Endpoint Protection Small Business Edition

 View Only

  • 1.  SEP rejects command "Disable NTP"

    Posted May 27, 2014 07:34 AM

    Dear all,

    whenever I try to disable the NTP via SEPM Console, the client rejects the command after a few seconds. This is also logged in the command status.

    Does anybody have an idea?

    BR

    Stephan



  • 2.  RE: SEP rejects command "Disable NTP"

    Posted May 27, 2014 11:54 AM

    Enable sylink debugging to see what's going on

    How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry



  • 3.  RE: SEP rejects command "Disable NTP"

    Posted May 27, 2014 02:13 PM

    These clients are online in network?



  • 4.  RE: SEP rejects command "Disable NTP"

    Posted May 28, 2014 01:24 AM

    @Brian: I cant enable the sylink debugging, there occurs an error when I try to change the value of smc_debuglog_on. It says the value can't be changed, error while writing the value. (And yes, I have administrator rights)

    @technical_spcialist: Yes, all the clients are online in network



  • 5.  RE: SEP rejects command "Disable NTP"

    Posted May 28, 2014 10:55 AM

    you need to disable tamper protection first :) that's why it won't let you write to the registry



  • 6.  RE: SEP rejects command "Disable NTP"

    Posted May 28, 2014 11:01 AM

    What process do you have done ?

    See some ways

    You can send a command from Symantec Endpoint Protection Manager (SEPM) to selected clients to temporarily disable Network Threat protection. Commands can be sent from two places within Symantec Endpoint Protection Manager:

    From Monitors page

    1. In the SEPM console, click Monitors.
    2. Click the Logs tab
    3. Select Computer Status for Log type.
    4. Select any desired filters and time range.
    5. Click the View log button.
    6. In the resulting computer status log, select any desired clients (or select All from the drop down list)
    7. Select Disable Network Threat Protection from the command drop down list.
    8. Click Start
    9. Click Yes to confirm the action.



    From Clients page

    1. In the console, click Clients.
    2. Under View Clients, select a group for which you want to enable or disable protection.
    3. Do one of the following actions:
      • For all computers and users in group right-click the group
      • Click Run Command on Group
      • Click Enable Network Threat Protection or Disable Network Threat Protection.

        Or

      • For selected users or computers within a group, click the Clients tab
      • Select the users or computers.
      • Right-click the selection
      • Click Run Command on Clients > Enable Network Threat Protection or Disable Network Threat Protection.
         
    4. To confirm the action, click Yes.
    5. Click OK.

    How to disable Tamper Protection in Symantec Endpoint Protection 12.1

    http://www.symantec.com/business/support/index?page=content&id=TECH192023


     



  • 7.  RE: SEP rejects command "Disable NTP"

    Posted May 30, 2014 02:38 AM

    Hey guys, 

    @Brian: Thanks for the hint ;) I was a bit in a hurry and didn't read the whole text last time.. I disabled tamper protection and enabled sylink debugging and yes.. It tells a lot of stuff. Which part of the document do you want to see? Here are the first 10.000 rows:

     

    05/30 08:20:36.181 [6004] <MaintainPushConnection:>SMS return=200
    05/30 08:20:36.181 [6004] <ParseHTTPStatusCode:>200=>200 OK
    05/30 08:20:36.181 [6004] <MaintainPushConnection:>RECEIVE STAGE COMPLETED
    05/30 08:20:36.181 [6004] <MaintainPushConnection:>COMPLETED
    05/30 08:20:36.181 [6004] <ScheduleNextUpdate>Manually assigned heartbeat=5 seconds
    05/30 08:20:36.185 [6004] HEARTBEAT: Check Point 8
    05/30 08:20:36.185 [6004] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED
    05/30 08:20:36.185 [6004] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0
    05/30 08:20:36.185 [6004] <IndexHeartbeatProc>====== IndexHeartbeat Procedure stops at 08:20:36 ======
    05/30 08:20:36.185 [6004] <IndexHeartbeatProc>Set Heartbeat Result= 2
    05/30 08:20:36.185 [6004] <PostEvent>going to post event=EVENT_SERVER_HEARTBEAT_COMPLETE
    05/30 08:20:36.185 [6004] <PostEvent>done post event=EVENT_SERVER_HEARTBEAT_COMPLETE, return=0
    05/30 08:20:36.185 [6004] <IndexHeartbeatProc>Sylink Comm.Flags: 'Connection Failed' = 0, 'Using Backup Sylink' = 0, 'Using Location Config' = 0
    05/30 08:20:36.185 [6004] Use new configuration
    05/30 08:20:36.185 [6004] HEARTBEAT: Check Point Complete
    05/30 08:20:36.185 [6004] <IndexHeartbeatProc>Done, Heartbeat=5seconds
    05/30 08:20:36.188 [6004] </CSyLink::IndexHeartbeatProc()>
    05/30 08:20:36.188 [6004] <CheckHeartbeatTimer>====== Heartbeat loop stops at 08:20:36 ======
    05/30 08:20:37.191 [6004] <CheckHeartbeatTimer>Priority logs uploaded at 08:20:37 
    05/30 08:20:41.191 [6004] <CheckHeartbeatTimer>====== Heartbeat loop starts at 08:20:41 ======
    05/30 08:20:41.691 [6004] <GetOnlineNicInfo>:Netport Count=1
    05/30 08:20:41.691 [6004] <GetOnlineNicInfo>:NicInfo<SSANICs><SSANIC Ip="10.x.x.x" Mac="f0-xx-xx-xx-xx-xx" Gateway="10.x.x.x" SubnetMask="255.x.x.x"/></SSANICs>
    05/30 08:20:41.691 [6004] <CalcAgentHashKey>:CH=C41CF633C0A89D100134B71D49B5B21C1x.x2BC58CF27CEE088AA467F24F275BA84E
    05/30 08:20:41.691 [6004] <CalcAgentHashKey>:CHKey=22C3C097B7582E0EEA20AC2EC8E25AA8
    05/30 08:20:41.691 [6004] <CalcAgentHashKey>:C=C41CF633C0A89D100134B71D49B5B21C1x
    05/30 08:20:41.691 [6004] <CalcAgentHashKey>:CKey=4836EFD1C60649D9FA01A1FBBB3E909C
    05/30 08:20:41.692 [6004] <CalcAgentHashKey>:UCH=C41CF633C0A89D100134B71D49B5B21C0x2BC58CF27CEE088AA467F24F275BA84E
    05/30 08:20:41.692 [6004] <CalcAgentHashKey>:UCHKey=E4105AD6F78BA630F821CE59C7F9718D
    05/30 08:20:41.692 [6004] <CalcAgentHashKey>:UC=C41CF633C0A89D100134B71D49B5B21C0x
    05/30 08:20:41.692 [6004] <CalcAgentHashKey>:UCKey=91325111F1E31AC31F7F24BA2C409671
    05/30 08:20:41.692 [6004] <DoHeartbeat>HardwareID=2BC58CF27CEE088AA467F24F275BA84E
    05/30 08:20:41.692 [6004] <DoHeartbeat>CHKey=22C3C097B7582E0EEA20AC2EC8E25AA8
    05/30 08:20:41.692 [6004] <DoHeartbeat>CKey=4836EFD1C60649D9FA01A1FBBB3E909C
    05/30 08:20:41.692 [6004] <DoHeartbeat>UCHKey=E4105AD6F78BA630F821CE59C7F9718D
    05/30 08:20:41.692 [6004] <DoHeartbeat>UCKey=91325111F1E31AC31F7F24BA2C409671
    05/30 08:20:41.692 [6004] <DoHeartbeat> Set heartbeat event
    05/30 08:20:41.692 [6004] Use new configuration
    05/30 08:20:41.693 [6004] <CSyLink::IndexHeartbeatProc()>
    05/30 08:20:41.693 [6004] <IndexHeartbeatProc> Got ConfigObject to proceed the operation.. pSylinkConfig: 02892020
    05/30 08:20:41.693 [6004] <IndexHeartbeatProc>====== Reg Heartbeat loop starts at 08:20:41 ======
    05/30 08:20:42.193 [6004] HEARTBEAT: Check Point 1
    05/30 08:20:42.193 [6004] Get First Server!
    05/30 08:20:42.193 [6004] HEARTBEAT: Check Point 2
    05/30 08:20:42.193 [6004] <PostEvent>going to post event=EVENT_SERVER_CONNECTING
    05/30 08:20:42.193 [6004] <PostEvent>done post event=EVENT_SERVER_CONNECTING, return=0
    05/30 08:20:42.193 [6004] HEARTBEAT: Check Point 3
    05/30 08:20:42.193 [6004] <IndexHeartbeatProc>Setting the session timeout on Profile Session to 30000
    05/30 08:20:42.193 [6004] HEARTBEAT: Check Point 4
    05/30 08:20:42.194 [6004] <IndexHeartbeatProc>===Get Index STAGE===

    @James: Both ways.. 

     



  • 8.  RE: SEP rejects command "Disable NTP"

    Posted May 30, 2014 09:24 AM

    Can you post the whole log?