Endpoint Protection

Hello,

I'm having a trouble with a client on a machine which cannot be remotely accessed.

I deployed an agent by a third part deploying tool on three machines which are far from the customer site and for security reason cannot be reached except by browsing the file system.

One of this machine is not visibile on the SEP Manager Console but from the logs I received I'm sure the client was successfully installed.

Since I cannot run the debugging tool help.exe, I would ask if someone has been ever experienced this kind of scenario?

The customer swear there's no firewall even if the machines are not connected on the same switch.

Could you please help me to proceed over?

Best regards,

Alex.

Is port 8014 open? Replace the sylink on the client.

Check this KBA:

Troubleshooting Client Communication with SEPM

in regards to troubleshoot the issue you need to contact the remote user to enable logging and check for the communication.

Hello,

customer confirmed port 8014 is open.

The only thing I can do is excute scripts remotely and get the result in a txt o log file.

I've asked the customer to run a simple tasklist /m to detect if the client is running and in the resulting log file, the smc.exe process is running and there are two libraries lodaded: SMCTrayStatus.dll and SmcRes.dll.

Compared with a local test machine, in the received tasklisst file the library SmcImpl.dll  is missing.

Can be this helpful to debug? Can be this library a clear symptom that something is wrong from the client side?

Regards,

Alex.

Can the SymHelp tool be run on it to determine if any errors are present?

Thanks for suggesting, unfortunately I can't access in remote desktop the machine.

Is there a way to run the tool via command line and produce a log file? This could be very helpful to me.

Alex.

Yes, see the guide here:

http://www.symantec.com/docs/TECH170735

Open registry on your local machine. click on file connect remote registry ( if you are not able to connect, open services.msc, open the remote machine service, enable remote registry service)

enable sylink. Post the logs here

http://www.symantec.com/business/support/index?page=content&id=TECH104758

Hello,

SymHelp can be run from a command line with a number of command line options. For detailed information, read the document:

What command-line parameters are available for use with the Symantec Help

http://www.symantec.com/docs/TECH170732

Hope that helps!!

SymHelp contains a Health Check scan which generates a report for the Symantec Endpoint Protection client that will test the client's ability to communicate with its configured list of Managers.  This report will confirm:

1. if the client has a list of managers to contact

2. what those managers are

3. if the DNS resolution required is working

4. if the client can perform what is called the Secars test to confirm connectivity to each of those managers.

For these reasons I would recommend running SymHelp as your next step as suggested above.