Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEP rejects command "Disable NTP"

Created: 27 May 2014 • Updated: 27 May 2014 | 7 comments

Dear all,

whenever I try to disable the NTP via SEPM Console, the client rejects the command after a few seconds. This is also logged in the command status.

Does anybody have an idea?

BR

Stephan

Operating Systems:

Comments 7 CommentsJump to latest comment

.Brian's picture

Enable sylink debugging to see what's going on

How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

technical_specialist's picture

These clients are online in network?

Ste Kap's picture

@Brian: I cant enable the sylink debugging, there occurs an error when I try to change the value of smc_debuglog_on. It says the value can't be changed, error while writing the value. (And yes, I have administrator rights)

@technical_spcialist: Yes, all the clients are online in network

.Brian's picture

you need to disable tamper protection first :) that's why it won't let you write to the registry

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

James007's picture

What process do you have done ?

See some ways

You can send a command from Symantec Endpoint Protection Manager (SEPM) to selected clients to temporarily disable Network Threat protection. Commands can be sent from two places within Symantec Endpoint Protection Manager:

From Monitors page

  1. In the SEPM console, click Monitors.
  2. Click the Logs tab
  3. Select Computer Status for Log type.
  4. Select any desired filters and time range.
  5. Click the View log button.
  6. In the resulting computer status log, select any desired clients (or select All from the drop down list)
  7. Select Disable Network Threat Protection from the command drop down list.
  8. Click Start
  9. Click Yes to confirm the action.

From Clients page

  1. In the console, click Clients.
  2. Under View Clients, select a group for which you want to enable or disable protection.
  3. Do one of the following actions:
    • For all computers and users in group right-click the group
    • Click Run Command on Group
    • Click Enable Network Threat Protection or Disable Network Threat Protection.

      Or

    • For selected users or computers within a group, click the Clients tab
    • Select the users or computers.
    • Right-click the selection
    • Click Run Command on Clients > Enable Network Threat Protection or Disable Network Threat Protection.
       
  4. To confirm the action, click Yes.
  5. Click OK.

How to disable Tamper Protection in Symantec Endpoint Protection 12.1

http://www.symantec.com/business/support/index?page=content&id=TECH192023

 

Ste Kap's picture

Hey guys, 

@Brian: Thanks for the hint ;) I was a bit in a hurry and didn't read the whole text last time.. I disabled tamper protection and enabled sylink debugging and yes.. It tells a lot of stuff. Which part of the document do you want to see? Here are the first 10.000 rows:

 

05/30 08:20:36.181 [6004] <MaintainPushConnection:>SMS return=200
05/30 08:20:36.181 [6004] <ParseHTTPStatusCode:>200=>200 OK
05/30 08:20:36.181 [6004] <MaintainPushConnection:>RECEIVE STAGE COMPLETED
05/30 08:20:36.181 [6004] <MaintainPushConnection:>COMPLETED
05/30 08:20:36.181 [6004] <ScheduleNextUpdate>Manually assigned heartbeat=5 seconds
05/30 08:20:36.185 [6004] HEARTBEAT: Check Point 8
05/30 08:20:36.185 [6004] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED
05/30 08:20:36.185 [6004] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0
05/30 08:20:36.185 [6004] <IndexHeartbeatProc>====== IndexHeartbeat Procedure stops at 08:20:36 ======
05/30 08:20:36.185 [6004] <IndexHeartbeatProc>Set Heartbeat Result= 2
05/30 08:20:36.185 [6004] <PostEvent>going to post event=EVENT_SERVER_HEARTBEAT_COMPLETE
05/30 08:20:36.185 [6004] <PostEvent>done post event=EVENT_SERVER_HEARTBEAT_COMPLETE, return=0
05/30 08:20:36.185 [6004] <IndexHeartbeatProc>Sylink Comm.Flags: 'Connection Failed' = 0, 'Using Backup Sylink' = 0, 'Using Location Config' = 0
05/30 08:20:36.185 [6004] Use new configuration
05/30 08:20:36.185 [6004] HEARTBEAT: Check Point Complete
05/30 08:20:36.185 [6004] <IndexHeartbeatProc>Done, Heartbeat=5seconds
05/30 08:20:36.188 [6004] </CSyLink::IndexHeartbeatProc()>
05/30 08:20:36.188 [6004] <CheckHeartbeatTimer>====== Heartbeat loop stops at 08:20:36 ======
05/30 08:20:37.191 [6004] <CheckHeartbeatTimer>Priority logs uploaded at 08:20:37 
05/30 08:20:41.191 [6004] <CheckHeartbeatTimer>====== Heartbeat loop starts at 08:20:41 ======
05/30 08:20:41.691 [6004] <GetOnlineNicInfo>:Netport Count=1
05/30 08:20:41.691 [6004] <GetOnlineNicInfo>:NicInfo<SSANICs><SSANIC Ip="10.x.x.x" Mac="f0-xx-xx-xx-xx-xx" Gateway="10.x.x.x" SubnetMask="255.x.x.x"/></SSANICs>
05/30 08:20:41.691 [6004] <CalcAgentHashKey>:CH=C41CF633C0A89D100134B71D49B5B21C1x.x2BC58CF27CEE088AA467F24F275BA84E
05/30 08:20:41.691 [6004] <CalcAgentHashKey>:CHKey=22C3C097B7582E0EEA20AC2EC8E25AA8
05/30 08:20:41.691 [6004] <CalcAgentHashKey>:C=C41CF633C0A89D100134B71D49B5B21C1x
05/30 08:20:41.691 [6004] <CalcAgentHashKey>:CKey=4836EFD1C60649D9FA01A1FBBB3E909C
05/30 08:20:41.692 [6004] <CalcAgentHashKey>:UCH=C41CF633C0A89D100134B71D49B5B21C0x2BC58CF27CEE088AA467F24F275BA84E
05/30 08:20:41.692 [6004] <CalcAgentHashKey>:UCHKey=E4105AD6F78BA630F821CE59C7F9718D
05/30 08:20:41.692 [6004] <CalcAgentHashKey>:UC=C41CF633C0A89D100134B71D49B5B21C0x
05/30 08:20:41.692 [6004] <CalcAgentHashKey>:UCKey=91325111F1E31AC31F7F24BA2C409671
05/30 08:20:41.692 [6004] <DoHeartbeat>HardwareID=2BC58CF27CEE088AA467F24F275BA84E
05/30 08:20:41.692 [6004] <DoHeartbeat>CHKey=22C3C097B7582E0EEA20AC2EC8E25AA8
05/30 08:20:41.692 [6004] <DoHeartbeat>CKey=4836EFD1C60649D9FA01A1FBBB3E909C
05/30 08:20:41.692 [6004] <DoHeartbeat>UCHKey=E4105AD6F78BA630F821CE59C7F9718D
05/30 08:20:41.692 [6004] <DoHeartbeat>UCKey=91325111F1E31AC31F7F24BA2C409671
05/30 08:20:41.692 [6004] <DoHeartbeat> Set heartbeat event
05/30 08:20:41.692 [6004] Use new configuration
05/30 08:20:41.693 [6004] <CSyLink::IndexHeartbeatProc()>
05/30 08:20:41.693 [6004] <IndexHeartbeatProc> Got ConfigObject to proceed the operation.. pSylinkConfig: 02892020
05/30 08:20:41.693 [6004] <IndexHeartbeatProc>====== Reg Heartbeat loop starts at 08:20:41 ======
05/30 08:20:42.193 [6004] HEARTBEAT: Check Point 1
05/30 08:20:42.193 [6004] Get First Server!
05/30 08:20:42.193 [6004] HEARTBEAT: Check Point 2
05/30 08:20:42.193 [6004] <PostEvent>going to post event=EVENT_SERVER_CONNECTING
05/30 08:20:42.193 [6004] <PostEvent>done post event=EVENT_SERVER_CONNECTING, return=0
05/30 08:20:42.193 [6004] HEARTBEAT: Check Point 3
05/30 08:20:42.193 [6004] <IndexHeartbeatProc>Setting the session timeout on Profile Session to 30000
05/30 08:20:42.193 [6004] HEARTBEAT: Check Point 4
05/30 08:20:42.194 [6004] <IndexHeartbeatProc>===Get Index STAGE===

@James: Both ways.. 

 

.Brian's picture

Can you post the whole log?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.