Endpoint Protection

Hi.
We're running SEP 11 on clients with windows xp and no desktop (explorer.exe is not started).
If I log on to a privileged user starting the desktop, then log off and log on as the limited user without starting the desktop, the client shows up with the green mark on the management console (although it shows as admin user logged on...). If I reboot the machine, and log on directly to the limited user, the client does not get the green mark.
What happens when you start the desktop that "hangs on" when you change user, and that SEP obviously need to start?

Hi,

When you login as a user, you can go to Task Manager->File->New Task-> Services.msc and confirm that the SEP service and Symantec Management Client service is running.

You can also use the following KB article and let us know what do you see in SEP->Help & Support -> Troubleshooting

https://www-secure.symantec.com/connect/articles/how-access-sep-client-interface-start-run-window

Best,
Aniket

Hi Aniket.

Thanks for your good advice. It was very helpful. But I need some more  help :)
I still can't get the green dot on the management console, and I really need that. We supervise about 300 machines located all over the country, so we don't have physical access to them. So you see, the console is very important to us.

If we start explorer.exe, wait for 5 sec. and then kill the process, we get the green dot...and it stays green - and that's what we want... But for the 5 sec the desktop is visible, and the user can get access to the system - that we don't want.
Is there a way to avoid starting and killing explorer.exe to get the green dot on the management console? A positive answer would be very appreciated :)
Why is SEP dependent on a desktop being started at all?

Best wishes,
Magnhild

If so, this is the reason for you trouble (or at least it should be.)
Try changing to computer mode and check what are the results (if you get the green dot).
explorer.exe is crucial to SEP while working in User mode.

naor p.

We're working in Computer mode (at least that's what I can read from the management console; the drop-down meny contains the "Switch to User Mode" option).

Troubleshooting Symantec AntiVirus Corporate Edition and Symantec Endpoint Protection installations: Checking rights and permissions

 

I've checked/changed rights and permissions according to the paper, and rebooted the machine. Same result; the computer shows up on the console, but no green dot.... If I open the symcorpui on the machine, it is green and saying "no problems detected".

In properties of the symantec services you select logon as and provide admin credentials and see... 

 What is the exact version you are using if it is not  MR4(11.0.4000.2295) or newer i will recommended you to upgrade it you to RU5(11.0.5xxx.xx). Since in MR4 some fixes are there related to SymCorpUI.exe.

 Hi.
I've changed the services to run as admin, but there's no change on the management console.
On the client the "Network Threat Protection" icon has disappeared from the "Status" view....

The SEP version is 11.0.4000.2295
Should we upgrade anyway?

 If Network Threat Protection is not appearing it is not installed
You can go to add/remove programs
select sep
click on change
in the wizard click next
here you will get an option for modifying the installed components and install NTP 

It is better to upgrade to RU5 since it is having a lot of fixes and new features... 
ref:Release notes for Symantec Endpoint Protection 11.0.x and Symantec Network Access Control 11.0.x
For more information regarding  upgradation refer the following doc Migrating to Symantec Endpoint Protection 11.0 RU5

Run gpedit.msc
Select Computer Configuration> Windows Settings> Security Settings> Local Policies
Select User Rights Assignment in the left-hand pane
Double click Adjust memory Quotas for a Process and Replace a process-level token and verify that "NETWORK SERVICE" is listed
Note - If the "Add User or Group..." button is disabled, it is possible that this policy is locked by a domain GPO (group policy object) which will require an assessment of domain GPOs
Then restart your PC
 

 Network Threat Protection is installed, but doesn't start after I set the services to start as admin. If I start and stop explorer.exe it shows as before.....so that part of SEP also seems to need explorer.exe to be started.
I've run the gpedit.msc, and that looks just fine.
I'm gonna try upgrading to the latest version of SEP and see what happens.
Thanks for your help so far. :)