Endpoint Protection Small Business Edition

 View Only
Expand all | Collapse all

SEP SBS Eating my EXE Files

Migration User

Migration UserDec 11, 2012 01:54 AM

ℬrίαη

ℬrίαηApr 29, 2013 01:20 PM

ℬrίαη

ℬrίαηJun 12, 2013 03:07 PM

  • 1.  SEP SBS Eating my EXE Files

    Posted Dec 09, 2012 10:20 PM

    Hi There!

    We have a really strange issue with our SEP SBS whereby we are seeing that if we copy .exe files to a share on the network or a mapped drive, that exe files shows up on the server for about 1 second and then gets removed! Rebooting the server fixes it. If we uninstall SEP the problem goes away!

    We are running SEP SBS 12.1.

     

    Anyone else seeing this?

     



  • 2.  RE: SEP SBS Eating my EXE Files

    Broadcom Employee
    Posted Dec 09, 2012 10:50 PM

    is there any risk log associated with it?

    check the application event logs.



  • 3.  RE: SEP SBS Eating my EXE Files

    Trusted Advisor
    Posted Dec 10, 2012 03:52 AM

    Hello,

    What OS are running on these client machines?

    What version of SEP SBE 12.1 are running? Make sure you are running the Latest SEP 12.1 RU2 version on the machine.

    What happens if you only uninstall NTP Feature from the SEP under Add / Remove programs?

    Hope that helps!!



  • 4.  RE: SEP SBS Eating my EXE Files

    Posted Dec 10, 2012 09:21 AM

    Did you go thru the logs in the SEP client?

    Is this any exe?



  • 5.  RE: SEP SBS Eating my EXE Files

    Posted Dec 10, 2012 09:01 PM

    Windows 7 on the client side x64. No Client side AV so it must be a server side issue. No logs to check on the client side.

     

    Nothing I can see anywhere in the logs for Server side. 

     

    Any EXE does it. Also you can't rename a .txt file a .exe as it gives access denied!



  • 6.  RE: SEP SBS Eating my EXE Files

    Posted Dec 10, 2012 09:17 PM

    Are you using an application control policy? Sounds very odd...



  • 7.  RE: SEP SBS Eating my EXE Files

    Broadcom Employee
    Posted Dec 10, 2012 09:23 PM

    check the application event viewer , on client side do you see in SEP logs related to this incident.



  • 8.  RE: SEP SBS Eating my EXE Files

    Posted Dec 10, 2012 10:26 PM

    Client side there won't be anything as there is no SEP logs as I don't have SEP on the client side. 

     



  • 9.  RE: SEP SBS Eating my EXE Files

    Broadcom Employee
    Posted Dec 10, 2012 11:37 PM

    on the server locally can you copy the file from one location to another?

     



  • 10.  RE: SEP SBS Eating my EXE Files

    Posted Dec 10, 2012 11:40 PM

    HI,

    What happend  when you are disabled SEP NTP feature ?



  • 11.  RE: SEP SBS Eating my EXE Files

    Posted Dec 11, 2012 01:54 AM

    Yes that works fine. Also pulling files from a workstation from the server is ok too!



  • 12.  RE: SEP SBS Eating my EXE Files

    Posted Dec 11, 2012 01:54 AM

    How do I do that?



  • 13.  RE: SEP SBS Eating my EXE Files

    Posted Dec 11, 2012 01:57 AM

    Hi,

    What sep feature do you have install ?

     Disable

    SEP client ->Network Threat Protection ->Option ->Disable Network Threat Protection



  • 14.  RE: SEP SBS Eating my EXE Files

    Posted Dec 11, 2012 03:38 AM

    Well it appears it's already off so it's not that. If I remove SEP SBS from prior memory it works ok, reinstall works for a short while and starts eating my exe files again. I can't find any logs that reference it etc.. It's so odd.

     



  • 15.  RE: SEP SBS Eating my EXE Files

    Trusted Advisor
    Posted Dec 11, 2012 04:50 AM

    Hello,

    Could you Try uninstalling the NTP protection from Add / Remove Programs by - 

    1) Under Control Panel, click on Programs and Features.

    2) Highlight Symantec Endpoint Protection and click on Change

    3) Click on Modify and click on Next

    4) Click on "Basic Virus and Spyware Protection" and click on Next

    5) Click on Next again.

    6) Click on Finish

    This would install only AV/ AS with PTP feature on the machine. Restart the server machine and check if that helps!!



  • 16.  RE: SEP SBS Eating my EXE Files

    Posted Dec 11, 2012 04:15 PM

    Mithun: I tried this it told me the installation was interrupted. 

    I have 12.1 RU1 MP1 can I upgrade right to 12.1.2 in 1 step?

     

    I see SBE 2013 mentioned in file connect is that immediately pending release?



  • 17.  RE: SEP SBS Eating my EXE Files

    Trusted Advisor
    Posted Dec 12, 2012 03:21 AM

    Hello,

    SEP SBE 2013 is different from SEP SBE 12.1 RU2.

    Symantec Endpoint Protection Small Business Edition 2013 is a truly Cloud-managed solution.

    Do you see SEP SBE 12.1 RU2 OR SEP SBE 12.1.2?

    Check this - 

    https://www-secure.symantec.com/connect/articles/latest-symantec-endpoint-protection-releases-sep-121-ru2-and-sep-110-ru7-mp3

    If yes, please try Migrating to SEP SBE 12.1.2

     

    Please Note: If in case you do not see the SEP 12.1 RU2 Release on Fileconnect, you may like to try contacting the Symantec Licensing Department and they may provide you with the Temporary Serial number, with which you could download the Latest SEP 12.1 RU2 version.

    http://www.symantec.com/business/products/licensing/index.jsp

    Website: http://symantec.custhelp.com

    Phone number: 1-800-721-3934

    Email: license@symantec.com

    Hope that helps!!


  • 18.  RE: SEP SBS Eating my EXE Files

    Posted Jan 03, 2013 11:59 AM

    If it's Small Business Edition, it won't have Application & Device Control. smiley

    sandra



  • 19.  RE: SEP SBS Eating my EXE Files

    Posted Jan 03, 2013 12:11 PM

    Client side there won't be anything as there is no SEP logs as I don't have SEP on the client side.

    But is SEP installed on the server from where the file is disappearing, correct? You mentioned uninstalling SEP makes the problem go away. Servers and workstations are both considered 'SEP clients'. If SEP is installed on the server onto which the shared drive / network drive resides (and from where .exe files are disappearing), that's the 'client' whose SEP logs you should examine.

    Edit to add: Looks like you've already been looking at the logs--my apologies. Anything in the Windows logs? Which OS?

    This is very strange and I can't find anything else like it in our KB.

    sandra



  • 20.  RE: SEP SBS Eating my EXE Files

    Posted Jan 08, 2013 03:15 PM

    Running SEPM Enterprise Edition

    SEPM's are Server 2008 R2 Standard- fail over load balanced setup with SQL2008-  

    Starting yesterday, we saw same issue on a Windows Storage Server 2008 R2 running a 12.1.1000.157 SEP client-   .exe files placed in a shared folder would be there for a few seconds and then disappear.

    Turned off Auto Protect by Policy and killed Tamper Protection - same result.  Nothing in quarantine; nothing in Risk logs.

    Not related to Network Threat Protection as only AV/ASpyware loaded- Download Insight disabled by Policy.   

    Ended up removing SEP AV/AS via Programs and Features modify-  problem went away.  Server however needs protection. 

    Will restart and load an RU2 client tonight since I recently updated my SEPM's to 12.1.2015.2015 and see what happens.   This machine had been running fine with no complaints nad this issue was very odd. 

     



  • 21.  RE: SEP SBS Eating my EXE Files

    Posted Mar 14, 2013 03:06 PM

    AcelaHSR,

    I have had the same issue for several weeks.  Any ideas yet?

    I cannot copy .exe files into ANY directory on the shared server drive.

    This is especially a pain since "My Documents" and every other file storage directory is located there...

    Have made no changes to any settings myself.  It just started doing this on it's own or by some update.

     

    Neil Foster

    C&H Audio Visual Services, Inc. www.chavs.net

     



  • 22.  RE: SEP SBS Eating my EXE Files

    Posted Mar 20, 2013 01:09 PM

    Same here.  Just noticed this behavior.  Can't copy any files across the network to any shared drive on any 2008R2 server running SEP.  Locally works fine.



  • 23.  RE: SEP SBS Eating my EXE Files

    Posted Apr 08, 2013 12:01 PM

    Same behavior here.  The interesting thing is that it just started happening between Tuesday and Thursday of last week, and only on one server.

    I'm the AV admin here and I didn't install any client updates or SEPM updates, yet any exe files copied remotely from another machine to a share on the server disappears.  In addition to that information, I am able to copy the same file from the same user's computer to the same share on the server, and it doesn't disappear.

    I disabled all AV features on the client and it didn't fix it.  Uninstalling the SEP client is the only thing that fixed it.



  • 24.  RE: SEP SBS Eating my EXE Files

    Posted Apr 29, 2013 01:12 PM

    This problem was restricted to a single server but is now happening on a second server with SEP installed.  Both servers had SEP 12.1 RU2.  Nothing in any of the SEP client logs and nothing in the Windows Event Viewer logs either.  The client is set to issue a pop-up notification if a file is quarantined - there are no pop-ups when the file disappears and this is a known safe file.

    Anyone?



  • 25.  RE: SEP SBS Eating my EXE Files

    Posted Apr 29, 2013 01:20 PM

    Open a support case.



  • 26.  RE: SEP SBS Eating my EXE Files

    Posted Apr 29, 2013 01:48 PM

    Yes, thanks for the advice.  I frequently have a support case open while also posting in the appropriate forums since the typical scenario is:  call outsourced (or whatever you want to call it these days) "scripted" support until you stump "scripted" support long enough for them to justify kicking it up the ladder to someone who knows enough to find the root cause.  Usually takes close to a week before that even happens.

    If only the Endpoint Protection support was as good as it is for Enterprise Vault.



  • 27.  RE: SEP SBS Eating my EXE Files

    Posted Apr 29, 2013 04:52 PM

    So I just received a call from support.  The nice lady asked for my phone number in case we were disconnected (nevermind that she called me and has the number), as well as my email (nevermind that this information is clearly in the support case notes she has in front of her).  She then asked what operating system was installed on the clients, and what version of the Endpoint Manager is installed on the server, and how many clients we have (which is not at all relevant to the issue) - oh, and not how many clients are affected by the issue, just how many clients in total.

    As I explained the problem from the beginning in detail, she asked me if these are clients or servers.  When I explained that the computers with the problem are Endpoint Protection clients that run Windows Server 2008 R2 she seemed to become totally lost.  She asked me three different ways if the computers were clients or servers, and I kept explaining again in different ways until I finally hung up.

    In all seriousness, Symantec... you really expect me, when I have many other things to work on, to endure level one support from someone who, if they can't follow me on the basics, has no chance to help me find the cause of the problem?  I'm actually being nice about the situation.  This kind of support is a travesty and this is what we pay additional support costs for?

    So, with all due respect Brian 81, I would rather scream my problem in the forums and hope for someone with intelligent input to assist me than waste my time and breath speaking with someone who does not have the capacity to provide support for this issue.  I'm not being rude, I'm being realistic.



  • 28.  RE: SEP SBS Eating my EXE Files

    Posted Apr 29, 2013 05:17 PM

    That's fine, I only suggested as I didn't know you already opened.



  • 29.  RE: SEP SBS Eating my EXE Files

    Posted May 01, 2013 09:57 AM

    Decided to try downloading SEP 12.1.2 RU2 MP1 (12.1.2100.2093) released mid-April.  Have upgraded the SEPM server and pushed out an updated package to one of the problem clients and will post an update here once I've had a chance to restart the client.



  • 30.  RE: SEP SBS Eating my EXE Files

    Posted May 07, 2013 08:36 AM

    Since I have read in other posts that restarting the client server can temporarily resolve the issue, it's difficult to say whether it is completely resolved or not but, things have been fine since upgrading both servers to the latest 12.1.2100.2093 endpoint client.

     



  • 31.  RE: SEP SBS Eating my EXE Files

    Posted Jun 12, 2013 11:11 AM

    If anyone is still following this thread, the issue has NOT returned since removing the SEP client from the servers that were affected and installing 10.1.2100.2093.



  • 32.  RE: SEP SBS Eating my EXE Files

    Posted Jun 12, 2013 03:07 PM

    Did support ever get back to you on this?



  • 33.  RE: SEP SBS Eating my EXE Files

    Posted Jun 12, 2013 04:57 PM

    Brian81,

    The short version is, yes.  Support tried to contact me about the case but I was "forced" to ignore them.  I am somewhat convinced that first level support is intentionally bad to drive support calls away.  I gave up because, without any exaggeration, the person who took my case could not understand my answers to her basic questions and continued to ask me the same questions for which I had already given very clear answers to.

    This pattern continued for fifteen minutes until I simply hung up on them.  Providing script-reading first level support to the Enterprise community is a bit without excuse to me.  As soon as I hung up I checked to see if a newer version of the client existed, when I found one I figured I would venture on myself.