Endpoint Protection

 View Only

  • 1.  How to disable Intrusion Prevention on clients

    Posted Aug 04, 2009 06:02 AM
    We are using SEPM 11.0.4014 MR4, now at the home screen Security Status is "Attention Needed" and after moving on to more details its showing sum machines have Intrusion Prevention Signature Failures but we dont have clients installed with NTP,

    How can i turn off Intrusion Prevention on the clients or there is sum other way out of this security status....

    Thanks & Regards
    Rahul.



  • 2.  RE: How to disable Intrusion Prevention on clients

    Posted Aug 04, 2009 06:21 AM

    go to the details
    and check one machine
    check if it really has NTP installed.
    Sometimes which exporting a package , we forget to select just AV and AS, and we select all features, i have done it at times.
    if you have , then try installing just AV package.
    Rafeeq



  • 3.  RE: How to disable Intrusion Prevention on clients

    Posted Aug 04, 2009 06:40 AM


    Pls verify whether u have selected only AV and AS feature while exporting setup.

    If u have not done u can create new package with only AV AS feature set and upgrade group with new package.


     



  • 4.  RE: How to disable Intrusion Prevention on clients

    Posted Aug 04, 2009 07:13 AM
    client packages does not have NTP and i also checked on couple of machines they dont have NTP installed.


    Thanks,
    Rahul


  • 5.  RE: How to disable Intrusion Prevention on clients

    Posted Aug 04, 2009 08:02 AM

    Try to remove proactive threat protection also and see.
     



  • 6.  RE: How to disable Intrusion Prevention on clients

    Posted Aug 04, 2009 08:44 AM
     > NTP and PTP uses Intrusion Prevention Signatures.
    > We can see this kind of behaviour in case of client package assignments.
    > It is tested that SEP has been deployed only with AV/AS and teefer drivers available. It means thought we have not installed NTP, however NTP's drivers got installed.
    > We can see above scenario when the package attached to the group has all or PTP included.
    > Make sure we dont have any package assigned to the specific group.

    > You can go to device manager - enable show hidden devices. Check if we have teefer drivers listed.
    > If there is no teefer listed, it means the status which you can see in SEPM is incorrect.

    -- we will proceed further once verification of teefer driver is done...

    Thanks and regards,


  • 7.  RE: How to disable Intrusion Prevention on clients

    Posted Aug 07, 2009 09:27 AM
    Hi Manik,

    couldn't find any driver listed by the name teefer but its still reflecting on the SEPM ....

    Thanks & Regards
    Rahul Sahani


  • 8.  RE: How to disable Intrusion Prevention on clients

    Posted Aug 11, 2009 07:53 PM
    > Try using dbvalidator tool. DB validator not only checks the links in DB but also fixes broken links if possible. Following document will help you.
    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008050810375848

    > Purge logs will also help in this case. You just need to decrease the number of days for log purge. This would be for testing purpose only. You can set it up according to your requirement after 24 to 48 hours. We just need to remove old currupt entries from DB if available.
    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008062707405348