Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

Symantec Network Access Control (SNAC)

Created: 03 Aug 2012 | 2 comments

I have been having issues with SNAC on 2 Servers and cannot figure out what the issue is?

Here is what I get in the Debug Log:

33 c:\bld_area\CMC_11.0-RU6\Symantec_Enterprise_Protection\Client_Management\src\sndfc\src\sndfc\snd\CoRtLock.h(81)
08/03 13:39:57 [3748:6020] Saving SMC State
08/03 13:39:57 [3748:6020] chmod on file C:\Program Files\Symantec AntiVirus\SerState.dat to read/write.
08/03 13:39:57 [3748:6020] C:\Program Files\Symantec AntiVirus\StdDef.dat: Not found.
08/03 13:39:57 [3748:6020] C:\Program Files\Symantec AntiVirus\trojan.dat: Not found.
08/03 13:42:51 [3748:6020] Found explorer.exe pids=3576
08/03 13:42:51 [3748:6020] SmcGui mode 1
08/03 13:42:51 [3748:2708] TSE: user session found.
08/03 13:42:51 [3748:2708] TSE: user session is on track.
08/03 13:42:51 [3748:3536] Snac HiTest:0,  0
08/03 13:42:51 [3748:4384] Starting SMC GUI
08/03 13:42:51 [3748:4384] GetUserAndDomain in smc: Trying to get the User/Domain
08/03 13:42:51 [3748:4384] Enterprise version, Build 552!!!
08/03 13:42:51 [3748:4384] user_id = xxx/xxxxxxxx
08/03 13:42:51 [3748:3536] SMCGui - 2664: CSmcDlg::Profile() - ImportFromDm() returned...
08/03 13:42:52 [3748:2708] Remove file check prompt session by sn change at: C:\WINDOWS\system32\winlogon.exe
08/03 13:42:53 [3748:3536] SMCGui - 2664: CSmcDlg::UpdateProfileInfoE00E-07/30/2012 09:37:41 629:My Company
08/03 13:42:53 [3748:3536] Saving SMC State
08/03 13:42:53 [3748:3536] chmod on file C:\Program Files\Symantec AntiVirus\SerState.dat to read/write.
08/03 13:42:53 [3748:3536] C:\Program Files\Symantec AntiVirus\StdDef.dat: Not found.
08/03 13:42:53 [3748:3536] C:\Program Files\Symantec AntiVirus\trojan.dat: Not found.
08/03 13:43:14 [3748:3536] SMCGui - 2664: SymCorpUI is not trusted

*****I manually removed some security information*****

I run a Host Integrity on Servers and everything works and here is the log for that:

08/03 13:48:29 [3748:6020] Saving SMC State
08/03 13:48:29 [3748:6020] chmod on file C:\Program Files\Symantec AntiVirus\SerState.dat to read/write.
08/03 13:48:29 [3748:6020] C:\Program Files\Symantec AntiVirus\StdDef.dat: Not found.
08/03 13:48:29 [3748:6020] C:\Program Files\Symantec AntiVirus\trojan.dat: Not found.
08/03 13:48:42 [3748:3536] HI: reset to history result in location Default
08/03 13:48:42 [3748:3536] HI: set HI result to HI_CHECK_FAIL.
08/03 13:48:42 [3748:3536] HI: reset HI timer trigger. Enabled: 1
08/03 13:48:42 [3748:3536] HI: Run HI check has been triggered by user.
08/03 13:48:45 [3748:3512] HI: reset to history result in location Default
08/03 13:48:45 [3748:3512] HI: set HI result to HI_CHECK_FAIL.
08/03 13:48:45 [3748:3512] HI: HI checking is triggered.
08/03 13:48:45 [3748:5108] <SNAC><ComplianceEngine@498> Smc Started = 1
08/03 13:48:45 [3748:3512] HI: Script Execution is started
08/03 13:48:45 [3748:3512] HI: The winsta\desktop is : Winsta0\Default
08/03 13:48:45 [3748:3512] HI: ProcessIdToSessionId 77E6F032 is different from dwSessionId 1
08/03 13:48:45 [3748:3512] HI: ProcessIdToSessionId 77E6F032 is different from dwSessionId 1
08/03 13:48:45 [3748:3512] HI: bFindWinlogon is 1
08/03 13:48:45 [3748:3512] HI: SetTokenInformation successfully
08/03 13:48:45 [3748:3512] HI: the using the first Vista/XP(FUS) method
08/03 13:48:46 [3748:3512] Script exit normally.
08/03 13:48:46 [3748:3512] HI: Script running Completed
08/03 13:48:46 [3748:3512] HI: Closing the Scrpit process handle.
08/03 13:48:46 [3748:3512] HI: set HI result to HI_CHECK_SUCCESS.
08/03 13:48:46 [3748:3512] HI: Host Integrity check passed.
08/03 13:48:46 [3748:3512] HI: HI result is updated. Result: 0 , Reason: 0 , Description: Host Integrity check passed
  Requirement: "Verifying SEP 11 Turned on with SEP Path" passed
  Requirement: "Verifying SEP 11 Turned on with AntiVirus Path" passed
 , Timestamp: 12988489726
08/03 13:48:46 [3748:3512] <SyLink>HI status is changed to=1; reason=0; rule=Host Integrity check passed
  Requirement: "Verifying SEP 11 Turned on with SEP Path" passed
  Requirement: "Verifying SEP 11 Turned on with AntiVirus Path" passed

08/03 13:48:46 [3748:5108] <SNAC><ComplianceEngine@498> Smc Started = 1
08/03 13:48:46 [3748:5108] <SNAC><ComplianceEngine@508> compliance status changed, update SHM
08/03 13:48:46 [3748:5108] <SNAC><GatewayClient@771> Update Compliance status
08/03 13:48:46 [3748:5108] <SNAC>Ready to Send update status!

08/03 13:48:46 [3748:5108] <SNAC><PluginManager@2134> HandleReloadComplianceStatusRequest
08/03 13:48:46 [3748:5108] <SNAC><PluginManager@2158> g_hNTDLL is 60F60000, g_lpNapData is 0
08/03 13:48:46 [3748:5108] <SNAC><LanClient@2799> Handle Compliance status changed request
08/03 13:48:46 [3748:5108] <SNAC><LanClient@2800> Original compliance status:
08/03 13:48:46 [3748:5108] <SNAC><LanClient@2805> New compliance status:

What am I missing? Any help would be appreicated.

Comments 2 CommentsJump to latest comment

Srikanth_Subra's picture

it is telling as definitions are not found?? but the second log is showing as it was passed

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

MikeK1958's picture

Hello,

We have at work, SYMC PROTECTION SUITE ENTERPRISE EDITION 4.0 .

Does this product has logs that will enable me to see when users [by name or id or ip] had logged-in/logged-out to our server?

I am would like to keep trace of users that are logging from "outside" [VPN] .

thank you in advance.
Mickey.