Houston Security User Group

 View Only

  • 1.  Symantec Network Access Control (SNAC)

    Posted Aug 03, 2012 01:53 PM

    I have been having issues with SNAC on 2 Servers and cannot figure out what the issue is?

    Here is what I get in the Debug Log:


    33 c:\bld_area\CMC_11.0-RU6\Symantec_Enterprise_Protection\Client_Management\src\sndfc\src\sndfc\snd\CoRtLock.h(81)
    08/03 13:39:57 [3748:6020] Saving SMC State
    08/03 13:39:57 [3748:6020] chmod on file C:\Program Files\Symantec AntiVirus\SerState.dat to read/write.
    08/03 13:39:57 [3748:6020] C:\Program Files\Symantec AntiVirus\StdDef.dat: Not found.
    08/03 13:39:57 [3748:6020] C:\Program Files\Symantec AntiVirus\trojan.dat: Not found.
    08/03 13:42:51 [3748:6020] Found explorer.exe pids=3576
    08/03 13:42:51 [3748:6020] SmcGui mode 1
    08/03 13:42:51 [3748:2708] TSE: user session found.
    08/03 13:42:51 [3748:2708] TSE: user session is on track.
    08/03 13:42:51 [3748:3536] Snac HiTest:0,  0
    08/03 13:42:51 [3748:4384] Starting SMC GUI
    08/03 13:42:51 [3748:4384] GetUserAndDomain in smc: Trying to get the User/Domain
    08/03 13:42:51 [3748:4384] Enterprise version, Build 552!!!
    08/03 13:42:51 [3748:4384] user_id = xxx/xxxxxxxx
    08/03 13:42:51 [3748:3536] SMCGui - 2664: CSmcDlg::Profile() - ImportFromDm() returned...
    08/03 13:42:52 [3748:2708] Remove file check prompt session by sn change at: C:\WINDOWS\system32\winlogon.exe
    08/03 13:42:53 [3748:3536] SMCGui - 2664: CSmcDlg::UpdateProfileInfoE00E-07/30/2012 09:37:41 629:My Company
    08/03 13:42:53 [3748:3536] Saving SMC State
    08/03 13:42:53 [3748:3536] chmod on file C:\Program Files\Symantec AntiVirus\SerState.dat to read/write.
    08/03 13:42:53 [3748:3536] C:\Program Files\Symantec AntiVirus\StdDef.dat: Not found.
    08/03 13:42:53 [3748:3536] C:\Program Files\Symantec AntiVirus\trojan.dat: Not found.
    08/03 13:43:14 [3748:3536] SMCGui - 2664: SymCorpUI is not trusted

    *****I manually removed some security information*****

    I run a Host Integrity on Servers and everything works and here is the log for that:

     

    08/03 13:48:29 [3748:6020] Saving SMC State
    08/03 13:48:29 [3748:6020] chmod on file C:\Program Files\Symantec AntiVirus\SerState.dat to read/write.
    08/03 13:48:29 [3748:6020] C:\Program Files\Symantec AntiVirus\StdDef.dat: Not found.
    08/03 13:48:29 [3748:6020] C:\Program Files\Symantec AntiVirus\trojan.dat: Not found.
    08/03 13:48:42 [3748:3536] HI: reset to history result in location Default
    08/03 13:48:42 [3748:3536] HI: set HI result to HI_CHECK_FAIL.
    08/03 13:48:42 [3748:3536] HI: reset HI timer trigger. Enabled: 1
    08/03 13:48:42 [3748:3536] HI: Run HI check has been triggered by user.
    08/03 13:48:45 [3748:3512] HI: reset to history result in location Default
    08/03 13:48:45 [3748:3512] HI: set HI result to HI_CHECK_FAIL.
    08/03 13:48:45 [3748:3512] HI: HI checking is triggered.
    08/03 13:48:45 [3748:5108] <SNAC><ComplianceEngine@498> Smc Started = 1
    08/03 13:48:45 [3748:3512] HI: Script Execution is started
    08/03 13:48:45 [3748:3512] HI: The winsta\desktop is : Winsta0\Default
    08/03 13:48:45 [3748:3512] HI: ProcessIdToSessionId 77E6F032 is different from dwSessionId 1
    08/03 13:48:45 [3748:3512] HI: ProcessIdToSessionId 77E6F032 is different from dwSessionId 1
    08/03 13:48:45 [3748:3512] HI: bFindWinlogon is 1
    08/03 13:48:45 [3748:3512] HI: SetTokenInformation successfully
    08/03 13:48:45 [3748:3512] HI: the using the first Vista/XP(FUS) method
    08/03 13:48:46 [3748:3512] Script exit normally.
    08/03 13:48:46 [3748:3512] HI: Script running Completed
    08/03 13:48:46 [3748:3512] HI: Closing the Scrpit process handle.
    08/03 13:48:46 [3748:3512] HI: set HI result to HI_CHECK_SUCCESS.
    08/03 13:48:46 [3748:3512] HI: Host Integrity check passed.
    08/03 13:48:46 [3748:3512] HI: HI result is updated. Result: 0 , Reason: 0 , Description: Host Integrity check passed
      Requirement: "Verifying SEP 11 Turned on with SEP Path" passed
      Requirement: "Verifying SEP 11 Turned on with AntiVirus Path" passed
     , Timestamp: 12988489726
    08/03 13:48:46 [3748:3512] <SyLink>HI status is changed to=1; reason=0; rule=Host Integrity check passed
      Requirement: "Verifying SEP 11 Turned on with SEP Path" passed
      Requirement: "Verifying SEP 11 Turned on with AntiVirus Path" passed

    08/03 13:48:46 [3748:5108] <SNAC><ComplianceEngine@498> Smc Started = 1
    08/03 13:48:46 [3748:5108] <SNAC><ComplianceEngine@508> compliance status changed, update SHM
    08/03 13:48:46 [3748:5108] <SNAC><GatewayClient@771> Update Compliance status
    08/03 13:48:46 [3748:5108] <SNAC>Ready to Send update status!

    08/03 13:48:46 [3748:5108] <SNAC><PluginManager@2134> HandleReloadComplianceStatusRequest
    08/03 13:48:46 [3748:5108] <SNAC><PluginManager@2158> g_hNTDLL is 60F60000, g_lpNapData is 0
    08/03 13:48:46 [3748:5108] <SNAC><LanClient@2799> Handle Compliance status changed request
    08/03 13:48:46 [3748:5108] <SNAC><LanClient@2800> Original compliance status:
    08/03 13:48:46 [3748:5108] <SNAC><LanClient@2805> New compliance status:

     

    What am I missing? Any help would be appreicated.



  • 2.  RE: Symantec Network Access Control (SNAC)

    Posted Sep 11, 2012 06:41 AM

    it is telling as definitions are not found?? but the second log is showing as it was passed



  • 3.  RE: Symantec Network Access Control (SNAC)

    Posted Dec 13, 2012 04:30 PM
    Hello, We have at work, SYMC PROTECTION SUITE ENTERPRISE EDITION 4.0 . Does this product has logs that will enable me to see when users [by name or id or ip] had logged-in/logged-out to our server? I am would like to keep trace of users that are logging from "outside" [VPN] . thank you in advance. Mickey.