Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Symantec Network Access Control (SNAC)

Created: 03 Aug 2012 | 2 comments

I have been having issues with SNAC on 2 Servers and cannot figure out what the issue is?

Here is what I get in the Debug Log:

33 c:\bld_area\CMC_11.0-RU6\Symantec_Enterprise_Protection\Client_Management\src\sndfc\src\sndfc\snd\CoRtLock.h(81)
08/03 13:39:57 [3748:6020] Saving SMC State
08/03 13:39:57 [3748:6020] chmod on file C:\Program Files\Symantec AntiVirus\SerState.dat to read/write.
08/03 13:39:57 [3748:6020] C:\Program Files\Symantec AntiVirus\StdDef.dat: Not found.
08/03 13:39:57 [3748:6020] C:\Program Files\Symantec AntiVirus\trojan.dat: Not found.
08/03 13:42:51 [3748:6020] Found explorer.exe pids=3576
08/03 13:42:51 [3748:6020] SmcGui mode 1
08/03 13:42:51 [3748:2708] TSE: user session found.
08/03 13:42:51 [3748:2708] TSE: user session is on track.
08/03 13:42:51 [3748:3536] Snac HiTest:0,  0
08/03 13:42:51 [3748:4384] Starting SMC GUI
08/03 13:42:51 [3748:4384] GetUserAndDomain in smc: Trying to get the User/Domain
08/03 13:42:51 [3748:4384] Enterprise version, Build 552!!!
08/03 13:42:51 [3748:4384] user_id = xxx/xxxxxxxx
08/03 13:42:51 [3748:3536] SMCGui - 2664: CSmcDlg::Profile() - ImportFromDm() returned...
08/03 13:42:52 [3748:2708] Remove file check prompt session by sn change at: C:\WINDOWS\system32\winlogon.exe
08/03 13:42:53 [3748:3536] SMCGui - 2664: CSmcDlg::UpdateProfileInfoE00E-07/30/2012 09:37:41 629:My Company
08/03 13:42:53 [3748:3536] Saving SMC State
08/03 13:42:53 [3748:3536] chmod on file C:\Program Files\Symantec AntiVirus\SerState.dat to read/write.
08/03 13:42:53 [3748:3536] C:\Program Files\Symantec AntiVirus\StdDef.dat: Not found.
08/03 13:42:53 [3748:3536] C:\Program Files\Symantec AntiVirus\trojan.dat: Not found.
08/03 13:43:14 [3748:3536] SMCGui - 2664: SymCorpUI is not trusted

*****I manually removed some security information*****

I run a Host Integrity on Servers and everything works and here is the log for that:

08/03 13:48:29 [3748:6020] Saving SMC State
08/03 13:48:29 [3748:6020] chmod on file C:\Program Files\Symantec AntiVirus\SerState.dat to read/write.
08/03 13:48:29 [3748:6020] C:\Program Files\Symantec AntiVirus\StdDef.dat: Not found.
08/03 13:48:29 [3748:6020] C:\Program Files\Symantec AntiVirus\trojan.dat: Not found.
08/03 13:48:42 [3748:3536] HI: reset to history result in location Default
08/03 13:48:42 [3748:3536] HI: set HI result to HI_CHECK_FAIL.
08/03 13:48:42 [3748:3536] HI: reset HI timer trigger. Enabled: 1
08/03 13:48:42 [3748:3536] HI: Run HI check has been triggered by user.
08/03 13:48:45 [3748:3512] HI: reset to history result in location Default
08/03 13:48:45 [3748:3512] HI: set HI result to HI_CHECK_FAIL.
08/03 13:48:45 [3748:3512] HI: HI checking is triggered.
08/03 13:48:45 [3748:5108] <SNAC><ComplianceEngine@498> Smc Started = 1
08/03 13:48:45 [3748:3512] HI: Script Execution is started
08/03 13:48:45 [3748:3512] HI: The winsta\desktop is : Winsta0\Default
08/03 13:48:45 [3748:3512] HI: ProcessIdToSessionId 77E6F032 is different from dwSessionId 1
08/03 13:48:45 [3748:3512] HI: ProcessIdToSessionId 77E6F032 is different from dwSessionId 1
08/03 13:48:45 [3748:3512] HI: bFindWinlogon is 1
08/03 13:48:45 [3748:3512] HI: SetTokenInformation successfully
08/03 13:48:45 [3748:3512] HI: the using the first Vista/XP(FUS) method
08/03 13:48:46 [3748:3512] Script exit normally.
08/03 13:48:46 [3748:3512] HI: Script running Completed
08/03 13:48:46 [3748:3512] HI: Closing the Scrpit process handle.
08/03 13:48:46 [3748:3512] HI: set HI result to HI_CHECK_SUCCESS.
08/03 13:48:46 [3748:3512] HI: Host Integrity check passed.
08/03 13:48:46 [3748:3512] HI: HI result is updated. Result: 0 , Reason: 0 , Description: Host Integrity check passed
  Requirement: "Verifying SEP 11 Turned on with SEP Path" passed
  Requirement: "Verifying SEP 11 Turned on with AntiVirus Path" passed
 , Timestamp: 12988489726
08/03 13:48:46 [3748:3512] <SyLink>HI status is changed to=1; reason=0; rule=Host Integrity check passed
  Requirement: "Verifying SEP 11 Turned on with SEP Path" passed
  Requirement: "Verifying SEP 11 Turned on with AntiVirus Path" passed

08/03 13:48:46 [3748:5108] <SNAC><ComplianceEngine@498> Smc Started = 1
08/03 13:48:46 [3748:5108] <SNAC><ComplianceEngine@508> compliance status changed, update SHM
08/03 13:48:46 [3748:5108] <SNAC><GatewayClient@771> Update Compliance status
08/03 13:48:46 [3748:5108] <SNAC>Ready to Send update status!

08/03 13:48:46 [3748:5108] <SNAC><PluginManager@2134> HandleReloadComplianceStatusRequest
08/03 13:48:46 [3748:5108] <SNAC><PluginManager@2158> g_hNTDLL is 60F60000, g_lpNapData is 0
08/03 13:48:46 [3748:5108] <SNAC><LanClient@2799> Handle Compliance status changed request
08/03 13:48:46 [3748:5108] <SNAC><LanClient@2800> Original compliance status:
08/03 13:48:46 [3748:5108] <SNAC><LanClient@2805> New compliance status:

What am I missing? Any help would be appreicated.

Comments 2 CommentsJump to latest comment

Srikanth_Subra's picture

it is telling as definitions are not found?? but the second log is showing as it was passed

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

MikeK1958's picture

Hello,

We have at work, SYMC PROTECTION SUITE ENTERPRISE EDITION 4.0 .

Does this product has logs that will enable me to see when users [by name or id or ip] had logged-in/logged-out to our server?

I am would like to keep trace of users that are logging from "outside" [VPN] .

thank you in advance.
Mickey.