
      </Services>
    - <Services>
      <RawUdp RemotePort="500,1701,4500" />
      </Services>
    - <Services>
      <RawIp FollowingFragment="0" ProtocolNumber="50" />
      </Services>
    - <Services>
      <RawIp FollowingFragment="1" ProtocolNumber="17" />
      </Services>
    - <Services>
      <RawTcp LocalPort="1032,1033" />
      </Services>
    - <Services>
      <RawTcp RemotePort="256,264,18231,18234" />
      </Services>
    - <Services>
      <RawUdp LocalPort="1266,1368" />
      </Services>
    - <Services>
      <RawUdp RemotePort="18231,18234,500" />
      </Services>
    - <Services>
      <RawIp FollowingFragment="0" ProtocolNumber="50" />
      </Services>
    - <Services>
      <RawUdp RemotePort="62516,500" />
      </Services>
    - <Services>
      <RawIp FollowingFragment="0" ProtocolNumber="50" />
      </Services>
    - <Services>
      <RawUdp RemotePort="1029,500" />
      </Services>
    - <Services>
      <RawIp FollowingFragment="0" ProtocolNumber="50" />
      </Services>
    - <Services>
      <RawUdp RemotePort="500,10000,62514-62524" />
      </Services>
    - <Services>
      <RawIp FollowingFragment="0" ProtocolNumber="50" />
      </Services>
    - <Services>
      <RawTcp LocalPort="8282" />
      </Services>
    - <Services>
      <RawTcp RemotePort="17, 586" />
      </Services>
    - <Services>
      <RawUdp RemotePort="500, 8121" />
      </Services>
    - <Services>
      <RawIp FollowingFragment="0" ProtocolNumber="50" />
      </Services>
    - <Services>
      <RawTcp RemotePort="443,1080" />
      </Services>
      </ServiceGroup>
    - <ServiceGroup Name="Service_Group_@497E23DDC0A8F95B00FFA6EBBB3C1B78">
    - <Services>
      <RawIp FollowingFragment="0" ProtocolNumber="" />
      </Services>
      </ServiceGroup>
      </ServiceGroupZone>
    - <ProcessPermissionsGroupZone>
    - <ProcessPermissionsGroup Description="This rule will log all applications that writing files to any USB device that add a drive letter to your system." Name="OP_Compound_Rule_Log files written to USB drives@52C85F68C0A8F95B01C5C3EC2D1EEC9F">
    - <ProcessPermissions Description="" Inherit="0" Name="Log files written to USB drives">
    - <ProcessImageName>
      <PatternMatchGroupLink>Match_For_Process@9711A303C0A8F95B019B4AF5C04E2AC8</PatternMatchGroupLink>
      </ProcessImageName>
      <PermissionGroupLink>Permission_List_For_Log files written to USB drives@9711A303C0A8F95B019B4AF5C04E2AC8</PermissionGroupLink>
      </ProcessPermissions>
      </ProcessPermissionsGroup>
      </ProcessPermissionsGroupZone>
    - <ProcessActionGroupZone>
    - <ProcessActionGroup Name="Action_For_File_Read@1010682EC0A8F95B00FFA6EB84FD3D7F">
      <ProcessAction Action="DONOTHING" LogEvent="1" Mode="NORMAL" NotificationAdditionalText="" NotificationEnable="0" />
      </ProcessActionGroup>
    - <ProcessActionGroup Name="Action_For_File_Write@31352A5AC0A8F95B00FFA6EB1D9FA486">
      <ProcessAction Action="DONOTHING" LogEvent="1" Mode="NORMAL" NotificationAdditionalText="" NotificationEnable="0" />
      </ProcessActionGroup>
      </ProcessActionGroupZone>
    - <PermissionGroupZone>
    - <PermissionGroup Name="Permission_List_For_Log files written to USB drives@9711A303C0A8F95B019B4AF5C04E2AC8">
    - <Permission Alert="0" ClassName="File Read" Description="" Name="Log writing to USB drives_Read File" Priority="16" Severity="10">
    - <ClassParameter>
      <PatternMatchGroupLink>Match_For_File_Access@1A43DF35C0A8F95B00FFA6EBCB2EE0C2</PatternMatchGroupLink>
      </ClassParameter>
      <ProcessActionGroupLink>Action_For_File_Read@1010682EC0A8F95B00FFA6EB84FD3D7F</ProcessActionGroupLink>
      </Permission>
    - <Permission Alert="0" ClassName="File Write" Description="" Name="Log writing to USB drives_Write File" Priority="16" Severity="10">
    - <ClassParameter>
      <PatternMatchGroupLink>Match_For_File_Access@1A43DF35C0A8F95B00FFA6EBCB2EE0C2</PatternMatchGroupLink>
      </ClassParameter>
      <ProcessActionGroupLink>Action_For_File_Write@31352A5AC0A8F95B00FFA6EB1D9FA486</ProcessActionGroupLink>
      </Permission>
      </PermissionGroup>
      </PermissionGroupZone>
    - <PatternMatchGroupZone>
    - <PatternMatchGroup Name="Match_For_Process@9711A303C0A8F95B019B4AF5C04E2AC8">
    - <Match>
    - <ParameterMatch>
      <RegularExpression>.*\\[^\\]*</RegularExpression>
      </ParameterMatch>
    - <ParameterMatch>
      <RegularExpression>.*</RegularExpression>
      </ParameterMatch>
      </Match>
      </PatternMatchGroup>
    - <PatternMatchGroup Name="Match_For_File_Access@1A43DF35C0A8F95B00FFA6EBCB2EE0C2">
    - <Match>
    - <ParameterMatch>
      <RegularExpression>.*\\[^\\]*</RegularExpression>
      </ParameterMatch>
    - <ParameterMatch>
      <RegularExpression>.*</RegularExpression>
      </ParameterMatch>
    - <ParameterMatch>
      <RegularExpression>.*</RegularExpression>
      </ParameterMatch>
    - <ParameterMatch>
      <RegularExpression>USBSTOR.*</RegularExpression>
      </ParameterMatch>
      </Match>
      </PatternMatchGroup>
      </PatternMatchGroupZone>
    - <OSProtectionSettingGroupZone>
    - <OSProtectionSettingGroup Description="" Name="OP_Policy_Azul - Device Control Policy@33521651C0A8F95B01BCCDCC8451B6A4">
      <ProcessPermissionsGroupLink>OP_Compound_Rule_Log files written to USB drives@52C85F68C0A8F95B01C5C3EC2D1EEC9F</ProcessPermissionsGroupLink>
      <AppTrojanProtection Enable="0" Notification="0" NotificationText="" />
      </OSProtectionSettingGroup>
      </OSProtectionSettingGroupZone>
    - <DeviceActionGroupZone>
    - <DeviceActionGroup Name="Allow_7585BCB40A010511000E1E3271DE9B26">
      <DeviceAction Action="ALLOW" LogEvent="1" NotificationAdditionalText="" NotificationEnable="0" />
      </DeviceActionGroup>
    - <DeviceActionGroup Name="Block_7585BCB40A010511000E1E3271DE9B26">
      <DeviceAction Action="BLOCK" LogEvent="1" NotificationAdditionalText="" NotificationEnable="0" />
      </DeviceActionGroup>
      </DeviceActionGroupZone>
    - <DeviceManagerSettingGroupZone>
    - <DeviceManagerSettingGroup Name="7585BCB40A010511000E1E3271DE9B26">
      <ControlDevice DeviceActionGroupLink="Allow_7585BCB40A010511000E1E3271DE9B26" />
      <ControlDevice DeviceActionGroupLink="Block_7585BCB40A010511000E1E3271DE9B26" />
      </DeviceManagerSettingGroup>
      </DeviceManagerSettingGroupZone>
    - <AVGeneralZone>
    - <AVGeneral ErrorReportingBaseUrl="http://www.symantec.com/techsupp/servlet/ProductMessages" ErrorReportingText="Ocorreu um erro para maiores informações entre em contato com o Suporte TI (Ramal 9828) ou acesse o Web Site da Symantec. http://www.symantec.com/techsupp/servlet/ProductMessages" Name="AVGeneral@6B898D280A010511005D5DD7D6ED84A2">
      <WindowsSecurityCenter DisableWSC="NEVER" WSCAVAlert="ENABLE" WSCDefsUpToDate="7" />
      <ClientPermissions UseScanNetDrivePassword="0" />
    - <LogHandling AgeLimit="60" AgeUnits="PURGE_DAYS" TimedBasedAggregationInterval="300">
      <ForwardedEvent ApplyModeForward="ADMIN" EventID="2" Forward="1" LockForward="1" PackageID="0" />
      <ForwardedEvent ApplyModeForward="ADMIN" EventID="3" Forward="1" LockForward="1" PackageID="0" />
      <ForwardedEvent ApplyModeForward="ADMIN" EventID="6" Forward="1" LockForward="1" PackageID="0" />
      <ForwardedEvent ApplyModeForward="ADMIN" EventID="18" Forward="1" LockForward="1" PackageID="0" />
      <ForwardedEvent ApplyModeForward="ADMIN" EventID="19" Forward="1" LockForward="1" PackageID="0" />
      <ForwardedEvent ApplyModeForward="ADMIN" EventID="20" Forward="1" LockForward="1" PackageID="0" />
      <ForwardedEvent ApplyModeForward="ADMIN" EventID="21" Forward="1" LockForward="1" PackageID="0" />
      <ForwardedEvent ApplyModeForward="ADMIN" EventID="76" Forward="0" LockForward="1" PackageID="0" />
      <ForwardedEvent ApplyModeForward="ADMIN" EventID="71" Forward="0" LockForward="1" PackageID="0" />
      <ForwardedEvent ApplyModeForward="ADMIN" EventID="77" Forward="0" LockForward="1" PackageID="0" />
      <ForwardedEvent ApplyModeForward="ADMIN" EventID="47" Forward="0" LockForward="1" PackageID="0" />
      <ForwardedEvent ApplyModeForward="ADMIN" EventID="48" Forward="0" LockForward="1" PackageID="0" />
      <ForwardedEvent ApplyModeForward="ADMIN" EventID="49" Forward="1" LockForward="1" PackageID="0" />
      <ForwardedEvent ApplyModeForward="ADMIN" EventID="50" Forward="0" LockForward="1" PackageID="0" />
      <ForwardedEvent ApplyModeForward="ADMIN" EventID="4" Forward="0" LockForward="1" PackageID="0" />
      <ForwardedEvent ApplyModeForward="ADMIN" EventID="7" Forward="1" LockForward="1" PackageID="0" />
      <ForwardedEvent ApplyModeForward="ADMIN" EventID="39" Forward="1" LockForward="1" PackageID="0" />
      <ForwardedEvent ApplyModeForward="ADMIN" EventID="40" Forward="1" LockForward="1" PackageID="0" />
      <ForwardedEvent ApplyModeForward="ADMIN" EventID="12" Forward="1" LockForward="1" PackageID="0" />
      <ForwardedEvent ApplyModeForward="ADMIN" EventID="55" Forward="1" LockForward="1" PackageID="0" />
      <ForwardedEvent ApplyModeForward="ADMIN" EventID="57" Forward="1" LockForward="1" PackageID="0" />
      <ForwardedEvent ApplyModeForward="ADMIN" EventID="58" Forward="1" LockForward="1" PackageID="0" />
      <ForwardedEvent ApplyModeForward="ADMIN" EventID="13" Forward="1" LockForward="1" PackageID="0" />
      <ForwardedEvent ApplyModeForward="ADMIN" EventID="14" Forward="1" LockForward="1" PackageID="0" />
      <ForwardedEvent ApplyModeForward="ADMIN" EventID="22" Forward="1" LockForward="1" PackageID="0" />
      <ForwardedEvent ApplyModeForward="ADMIN" EventID="23" Forward="1" LockForward="1" PackageID="0" />
      <ForwardedEvent ApplyModeForward="ADMIN" EventID="24" Forward="1" LockForward="1" PackageID="0" />
      </LogHandling>
      <InternetBrowserProtection ApplyModeHomepageAddress="ADMIN" HomepageAddress="http://www.symantec.com/enterprise/security_response/index.jsp" LockHomepageAddress="1" />
      </AVGeneral>
      </AVGeneralZone>
    - <AVAutoProtectZone>
    - <AVAutoProtect ApplyModeEnableAutoProtect="ADMIN" EnableAutoProtect="1" LockEnableAutoProtect="1" Name="AVAutoProtect@6B898D280A010511005D5DD7D6ED84A2">
    - <FileTypes ApplyModeSelectedExtensions="ADMIN" ApplyModeSmartScan="ADMIN" LockSelectedExtensions="1" LockSmartScan="1" SelectedExtensions="0" SmartScan="0">
      <SelectedExtensionsList ApplyMode="ADMIN" locked="1" />
      </FileTypes>
      <ScanOptions ApplyModeBlockSecurityRisks="ADMIN" ApplyModeScanForSecurityRisks="ADMIN" BlockSecurityRisks="1" LockBlockSecurityRisks="1" LockScanForSecurityRisks="1" ScanForSecurityRisks="VIRAL_HEURISTIC_AND_NONVIRAL" />
      <DriveTypes ApplyModeCDRom="ADMIN" ApplyModeFloppy="ADMIN" ApplyModeNetwork="ADMIN" CDRom="0" Floppy="1" LockCDRom="0" LockFloppy="0" LockNetwork="1" Network="0" />
    - <AdvancedAPScanOptions ApplyModeStopAndReloadAutoProtect="ADMIN" ApplyModeSystemStart="ADMIN" LockStopAndReloadAutoProtect="1" LockSystemStart="1" StopAndReloadAutoProtect="1" SystemStart="0">
      <FileScanningOptions ApplyModeForLeaveAloneDeleteInfectedOnCreate="ADMIN" ApplyModePreserveFileTimes="ADMIN" ApplyModeScanFilesOpenForBackup="ADMIN" ApplyModeScanOnExec="ADMIN" ApplyModeScanOnModify="ADMIN" ApplyModeScanOnRead="ADMIN" ForLeaveAloneDeleteInfectedOnCreate="1" LockForLeaveAloneDeleteInfectedOnCreate="1" LockPreserveFileTimes="1" LockScanFilesOpenForBackup="1" LockScanOnExec="1" LockScanOnModify="1" LockScanOnRead="1" PreserveFileTimes="1" ScanFilesOpenForBackup="1" ScanOnExec="1" ScanOnModify="1" ScanOnRead="1" />
      <FileCacheOptions ApplyModeFileCacheEntries="ADMIN" ApplyModeFileCacheSizeControl="ADMIN" ApplyModeRescanOnDefReload="ADMIN" FileCacheEntries="10000" FileCacheSizeControl="DEFAULT" LockFileCacheEntries="1" LockFileCacheSizeControl="1" LockRescanOnDefReload="1" RescanOnDefReload="1" />
      <AutoEnablerOptions APEnablerEnabled="1" APEnablerInterval="3" ApplyModeAPEnablerEnabled="ADMIN" ApplyModeAPEnablerInterval="ADMIN" LockAPEnablerEnabled="0" LockAPEnablerInterval="0" />
      <ThreatTracerOptions ApplyModeClientFirewallAutoBlock="ADMIN" ApplyModeEnableThreatTracer="ADMIN" ApplyModePollForNetworkSessions="ADMIN" ApplyModePollingInterval="ADMIN" ApplyModeResolveSourceComputerIPAddress="ADMIN" ClientFirewallAutoBlock="1" EnableThreatTracer="0" LockClientFirewallAutoBlock="1" LockEnableThreatTracer="1" LockPollForNetworkSessions="1" LockPollingInterval="1" LockResolveSourceComputerIPAddress="1" PollForNetworkSessions="1" PollingInterval="10000" ResolveSourceComputerIPAddress="1" />
      <HeuristicsOptions ApplyModeBloodhoundLevel="ADMIN" ApplyModeEnableBloodhound="ADMIN" BloodhoundLevel="DEFAULT" EnableBloodhound="1" LockBloodhoundLevel="1" LockEnableBloodhound="1" />
      <NetworkOptions ApplyModeCacheEntries="ADMIN" ApplyModeCacheTimeout="ADMIN" ApplyModeEnableCache="ADMIN" ApplyModeTrustNetAP="ADMIN" CacheEntries="30" CacheTimeout="600000" EnableCache="1" LockCacheEntries="1" LockCacheTimeout="1" LockEnableCache="1" LockTrustNetAP="1" TrustNetAP="1" />
      <FloppyOptions ApplyModeFloppyBootVirusFoundAction="ADMIN" ApplyModeScanFloppyBROnAccess="ADMIN" ApplyModeSkipShutDownFloppyCheck="ADMIN" FloppyBootVirusFoundAction="LEAVE_ALONE" LockFloppyBootVirusFoundAction="1" LockScanFloppyBROnAccess="1" LockSkipShutDownFloppyCheck="1" ScanFloppyBROnAccess="1" SkipShutDownFloppyCheck="1" />
      <BackupOptions ApplyModeBackupFileBeforeRepair="ADMIN" BackupFileBeforeRepair="1" LockBackupFileBeforeRepair="1" />
      </AdvancedAPScanOptions>
    - <APActions>
      <MacroVirusAction ApplyModeFirstAction="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="CLEAN_THREAT" LockFirstAction="1" LockSecondAction="1" SecondAction="QUARANTINE_THREAT" />
      <NonMacroVirusAction ApplyModeFirstAction="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="CLEAN_THREAT" LockFirstAction="1" LockSecondAction="1" SecondAction="QUARANTINE_THREAT" />
    - <SecurityRisksAction ApplyModeFirstAction="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="1" LockSecondAction="1" SecondAction="QUARANTINE_THREAT">
      <HackerToolsAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="0" LockOverrideSecurityRiskActions="1" LockSecondAction="0" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      <SpywareAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="0" LockOverrideSecurityRiskActions="1" LockSecondAction="0" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      <TrackwareAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="0" LockOverrideSecurityRiskActions="1" LockSecondAction="0" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      <DialersAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="0" LockOverrideSecurityRiskActions="1" LockSecondAction="0" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      <RemoteAccessAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="0" LockOverrideSecurityRiskActions="1" LockSecondAction="0" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      <OtherAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="0" LockOverrideSecurityRiskActions="1" LockSecondAction="0" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      <AdwareAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="0" LockOverrideSecurityRiskActions="1" LockSecondAction="0" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      <JokeProgramsAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="0" LockOverrideSecurityRiskActions="1" LockSecondAction="0" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      </SecurityRisksAction>
      </APActions>
      <RemediationOptions ApplyModeStopServices="ADMIN" ApplyModeTerminateProcesses="ADMIN" LockStopServices="1" LockTerminateProcesses="1" StopServices="1" TerminateProcesses="1" />
    - <NotificationOptions ApplyModeDisplayMessage="ADMIN" ApplyModeDisplayResultDialog="ADMIN" DisplayMessage="0" DisplayResultDialog="1" LockDisplayMessage="1" LockDisplayResultDialog="1">
    - <MessageText ApplyMode="ADMIN" locked="1">
    <![CDATA[ 
    Scan type: ~L Scan\nEvent: ~E\nSecurity risk detected: ~V\nFile: ~P\nLocation: ~C\nComputer: ~S\nUser: ~N\nAction taken: ~A\nDate found: ~T
      ]]>
      </MessageText>
      </NotificationOptions>
      </AVAutoProtect>
      </AVAutoProtectZone>
    - <MacAVAutoProtectZone>
    - <MacAVAutoProtect ApplyModeEnableAutoProtect="ADMIN" EnableAutoProtect="1" LockEnableAutoProtect="0" Name="MacAVAutoProtect@6B898D280A010511005D5DD7D6ED84A2">
      <ScanOptions AutoRepairInfectedFiles="0" QuarantineUnrepairableFiles="1" />
    - <NotificationOptions ApplyModeDisplayMessage="ADMIN" ApplyModeDisplayResultDialog="ADMIN" DisplayMessage="1" DisplayResultDialog="0" LockDisplayMessage="0" LockDisplayResultDialog="0">
    - <MessageText ApplyMode="ADMIN" locked="0">
    <![CDATA[ 
    Scan type: ~L Scan\nEvent: ~E\nSecurity risk detected: ~V\nFile: ~P\nLocation: ~C\nComputer: ~S\nUser: ~N\nAction taken: ~A\nDate found: ~T
      ]]>
      </MessageText>
      </NotificationOptions>
      <CompressedFiles ScanCompressed="1" />
    - <ApScanOptions WhereToScanFiles="SCAN_EVERYWHERE">
      <FileListingDetails />
      <FolderListingDetails />
      </ApScanOptions>
    - <MountDiskScanOptions Enabled="1" ShowProgress="1">
      <DiskTypes All="0" AllOtherDisks="1" AudioVideoDisk="0" DataDisk="1" IPOD="1" />
      </MountDiskScanOptions>
      </MacAVAutoProtect>
      </MacAVAutoProtectZone>
    - <MacAVAdminDefinedScanOptionsZone>
    - <MacAVAdminDefinedScanOptions Name="MacAVAdminDefinedScanOptions@6B898D280A010511005D5DD7D6ED84A2">
    - <MacGeneralScanSettings AllowScanCancel="0" AllowScanSnooze="1" AutoRepairInfectedFiles="0" QuarantineUnrepairableFiles="1" ScanResultsDisplay="SHOW_ONLY_WHEN_INFECTED_FILES_FOUND">
      <CompressedFiles ScanCompressed="1" />
      </MacGeneralScanSettings>
    - <MacAVScanSettings HardDrives="1" RemovableDrives="1" ScanID="96655df4-0358-196e-b7f9-9f2f0f88ba83" ScanSelection="DRIVES">
      <Description>Full scan on Monday every week at 8:00 PM</Description>
    - <Schedule Created="1274194361" DayOfWeek="1" Enabled="1" MinOfDay="1200" Type="WEEK">
      <Name>Weekly Scheduled Scan</Name>
      </Schedule>
      <ThrottleScan ScanTuning="0" />
    - <MacScanNotification>
    - <Notification DisplayMessage="1" LockDisplayMessage="0">
      <MessageText />
      </Notification>
      </MacScanNotification>
      </MacAVScanSettings>
    - <MacScanNotification>
    - <Notification DisplayMessage="1" LockDisplayMessage="0">
    - <MessageText>
    <![CDATA[ 
    Scan type: ~L Scan\nEvent: ~E\nSecurity risk detected: ~V\nFile: ~P\nLocation: ~C\nComputer: ~S\nUser: ~N\nAction taken: ~A\nDate found: ~T
      ]]>
      </MessageText>
      </Notification>
      </MacScanNotification>
      </MacAVAdminDefinedScanOptions>
      </MacAVAdminDefinedScanOptionsZone>
    - <MacAVCommandScanOptionsZone>
    - <MacAVCommandScanOptions Name="MacAVCommandScanOptions@6B898D280A010511005D5DD7D6ED84A2">
    - <MacGeneralScanSettings AllowScanCancel="0" AllowScanSnooze="1" AutoRepairInfectedFiles="0" QuarantineUnrepairableFiles="1" ScanResultsDisplay="SHOW_ONLY_WHEN_INFECTED_FILES_FOUND">
      <CompressedFiles ScanCompressed="1" />
      </MacGeneralScanSettings>
    - <MacAVScanSettings HardDrives="1" RemovableDrives="1" ScanID="105558de-0f2f-5761-217e-c5987c963f95" ScanSelection="DRIVES">
      <Description>This scan can be activated by the administrator from the management console.</Description>
    - <Schedule Created="1274194361" Enabled="1" MinOfDay="0" Type="DAY">
      <Name>Administrator On-demand Scan</Name>
      </Schedule>
      <ThrottleScan ScanTuning="0" />
    - <MacScanNotification FilesToDisplayInNotification="SHOW_ONLY_INFECTED_FILES" ListPermissionsErrorsInNotification="0">
    - <Notification DisplayMessage="1" LockDisplayMessage="0">
    - <MessageText>
    <![CDATA[ 
    Scan type: ~L Scan\nEvent: ~E\nSecurity risk detected: ~V\nFile: ~P\nLocation: ~C\nComputer: ~S\nUser: ~N\nAction taken: ~A\nDate found: ~T
      ]]>
      </MessageText>
      </Notification>
      </MacScanNotification>
      </MacAVScanSettings>
      </MacAVCommandScanOptions>
      </MacAVCommandScanOptionsZone>
    - <AVEmailAutoProtectZone>
    - <AVEmailAutoProtect Name="AVEmailAutoProtect@6B898D280A010511005D5DD7D6ED84A2">
    - <InternetMail ApplyModeEnableSnapin="ADMIN" EnableSnapin="0" LockEnableSnapin="1">
    - <MailFileTypes ApplyModeSelectedExtTypes="ADMIN" LockSelectedExtTypes="0" SelectedExtTypes="0">
      <ExtensionsList ApplyMode="ADMIN" locked="0" />
      </MailFileTypes>
      <CompressedFiles ApplyModeScanCompressed="ADMIN" LockScanCompressed="0" ScanCompressed="1" ScanDepth="3" />
    - <APActions>
      <MacroVirusAction ApplyModeFirstAction="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="CLEAN_THREAT" LockFirstAction="0" LockSecondAction="0" SecondAction="QUARANTINE_THREAT" />
      <NonMacroVirusAction ApplyModeFirstAction="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="CLEAN_THREAT" LockFirstAction="0" LockSecondAction="0" SecondAction="QUARANTINE_THREAT" />
    - <SecurityRisksAction ApplyModeFirstAction="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="QUARANTINE_THREAT" LockFirstAction="0" LockSecondAction="0" SecondAction="LEAVE_ALONE">
      <HackerToolsAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="QUARANTINE_THREAT" LockFirstAction="0" LockOverrideSecurityRiskActions="0" LockSecondAction="0" OverrideSecurityRiskActions="0" SecondAction="LEAVE_ALONE" />
      <SpywareAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="QUARANTINE_THREAT" LockFirstAction="0" LockOverrideSecurityRiskActions="0" LockSecondAction="0" OverrideSecurityRiskActions="0" SecondAction="LEAVE_ALONE" />
      <TrackwareAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="QUARANTINE_THREAT" LockFirstAction="0" LockOverrideSecurityRiskActions="0" LockSecondAction="0" OverrideSecurityRiskActions="0" SecondAction="LEAVE_ALONE" />
      <DialersAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="QUARANTINE_THREAT" LockFirstAction="0" LockOverrideSecurityRiskActions="0" LockSecondAction="0" OverrideSecurityRiskActions="0" SecondAction="LEAVE_ALONE" />
      <RemoteAccessAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="QUARANTINE_THREAT" LockFirstAction="0" LockOverrideSecurityRiskActions="0" LockSecondAction="0" OverrideSecurityRiskActions="0" SecondAction="LEAVE_ALONE" />
      <OtherAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="QUARANTINE_THREAT" LockFirstAction="0" LockOverrideSecurityRiskActions="0" LockSecondAction="0" OverrideSecurityRiskActions="0" SecondAction="LEAVE_ALONE" />
      <AdwareAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="QUARANTINE_THREAT" LockFirstAction="0" LockOverrideSecurityRiskActions="0" LockSecondAction="0" OverrideSecurityRiskActions="0" SecondAction="LEAVE_ALONE" />
      <JokeProgramsAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="QUARANTINE_THREAT" LockFirstAction="0" LockOverrideSecurityRiskActions="0" LockSecondAction="0" OverrideSecurityRiskActions="0" SecondAction="LEAVE_ALONE" />
      </SecurityRisksAction>
      </APActions>
    - <NotificationOptions ApplyModeDisplayMessage="ADMIN" DisplayMessage="1" LockDisplayMessage="0">
    - <MessageText ApplyMode="ADMIN" locked="0">
    <![CDATA[ 
    Scan type: ~L Scan\nEvent: ~E\nSecurity risk detected: ~V\nFile: ~P\nLocation: ~C\nComputer: ~S\nUser: ~N\nAction taken: ~A\nDate found: ~T
      ]]>
      </MessageText>
      </NotificationOptions>
    - <Warning ApplyModeInsertWarning="ADMIN" ChangeSubject="1" InsertWarning="1" LockInsertWarning="0">
      <WarningSubject ApplyMode="ADMIN" locked="0">Security risk found in message "~U"</WarningSubject>
    - <WarningMessage ApplyMode="ADMIN" locked="0">
    <![CDATA[ 
    Symantec Endpoint Protection found a security risk in an attachment from ~D.
      ]]>
      </WarningMessage>
    - <WarningInfectionInformation ApplyMode="ADMIN" locked="0">
    <![CDATA[ 
    Attachment: ~O
Security risk detected: ~V
Action taken: ~A
File status: ~Z
      ]]>
      </WarningInfectionInformation>
      </Warning>
    - <Sender ApplyModeNotifySender="ADMIN" LockNotifySender="0" NotifySender="0">
      <SenderSubject ApplyMode="ADMIN" locked="0" />
      <SenderMessage ApplyMode="ADMIN" locked="0" />
      <SenderInfectionInformation ApplyMode="ADMIN" locked="0" />
      </Sender>
    - <Selected ApplyModeNotifySelected="ADMIN" LockNotifySelected="0" NotifySelected="0">
      <SelectedSubject ApplyMode="ADMIN" locked="0" />
      <SelectedMessage ApplyMode="ADMIN" locked="0" />
      <SelectedInfectionInformation ApplyMode="ADMIN" locked="0" />
      <Recipients />
      </Selected>
      <InternetMailConnectionSettings AllowEncryptedPop3="1" AllowEncryptedSmtp="1" ApplyModeAllowEncryptedPop3="ADMIN" ApplyModeAllowEncryptedSmtp="ADMIN" ApplyModePop3Port="ADMIN" ApplyModeSmtpPort="ADMIN" LockAllowEncryptedPop3="0" LockAllowEncryptedSmtp="0" LockPop3Port="0" LockSmtpPort="0" Pop3Port="110" SmtpPort="25" />
      <InternetMailHeuristics ApplyModeEnableOEH="ADMIN" ApplyModeFirstAction="ADMIN" ApplyModeSecondAction="ADMIN" EnableOEH="1" FirstAction="QUARANTINE_THREAT" LockEnableOEH="0" LockFirstAction="0" LockSecondAction="0" SecondAction="DELETE_THREAT" />
      <InternetMailDisplaySettings ApplyModeDisplayIcon="ADMIN" ApplyModeDisplayProgressWindow="ADMIN" DisplayIcon="0" DisplayProgressWindow="0" LockDisplayIcon="0" LockDisplayProgressWindow="0" />
      </InternetMail>
    - <LotusNotes ApplyModeEnableSnapin="ADMIN" EnableSnapin="0" LockEnableSnapin="1">
    - <MailFileTypes ApplyModeSelectedExtTypes="ADMIN" LockSelectedExtTypes="0" SelectedExtTypes="0">
      <ExtensionsList ApplyMode="ADMIN" locked="0" />
      </MailFileTypes>
      <CompressedFiles ApplyModeScanCompressed="ADMIN" LockScanCompressed="0" ScanCompressed="1" ScanDepth="3" />
    - <APActions>
      <MacroVirusAction ApplyModeFirstAction="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="CLEAN_THREAT" LockFirstAction="0" LockSecondAction="0" SecondAction="QUARANTINE_THREAT" />
      <NonMacroVirusAction ApplyModeFirstAction="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="CLEAN_THREAT" LockFirstAction="0" LockSecondAction="0" SecondAction="QUARANTINE_THREAT" />
    - <SecurityRisksAction ApplyModeFirstAction="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="QUARANTINE_THREAT" LockFirstAction="0" LockSecondAction="0" SecondAction="LEAVE_ALONE">
      <HackerToolsAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="QUARANTINE_THREAT" LockFirstAction="0" LockOverrideSecurityRiskActions="0" LockSecondAction="0" OverrideSecurityRiskActions="0" SecondAction="LEAVE_ALONE" />
      <SpywareAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="QUARANTINE_THREAT" LockFirstAction="0" LockOverrideSecurityRiskActions="0" LockSecondAction="0" OverrideSecurityRiskActions="0" SecondAction="LEAVE_ALONE" />
      <TrackwareAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="QUARANTINE_THREAT" LockFirstAction="0" LockOverrideSecurityRiskActions="0" LockSecondAction="0" OverrideSecurityRiskActions="0" SecondAction="LEAVE_ALONE" />
      <DialersAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="QUARANTINE_THREAT" LockFirstAction="0" LockOverrideSecurityRiskActions="0" LockSecondAction="0" OverrideSecurityRiskActions="0" SecondAction="LEAVE_ALONE" />
      <RemoteAccessAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="QUARANTINE_THREAT" LockFirstAction="0" LockOverrideSecurityRiskActions="0" LockSecondAction="0" OverrideSecurityRiskActions="0" SecondAction="LEAVE_ALONE" />
      <OtherAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="QUARANTINE_THREAT" LockFirstAction="0" LockOverrideSecurityRiskActions="0" LockSecondAction="0" OverrideSecurityRiskActions="0" SecondAction="LEAVE_ALONE" />
      <AdwareAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="QUARANTINE_THREAT" LockFirstAction="0" LockOverrideSecurityRiskActions="0" LockSecondAction="0" OverrideSecurityRiskActions="0" SecondAction="LEAVE_ALONE" />
      <JokeProgramsAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="QUARANTINE_THREAT" LockFirstAction="0" LockOverrideSecurityRiskActions="0" LockSecondAction="0" OverrideSecurityRiskActions="0" SecondAction="LEAVE_ALONE" />
      </SecurityRisksAction>
      </APActions>
    - <NotificationOptions ApplyModeDisplayMessage="ADMIN" DisplayMessage="1" LockDisplayMessage="0">
    - <MessageText ApplyMode="ADMIN" locked="0">
    <![CDATA[ 
    Scan type: ~L Scan\nEvent: ~E\nSecurity risk detected: ~V\nFile: ~P\nLocation: ~C\nComputer: ~S\nUser: ~N\nAction taken: ~A\nDate found: ~T
      ]]>
      </MessageText>
      </NotificationOptions>
    - <Warning ApplyModeInsertWarning="ADMIN" ChangeSubject="0" InsertWarning="1" LockInsertWarning="0">
      <WarningSubject ApplyMode="ADMIN" locked="0">Security risk found in message "~U"</WarningSubject>
    - <WarningMessage ApplyMode="ADMIN" locked="0">
    <![CDATA[ 
    Symantec Endpoint Protection found a security risk in an attachment from ~D.
      ]]>
      </WarningMessage>
    - <WarningInfectionInformation ApplyMode="ADMIN" locked="0">
    <![CDATA[ 
    Attachment: ~O
Security risk detected: ~V
Action taken: ~A
File status: ~Z
      ]]>
      </WarningInfectionInformation>
      </Warning>
    - <Sender ApplyModeNotifySender="ADMIN" LockNotifySender="0" NotifySender="0">
      <SenderSubject ApplyMode="ADMIN" locked="0" />
      <SenderMessage ApplyMode="ADMIN" locked="0" />
      <SenderInfectionInformation ApplyMode="ADMIN" locked="0" />
      </Sender>
    - <Selected ApplyModeNotifySelected="ADMIN" LockNotifySelected="0" NotifySelected="0">
      <SelectedSubject ApplyMode="ADMIN" locked="0" />
      <SelectedMessage ApplyMode="ADMIN" locked="0" />
      <SelectedInfectionInformation ApplyMode="ADMIN" locked="0" />
      <Recipients />
      </Selected>
      </LotusNotes>
    - <MicrosoftExchangeClient ApplyModeEnableSnapin="ADMIN" EnableSnapin="1" LockEnableSnapin="1">
    - <MailFileTypes ApplyModeSelectedExtTypes="ADMIN" LockSelectedExtTypes="1" SelectedExtTypes="0">
      <ExtensionsList ApplyMode="ADMIN" locked="1" />
      </MailFileTypes>
      <CompressedFiles ApplyModeScanCompressed="ADMIN" LockScanCompressed="1" ScanCompressed="1" ScanDepth="3" />
    - <APActions>
      <MacroVirusAction ApplyModeFirstAction="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="CLEAN_THREAT" LockFirstAction="1" LockSecondAction="1" SecondAction="DELETE_THREAT" />
      <NonMacroVirusAction ApplyModeFirstAction="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="CLEAN_THREAT" LockFirstAction="1" LockSecondAction="1" SecondAction="DELETE_THREAT" />
    - <SecurityRisksAction ApplyModeFirstAction="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="1" LockSecondAction="1" SecondAction="QUARANTINE_THREAT">
      <HackerToolsAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="0" LockOverrideSecurityRiskActions="1" LockSecondAction="0" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      <SpywareAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="0" LockOverrideSecurityRiskActions="1" LockSecondAction="0" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      <TrackwareAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="0" LockOverrideSecurityRiskActions="1" LockSecondAction="0" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      <DialersAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="0" LockOverrideSecurityRiskActions="1" LockSecondAction="0" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      <RemoteAccessAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="0" LockOverrideSecurityRiskActions="1" LockSecondAction="0" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      <OtherAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="0" LockOverrideSecurityRiskActions="1" LockSecondAction="0" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      <AdwareAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="0" LockOverrideSecurityRiskActions="1" LockSecondAction="0" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      <JokeProgramsAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="0" LockOverrideSecurityRiskActions="1" LockSecondAction="0" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      </SecurityRisksAction>
      </APActions>
    - <NotificationOptions ApplyModeDisplayMessage="ADMIN" DisplayMessage="0" LockDisplayMessage="1">
    - <MessageText ApplyMode="ADMIN" locked="1">
    <![CDATA[ 
    Scan type: ~L Scan\nEvent: ~E\nSecurity risk detected: ~V\nFile: ~P\nLocation: ~C\nComputer: ~S\nUser: ~N\nAction taken: ~A\nDate found: ~T
      ]]>
      </MessageText>
      </NotificationOptions>
    - <Warning ApplyModeInsertWarning="ADMIN" ChangeSubject="0" InsertWarning="1" LockInsertWarning="1">
      <WarningSubject ApplyMode="ADMIN" locked="1">Security risk found in message "~U"</WarningSubject>
    - <WarningMessage ApplyMode="ADMIN" locked="1">
    <![CDATA[ 
    Symantec Endpoint Protection found a security risk in an attachment from ~D.
      ]]>
      </WarningMessage>
    - <WarningInfectionInformation ApplyMode="ADMIN" locked="1">
    <![CDATA[ 
    Attachment: ~O
Security risk detected: ~V
Action taken: ~A
File status: ~Z
      ]]>
      </WarningInfectionInformation>
      </Warning>
    - <Sender ApplyModeNotifySender="ADMIN" LockNotifySender="1" NotifySender="0">
      <SenderSubject ApplyMode="ADMIN" locked="1" />
      <SenderMessage ApplyMode="ADMIN" locked="1" />
      <SenderInfectionInformation ApplyMode="ADMIN" locked="1" />
      </Sender>
    - <Selected ApplyModeNotifySelected="ADMIN" LockNotifySelected="1" NotifySelected="1">
      <SelectedSubject ApplyMode="ADMIN" locked="1">Security risk found in message "~U"</SelectedSubject>
    - <SelectedMessage ApplyMode="ADMIN" locked="1">
    <![CDATA[ 
    Symantec Endpoint Protection found a security risk in an attachment from ~D.
      ]]>
      </SelectedMessage>
    - <SelectedInfectionInformation ApplyMode="ADMIN" locked="1">
    <![CDATA[ 
    Attachment: ~O
Security risk detected: ~V
Action taken: ~A
File status: ~Z
      ]]>
      </SelectedInfectionInformation>
    - <Recipients>
      <Item>ccustodio@stefanini.com</Item>
      </Recipients>
      </Selected>
      </MicrosoftExchangeClient>
      </AVEmailAutoProtect>
      </AVEmailAutoProtectZone>
    - <HPPPolicyZone>
    - <HPPPolicy ApplyModeCommercialKeyloggerAction="ADMIN" ApplyModeCommercialRemoteControlAppAction="ADMIN" CommercialKeyloggerAction="LEAVE_ALONE" CommercialRemoteControlAppAction="LEAVE_ALONE" LockCommercialKeyloggerAction="1" LockCommercialRemoteControlAppAction="1" Name="HPPPolicy@6B898D280A010511005D5DD7D6ED84A2">
      <ScanSchedule ApplyModeIncrementalScanFrequency="ADMIN" ApplyModeNewProcessScanningEnabled="ADMIN" ApplyModeUseDefaultScanFrequency="ADMIN" IncrementalScanFrequency="3600" LockIncrementalScanFrequency="0" LockNewProcessScanningEnabled="0" LockUseDefaultScanFrequency="1" NewProcessScanningEnabled="0" UseDefaultScanFrequency="1" />
      <COEngine ApplyModeEnabled="ADMIN" Enabled="0" HeuristicDetectionCategory="0" LockEnabled="1" />
      <COEngine ApplyModeEnabled="ADMIN" Enabled="0" HeuristicDetectionCategory="1" LockEnabled="1" />
      <HPPNotifications ApplyModeDisplayAlert="ADMIN" ApplyModePromptStopService="ADMIN" ApplyModePromptTerminateProcess="ADMIN" DisplayAlert="0" LockDisplayAlert="1" LockPromptStopService="1" LockPromptTerminateProcess="1" PromptStopService="0" PromptTerminateProcess="0" />
      </HPPPolicy>
      </HPPPolicyZone>
    - <AVAdminDefinedScanOptionsZone>
    - <AVAdminDefinedScanOptions Name="AVAdminDefinedScanOptions@6B898D280A010511005D5DD7D6ED84A2">
      <AdvancedScanOptions NotificationWhenLoggedOff="1" QuickscanOnNewDefs="0" RunUserScans="1" SleepScanOnBattery="1" StartupScansOnLogin="0" UserModifyScan="1" />
    - <AVScheduledScan AdminDefined="1" ScanAllDrives="1" ScanID="73f4ce4b-c0a8-f95b-00ea-ec66a8cd8e0a" ScanType="FULL">
      <Description>Realiza um scan no servidor no horario indicado pela equipe do Datacenter.</Description>
    - <Schedule Created="1291036733" DayOfWeek="0" Enabled="1" MinOfDay="187" MissedEventEnabled="0" ScanTimeWindow="SCAN_UNTIL_FINISHED" Type="WEEK">
      <Name>Scheduled Scan</Name>
      </Schedule>
    - <ScanFileTypes ExtTypes="0">
      <ExtensionsList ApplyMode="ADMIN" locked="0" />
      </ScanFileTypes>
      <Enhancements ScanERASERDefs="1" ScanLoadpoints="1" ScanMemory="1" />
      <CompressedFiles ApplyModeScanCompressed="ADMIN" LockScanCompressed="0" ScanCompressed="1" ScanDepth="3" />
      <StorageMigration AccessType="ACCESSED" AccessWindow="30" BackupSemantics="0" MigrationOption="8388608" />
      <ThrottleScan ScanTuning="10" />
    - <APActions>
      <MacroVirusAction ApplyModeFirstAction="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="CLEAN_THREAT" LockFirstAction="1" LockSecondAction="1" SecondAction="QUARANTINE_THREAT" />
      <NonMacroVirusAction ApplyModeFirstAction="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="CLEAN_THREAT" LockFirstAction="1" LockSecondAction="1" SecondAction="QUARANTINE_THREAT" />
    - <SecurityRisksAction ApplyModeFirstAction="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="QUARANTINE_THREAT" LockFirstAction="1" LockSecondAction="1" SecondAction="LEAVE_ALONE">
      <HackerToolsAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="QUARANTINE_THREAT" LockFirstAction="1" LockOverrideSecurityRiskActions="1" LockSecondAction="1" OverrideSecurityRiskActions="0" SecondAction="LEAVE_ALONE" />
      <SpywareAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="QUARANTINE_THREAT" LockFirstAction="1" LockOverrideSecurityRiskActions="1" LockSecondAction="1" OverrideSecurityRiskActions="0" SecondAction="LEAVE_ALONE" />
      <TrackwareAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="QUARANTINE_THREAT" LockFirstAction="1" LockOverrideSecurityRiskActions="1" LockSecondAction="1" OverrideSecurityRiskActions="0" SecondAction="LEAVE_ALONE" />
      <DialersAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="QUARANTINE_THREAT" LockFirstAction="1" LockOverrideSecurityRiskActions="1" LockSecondAction="1" OverrideSecurityRiskActions="0" SecondAction="LEAVE_ALONE" />
      <RemoteAccessAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="QUARANTINE_THREAT" LockFirstAction="1" LockOverrideSecurityRiskActions="1" LockSecondAction="1" OverrideSecurityRiskActions="0" SecondAction="LEAVE_ALONE" />
      <OtherAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="QUARANTINE_THREAT" LockFirstAction="1" LockOverrideSecurityRiskActions="1" LockSecondAction="1" OverrideSecurityRiskActions="0" SecondAction="LEAVE_ALONE" />
      <AdwareAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="QUARANTINE_THREAT" LockFirstAction="1" LockOverrideSecurityRiskActions="1" LockSecondAction="1" OverrideSecurityRiskActions="0" SecondAction="LEAVE_ALONE" />
      <JokeProgramsAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="QUARANTINE_THREAT" LockFirstAction="1" LockOverrideSecurityRiskActions="1" LockSecondAction="1" OverrideSecurityRiskActions="0" SecondAction="LEAVE_ALONE" />
      </SecurityRisksAction>
      </APActions>
      <BackupOptions ApplyModeBackupFileBeforeRepair="ADMIN" BackupFileBeforeRepair="1" LockBackupFileBeforeRepair="1" />
      <RemediationOptions ApplyModeStopServices="ADMIN" ApplyModeTerminateProcesses="ADMIN" LockStopServices="1" LockTerminateProcesses="1" StopServices="0" TerminateProcesses="0" />
    - <Notification ApplyModeDisplayMessage="ADMIN" DisplayMessage="0" LockDisplayMessage="0">
    - <MessageText ApplyMode="ADMIN" locked="0">
    <![CDATA[ 
    Scan type: ~L Scan\nEvent: ~E\nSecurity risk detected: ~V\nFile: ~P\nLocation: ~C\nComputer: ~S\nUser: ~N\nAction taken: ~A\nDate found: ~T
      ]]>
      </MessageText>
      </Notification>
    - <RemoteOptions AllowUserDelay="1" AllowUserStop="0" CloseScanOnFinish="1" DisplayProgress="0" DisplayProgressOnThreat="0">
      <DelayOptions AllowExtendSnoozeTime="0" MaxNumberOfSnooze="3" MaxPauseMinutes="0" />
      </RemoteOptions>
      </AVScheduledScan>
      </AVAdminDefinedScanOptions>
      </AVAdminDefinedScanOptionsZone>
    - <AVCommandScanOptionsZone>
    - <AVCommandScanOptions Name="AVCommandScanOptions@6B898D280A010511005D5DD7D6ED84A2">
    - <AVCommandScan AdminDefined="1" ScanAllDrives="1" ScanID="128b5f7b-c0a8-f95b-00af-ae75ecd7a339" ScanType="CUSTOM">
    - <ScanFileTypes ExtTypes="0">
      <ExtensionsList ApplyMode="ADMIN" locked="0" />
      </ScanFileTypes>
      <Enhancements ScanERASERDefs="0" ScanLoadpoints="1" ScanMemory="1" />
      <CompressedFiles ApplyModeScanCompressed="ADMIN" LockScanCompressed="0" ScanCompressed="1" ScanDepth="3" />
      <StorageMigration AccessType="ACCESSED" AccessWindow="30" BackupSemantics="0" MigrationOption="8388608" />
      <ThrottleScan ScanTuning="10" />
    - <APActions>
      <MacroVirusAction ApplyModeFirstAction="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="CLEAN_THREAT" LockFirstAction="1" LockSecondAction="1" SecondAction="DELETE_THREAT" />
      <NonMacroVirusAction ApplyModeFirstAction="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="CLEAN_THREAT" LockFirstAction="1" LockSecondAction="1" SecondAction="DELETE_THREAT" />
    - <SecurityRisksAction ApplyModeFirstAction="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="1" LockSecondAction="1" SecondAction="QUARANTINE_THREAT">
      <HackerToolsAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="1" LockOverrideSecurityRiskActions="1" LockSecondAction="1" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      <SpywareAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="1" LockOverrideSecurityRiskActions="1" LockSecondAction="1" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      <TrackwareAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="1" LockOverrideSecurityRiskActions="1" LockSecondAction="1" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      <DialersAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="1" LockOverrideSecurityRiskActions="1" LockSecondAction="1" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      <RemoteAccessAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="1" LockOverrideSecurityRiskActions="1" LockSecondAction="1" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      <OtherAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="1" LockOverrideSecurityRiskActions="1" LockSecondAction="1" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      <AdwareAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="1" LockOverrideSecurityRiskActions="1" LockSecondAction="1" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      <JokeProgramsAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="1" LockOverrideSecurityRiskActions="1" LockSecondAction="1" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      </SecurityRisksAction>
      </APActions>
      <BackupOptions ApplyModeBackupFileBeforeRepair="ADMIN" BackupFileBeforeRepair="1" LockBackupFileBeforeRepair="1" />
      <RemediationOptions ApplyModeStopServices="ADMIN" ApplyModeTerminateProcesses="ADMIN" LockStopServices="1" LockTerminateProcesses="1" StopServices="1" TerminateProcesses="1" />
    - <Notification ApplyModeDisplayMessage="ADMIN" DisplayMessage="0" LockDisplayMessage="0">
    - <MessageText ApplyMode="ADMIN" locked="0">
    <![CDATA[ 
    Scan type: ~L Scan\nEvent: ~E\nSecurity risk detected: ~V\nFile: ~P\nLocation: ~C\nComputer: ~S\nUser: ~N\nAction taken: ~A\nDate found: ~T
      ]]>
      </MessageText>
      </Notification>
    - <RemoteOptions AllowUserDelay="1" AllowUserStop="0" CloseScanOnFinish="1" DisplayProgress="0" DisplayProgressOnThreat="0">
      <DelayOptions AllowExtendSnoozeTime="0" MaxNumberOfSnooze="3" MaxPauseMinutes="0" />
      </RemoteOptions>
      </AVCommandScan>
    - <AVCommandScan AdminDefined="1" ScanAllDrives="1" ScanID="E2B8F1027D2FDD9E27DFB745C346B993" ScanType="QUICK">
    - <ScanFileTypes ExtTypes="0">
      <ExtensionsList ApplyMode="ADMIN" locked="0" />
      </ScanFileTypes>
      <Enhancements ScanERASERDefs="0" ScanLoadpoints="1" ScanMemory="1" />
      <CompressedFiles ApplyModeScanCompressed="ADMIN" LockScanCompressed="0" ScanCompressed="1" ScanDepth="3" />
      <StorageMigration AccessType="ACCESSED" AccessWindow="30" BackupSemantics="0" MigrationOption="8388608" />
      <ThrottleScan ScanTuning="10" />
    - <APActions>
      <MacroVirusAction ApplyModeFirstAction="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="CLEAN_THREAT" LockFirstAction="1" LockSecondAction="1" SecondAction="DELETE_THREAT" />
      <NonMacroVirusAction ApplyModeFirstAction="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="CLEAN_THREAT" LockFirstAction="1" LockSecondAction="1" SecondAction="DELETE_THREAT" />
    - <SecurityRisksAction ApplyModeFirstAction="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="1" LockSecondAction="1" SecondAction="QUARANTINE_THREAT">
      <HackerToolsAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="1" LockOverrideSecurityRiskActions="1" LockSecondAction="1" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      <SpywareAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="1" LockOverrideSecurityRiskActions="1" LockSecondAction="1" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      <TrackwareAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="1" LockOverrideSecurityRiskActions="1" LockSecondAction="1" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      <DialersAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="1" LockOverrideSecurityRiskActions="1" LockSecondAction="1" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      <RemoteAccessAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="1" LockOverrideSecurityRiskActions="1" LockSecondAction="1" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      <OtherAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="1" LockOverrideSecurityRiskActions="1" LockSecondAction="1" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      <AdwareAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="1" LockOverrideSecurityRiskActions="1" LockSecondAction="1" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      <JokeProgramsAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="1" LockOverrideSecurityRiskActions="1" LockSecondAction="1" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      </SecurityRisksAction>
      </APActions>
      <BackupOptions ApplyModeBackupFileBeforeRepair="ADMIN" BackupFileBeforeRepair="1" LockBackupFileBeforeRepair="1" />
      <RemediationOptions ApplyModeStopServices="ADMIN" ApplyModeTerminateProcesses="ADMIN" LockStopServices="1" LockTerminateProcesses="1" StopServices="1" TerminateProcesses="1" />
    - <Notification ApplyModeDisplayMessage="ADMIN" DisplayMessage="0" LockDisplayMessage="0">
    - <MessageText ApplyMode="ADMIN" locked="0">
    <![CDATA[ 
    Scan type: ~L Scan\nEvent: ~E\nSecurity risk detected: ~V\nFile: ~P\nLocation: ~C\nComputer: ~S\nUser: ~N\nAction taken: ~A\nDate found: ~T
      ]]>
      </MessageText>
      </Notification>
    - <RemoteOptions AllowUserDelay="1" AllowUserStop="0" CloseScanOnFinish="1" DisplayProgress="0" DisplayProgressOnThreat="0">
      <DelayOptions AllowExtendSnoozeTime="0" MaxNumberOfSnooze="3" MaxPauseMinutes="0" />
      </RemoteOptions>
      </AVCommandScan>
    - <AVCommandScan AdminDefined="1" ScanAllDrives="1" ScanID="AB4917A7AD3408992E014DFFD3B74296" ScanType="FULL">
    - <ScanFileTypes ExtTypes="0">
      <ExtensionsList ApplyMode="ADMIN" locked="0" />
      </ScanFileTypes>
      <Enhancements ScanERASERDefs="0" ScanLoadpoints="1" ScanMemory="1" />
      <CompressedFiles ApplyModeScanCompressed="ADMIN" LockScanCompressed="0" ScanCompressed="1" ScanDepth="3" />
      <StorageMigration AccessType="ACCESSED" AccessWindow="30" BackupSemantics="0" MigrationOption="8388608" />
      <ThrottleScan ScanTuning="10" />
    - <APActions>
      <MacroVirusAction ApplyModeFirstAction="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="CLEAN_THREAT" LockFirstAction="1" LockSecondAction="1" SecondAction="DELETE_THREAT" />
      <NonMacroVirusAction ApplyModeFirstAction="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="CLEAN_THREAT" LockFirstAction="1" LockSecondAction="1" SecondAction="DELETE_THREAT" />
    - <SecurityRisksAction ApplyModeFirstAction="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="1" LockSecondAction="1" SecondAction="QUARANTINE_THREAT">
      <HackerToolsAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="1" LockOverrideSecurityRiskActions="1" LockSecondAction="1" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      <SpywareAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="1" LockOverrideSecurityRiskActions="1" LockSecondAction="1" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      <TrackwareAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="1" LockOverrideSecurityRiskActions="1" LockSecondAction="1" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      <DialersAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="1" LockOverrideSecurityRiskActions="1" LockSecondAction="1" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      <RemoteAccessAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="1" LockOverrideSecurityRiskActions="1" LockSecondAction="1" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      <OtherAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="1" LockOverrideSecurityRiskActions="1" LockSecondAction="1" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      <AdwareAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="1" LockOverrideSecurityRiskActions="1" LockSecondAction="1" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      <JokeProgramsAction ApplyModeFirstAction="ADMIN" ApplyModeOverrideSecurityRiskActions="ADMIN" ApplyModeSecondAction="ADMIN" FirstAction="DELETE_THREAT" LockFirstAction="1" LockOverrideSecurityRiskActions="1" LockSecondAction="1" OverrideSecurityRiskActions="0" SecondAction="QUARANTINE_THREAT" />
      </SecurityRisksAction>
      </APActions>
      <BackupOptions ApplyModeBackupFileBeforeRepair="ADMIN" BackupFileBeforeRepair="1" LockBackupFileBeforeRepair="1" />
      <RemediationOptions ApplyModeStopServices="ADMIN" ApplyModeTerminateProcesses="ADMIN" LockStopServices="1" LockTerminateProcesses="1" StopServices="1" TerminateProcesses="1" />
    - <Notification ApplyModeDisplayMessage="ADMIN" DisplayMessage="0" LockDisplayMessage="0">
    - <MessageText ApplyMode="ADMIN" locked="0">
    <![CDATA[ 
    Scan type: ~L Scan\nEvent: ~E\nSecurity risk detected: ~V\nFile: ~P\nLocation: ~C\nComputer: ~S\nUser: ~N\nAction taken: ~A\nDate found: ~T
      ]]>
      </MessageText>
      </Notification>
    - <RemoteOptions AllowUserDelay="1" AllowUserStop="0" CloseScanOnFinish="1" DisplayProgress="0" DisplayProgressOnThreat="0">
      <DelayOptions AllowExtendSnoozeTime="0" MaxNumberOfSnooze="3" MaxPauseMinutes="0" />
      </RemoteOptions>
      </AVCommandScan>
      </AVCommandScanOptions>
      </AVCommandScanOptionsZone>
    - <AVQuarantineZone>
    - <AVQuarantine ActionOnNewDefs="REPAIR_AND_RESTORE" ConfigureQuarantineDir="1" DefaultDirectory="C:\Quarentena" EnableDefaultDirectory="0" Name="AVQuarantine@6B898D280A010511005D5DD7D6ED84A2">
    - <Forwarding AVDetectionSubmissionPercentage="10" ApplyModeAutoSubmitAVDetection="ADMIN" ApplyModeAutoSubmitHPPSample="ADMIN" AutoSubmitAVDetection="0" AutoSubmitHPPSample="0" EnableForwarding="0" EnableScanAndDeliver="1" HPPSampleSubmissionPercentage="10" LockAutoSubmitAVDetection="1" LockAutoSubmitHPPSample="1" Port="33" Protocol="QSFORWARDING_IP" RetryTimer="600">
      <AVServerName />
      </Forwarding>
      <PurgeRepaired AgeLimit="15" AgeUnits="PURGE_DAYS" EnablePurge="1" EnablePurgeSize="0" PurgeSize="50" />
      <PurgeBackup AgeLimit="15" AgeUnits="PURGE_DAYS" EnablePurge="1" EnablePurgeSize="0" PurgeSize="50" />
      <PurgeQuarantined AgeLimit="15" AgeUnits="PURGE_DAYS" EnablePurge="1" EnablePurgeSize="1" PurgeSize="50" />
      </AVQuarantine>
      </AVQuarantineZone>
    - <AVVirusDefOptionsZone>
    - <AVVirusDefOptions DisplayMissingDefMessage="0" DisplayOutdatedMessage="1" Enable="1" Name="AVVirusDefOptions@6B898D280A010511005D5DD7D6ED84A2" WarnAfterDays="7">
      <PatternWarningMessage>O seu antivírus está desatualizado. ENtre em contato com o Suporte TI (Ramal 9828) para que seja atualizado.</PatternWarningMessage>
      </AVVirusDefOptions>
      </AVVirusDefOptionsZone>
    - <MacAVVirusDefOptionsZone>
    - <MacAVVirusDefOptions DisplayOutdatedMessage="1" Enable="1" Name="MacAVVirusDefOptions@6B898D280A010511005D5DD7D6ED84A2" WarnAfterDays="30">
      <PatternWarningMessage>Your virus definitions are currently out of date. Contact your system administrator on how to update them.</PatternWarningMessage>
      </MacAVVirusDefOptions>
      </MacAVVirusDefOptionsZone>
    - <MacGEHGeneralZone>
      <MacGEHGeneral Name="MacGEHGeneral@6B898D280A010511005D5DD7D6ED84A2" Version="1.1.1" />
      </MacGEHGeneralZone>
    - <GEHGeneralZone>
    - <GEHGeneral Name="GEHGeneral@6B898D280A010511005D5DD7D6ED84A2" Version="1.1.1">
      <GlobalExceptionDirectory ExcludeSubdirectories="1" ExtensionList="" FirstAction="GEA_IGNORE" Name="Q:\" Owner="GEO_ADMIN" ProtectionTechnology="GEPT_RISK" SecondAction="GEA_IGNORE" Value="Q:\" />
      <GlobalExceptionDirectory ExcludeSubdirectories="1" ExtensionList="" FirstAction="GEA_IGNORE" Name="E:\Apps\sagem\AGS\AGSMulti\RDB" Owner="GEO_ADMIN" ProtectionTechnology="GEPT_RISK" SecondAction="GEA_IGNORE" Value="E:\Apps\sagem\AGS\AGSMulti\RDB" />
      <GlobalExceptionDirectory ExcludeSubdirectories="1" ExtensionList="" FirstAction="GEA_IGNORE" Name="E:\Apps\sagem\AGS\AGSMulti\FLTdata" Owner="GEO_ADMIN" ProtectionTechnology="GEPT_RISK" SecondAction="GEA_IGNORE" Value="E:\Apps\sagem\AGS\AGSMulti\FLTdata" />
      <GlobalExceptionFileExtension FirstAction="GEA_IGNORE" Name="mdf,ost,ndf,ldf,log,edb" Owner="GEO_ADMIN" ProtectionTechnology="GEPT_RISK" SecondAction="GEA_IGNORE" Value="mdf,ost,ndf,ldf,log,edb" />
      <EndpointRestrictions LockGlobalExceptionDirectory="1" LockGlobalExceptionFileExtension="1" LockGlobalExceptionFileHash="1" LockGlobalExceptionFileName="1" LockGlobalExceptionPVID="1" />
      </GEHGeneral>
      </GEHGeneralZone>
    - <SymcIPSSettingGroupZone>
    - <SymcIPSSettingGroup Name="Symc_IPS_C51F4926C0A8F95B017C01EC1674179C">
      <SymcIPSDescriptiveName>Azul - IPS Policy</SymcIPSDescriptiveName>
      <SymcIPSExceptionList />
      </SymcIPSSettingGroup>
      </SymcIPSSettingGroupZone>
    - <SymProtectPolicyZone>
    - <SymProtectPolicy ApplyModeDisableDefaultEventExclusions="ADMIN" ApplyModeEnabled="ADMIN" ApplyModeEventTimeoutDefault="ADMIN" ApplyModeEventTimeoutQuery="ADMIN" ApplyModeEventTimeoutSet="ADMIN" ApplyModeProtectStandalone="ADMIN" DisableDefaultEventExclusions="0" Enabled="0" EventTimeoutDefault="60000" EventTimeoutQuery="60000" EventTimeoutSet="60000" LockDisableDefaultEventExclusions="0" LockEnabled="1" LockEventTimeoutDefault="0" LockEventTimeoutQuery="0" LockEventTimeoutSet="0" LockProtectStandalone="1" Name="TamperProtectionPolicy" ProtectStandalone="0">
    - <ProtectionProcessSettings>
      <ProtectionTargetSettings ApplyModeDisplayMessage="ADMIN" ApplyModeProtectionLevel="ADMIN" DisplayMessage="0" LockDisplayMessage="0" LockProtectionLevel="0" ProtectionLevel="LOG_ONLY" />
      </ProtectionProcessSettings>
    - <ProtectionNamedObjectSettings>
      <ProtectionTargetSettings ApplyModeDisplayMessage="ADMIN" ApplyModeProtectionLevel="ADMIN" DisplayMessage="0" LockDisplayMessage="0" LockProtectionLevel="0" ProtectionLevel="LOG_ONLY" />
      </ProtectionNamedObjectSettings>
    - <NotificationOptions ApplyModeDisplayMessage="ADMIN" DisplayMessage="0" LockDisplayMessage="0">
    - <MessageText ApplyMode="ADMIN" locked="0">
    <![CDATA[ 
    SYMANTEC TAMPER PROTECTION ALERT\n\nTarget:  ~Q\nEvent Info:  ~H ~J\nActionTaken:  ~G\nActor Process:  ~M (PID ~K)\nTime:  ~T
      ]]>
      </MessageText>
      </NotificationOptions>
      </SymProtectPolicy>
      </SymProtectPolicyZone>
    - <LUPolicyZone>
    - <LUPolicy Description="Direciona os desktop / totens / servidores para se atualizarem através do servidor local." Name="LUPolicy@6B898D280A010511005D5DD7D6ED84A2">
    - <LUContentSourceInfo Enabled3rdPartyManagement="0" MasterClientBypassTime="-1" MasterClientDeleteUnusedContentsTime="259200" MasterClientHost="10.131.253.60" MasterClientMaxDiskCache="500" MasterClientPort="2967" MasterClientThreadCount="30" MasterClientThrottling="40" UseLiveUpdateServer="0" UseManagementServer="1" UseMasterClient="1">
      <LUHttpProxy Encrypt="CLIENT_SIDE" Mode="NONE" RequireAuthentication="0" />
      <LUFtpProxy Encrypt="CLIENT_SIDE" Mode="NONE" RequireAuthentication="0" />
      </LUContentSourceInfo>
      <LUDownloadSchedule Enabled="0" />
      <LUGeneralConfig AllowLocalScheduleChange="0" AllowManualLiveUpdate="0" AllowPatchByLiveUpdate="0" />
      </LUPolicy>
      </LUPolicyZone>
    - <RebootOptionsZone>
      <RebootOptions DisplayTimeout="60" MaxSnoozeCount="3" PromptMessage="Please restart your computer." PromptUser="0" SnoozeInterval="5" />
      </RebootOptionsZone>
      </GlobalGroups>
    - <License>
      <Snac Enabled="0" />
      </License>
    - <LUContentPolicy Description="Created automatically during product installation." Enable="1" Name="LiveUpdate Content policy">
      <LUAppliedContent Description="SESC Virus Definitions Win64 (x64) v11 - Hub - SymAllLanguages" Enabled="1" Moniker="{DFB8BBDD-52DE-427e-9EB3-FB7665893221}" VersionSelectionType="LATEST" />
      <LUAppliedContent Description="SESC Virus Definitions Win64 (x64) v11 - MicroDefsB.CurDefs - SymAllLanguages" Enabled="1" Moniker="{1CD85198-26C6-4bac-8C72-5D34B025DE35}" VersionSelectionType="LATEST" />
      <LUAppliedContent Description="SESC Virus Definitions Win32 v11 - Hub - SymAllLanguages" Enabled="1" Moniker="{B36CDA3C-B15B-421c-A2A4-7EC70E3B852B}" VersionSelectionType="LATEST" />
      <LUAppliedContent Description="SESC Virus Definitions Win32 v11 - MicroDefsB.CurDefs - SymAllLanguages" Enabled="1" Moniker="{C60DC234-65F9-4674-94AE-62158EFCA433}" VersionSelectionType="LATEST" />
      <LUAppliedContent Description="SEP PTS Engine Win64 - 6.1.0 - SymAllLanguages" Enabled="1" Moniker="{DB206823-FFD2-440a-9B89-CCFD45F3F1CD}" VersionSelectionType="LATEST" />
      <LUAppliedContent Description="SEP PTS Content - 6.1.0 - SymAllLanguages" Enabled="1" Moniker="{EA960B33-2196-4d53-8AC4-D5043A5B6F9B}" VersionSelectionType="LATEST" />
      <LUAppliedContent Description="SEP PTS Engine Win32 - 6.1.0 - SymAllLanguages" Enabled="1" Moniker="{C13726A9-8DF7-4583-9B39-105B7EBD55E2}" VersionSelectionType="LATEST" />
      <LUAppliedContent Description="Decomposer - 1.0.0 - SymAllLanguages" Enabled="1" Moniker="{ECCC5006-EF61-4c99-829A-417B6C6AD963}" VersionSelectionType="LATEST" />
      <LUAppliedContent Description="SESC IPS Signatures Win32 - 11.0 - SymAllLanguages" Enabled="1" Moniker="{D3769926-05B7-4ad1-9DCF-23051EEE78E3}" VersionSelectionType="LATEST" />
      <LUAppliedContent Description="SESC IPS Signatures Win64 - 11.0 - SymAllLanguages" Enabled="1" Moniker="{42B17E5E-4E9D-4157-88CB-966FB4985928}" VersionSelectionType="LATEST" />
      <LUAppliedContent Description="SESC Submission Control Data - 11.0 - SymAllLanguages" Enabled="1" Moniker="{4F889C4A-784D-40de-8539-6A29BAA43139}" VersionSelectionType="LATEST" />
      <LUAppliedContent Description="Symantec Security Content B1 - MicroDefsB.CurDefs - SymAllLanguages" Enabled="1" Moniker="{E5A3EBEE-D580-421e-86DF-54C0B3739522}" VersionSelectionType="LATEST" />
      <LUAppliedContent Description="Symantec Security Content A1 - MicroDefsB.CurDefs - SymAllLanguages" Enabled="1" Moniker="{812CD25E-1049-4086-9DDD-A4FAE649FBDF}" VersionSelectionType="LATEST" />
      <LUAppliedContent Description="Symantec Known Application System - 1.5.0 - SymAllLanguages" Enabled="1" Moniker="{C25CEA47-63E5-447b-8D95-C79CAE13FF79}" VersionSelectionType="LATEST" />
      <LUAppliedContent Description="Symantec Security Content A1-64 - MicroDefsB.CurDefs - SymAllLanguages" Enabled="1" Moniker="{E1A6B4FF-6873-4200-B6F6-04C13BF38CF3}" VersionSelectionType="LATEST" />
      <LUAppliedContent Description="Symantec Security Content B1-64 - MicroDefsB.CurDefs - SymAllLanguages" Enabled="1" Moniker="{CC40C428-1830-44ef-B8B2-920A0B761793}" VersionSelectionType="LATEST" />
      </LUContentPolicy>
      </Profile>


  • 16.  RE: GUP not able to update the definition for themselves and their clients.

    Posted Dec 20, 2010 06:50 AM

    Anyone have any idea what can I do? 



  • 17.  RE: GUP not able to update the definition for themselves and their clients.

    Broadcom Employee
    Posted Dec 20, 2010 06:52 AM

    sorry to say, you are posting the sylink logs.Follow the steps in the URL to generate logs

    http://www.symantec.com/business/support/index?page=content&id=TECH104758