Endpoint Protection

Hi all,

I had a problem with SEPM sending file reputation lookup alerts. There were two servers that had issues with the network/firewall settings, both have been resolved now.

The problem is SEPM is still continually reporting these old errors. I made changes June 2 and there's been no reports after that but SEPM still reports errors from before June 2, and I can't figure out how to clear the logs so it stops doing this.

Anyone have any tips?

Have you tried deleting and re-creating the alert? What is your exact SEPM version?

Sorry about the slow response, I've been quite busy.

SEPM version 12.1.6 (12.1 RU6 MP4) build 6867 (12.1.6867.6400)

I've acknowledged and edited the condition for the alert to 3 computers which should suppress them for now. Unless it keeps triggering from the old logs.

The alert can be triggeed for a number of reasons either legitimate and can be ignored, or need to be investigated. I recomend creating a support ticket for this issue.

Well, I've looked into this more. One of the servers was missing a gateway, which has been corrected. This one doesn't seem to be reporting any issues any longer. The other is a restricted (aging) RDP server with a whitelist. I've whitelisted the following:

ent-shasta-rrs.symantec.com
ent-shasta-mr-clean.symantec.com

This one is still reporting the occasional error. Is it possible that these are not the only two sites the reputation service needs? If anyone knows of others needed for the symantec services I can whitelist these at our proxy.

The full list of URLs is located here:

http://www.symantec.com/docs/TECH162286

I wonder how I didn't find that. All I found was the two sites I posted here in these forums. Go figure!

Thank you, I will make those changes ASAP and I suspect my problem will go away!

Good deal. Hopefully, that fixes it.