Video Screencast Help

ZIP file getting block while copying on sharing folder.

Created: 26 Oct 2012 • Updated: 30 Oct 2012 | 21 comments
This issue has been solved. See solution.

If we are run some software and it getting block by SEP then on which Log I need to check.

I have already check NTP àTraffic and package log found nothing.

I think this file is getting block through True scan.

I have enable to SMC log but unable to see anything getting block on it.

 

Client version:-11.0.6200.754

Console version: RU7.

Client OS: - Window 7 professional 32 bit(services pack 1)

Component on client system: All

Antivirus & Antivirus Spyware.

NTP:-Network threat protection.

PTP:-Protective threat protection.

NAC: Network access Control.

Please suggest.

Comments 21 CommentsJump to latest comment

pete_4u2002's picture

does disabling the SEP helps to run the software?

did you check application event viewer?

 

Nagesh Singh's picture

Thanks Pete_4u2002

Yes if we disable the SEP then it’s working .

Thanks & Regards,

Nagesh Singh

 

pete_4u2002's picture

is there anything in application event viewer related to this incident?

do you have application and device control policy in place? can you check if the application rule has been set not to execute?

 

Nagesh Singh's picture

Yes we have ADC but there is no such rule we have added

Actually this is a software which are directly create Some ZIP (compares file) and upload to the Share folder. We have observed it working first 2 times but when the size of the file gets increase then it not working. Even we are not getting any error massage also.

Thanks & Regards,

Nagesh Singh

 

greg12's picture

TruScan logs:

SEPM: Monitors > Logs > PTP logs

SEP client: Logs > Proactive Threat Protection > Threat Log

If it is really a TruScan false positive, you may create a centralized exception exclusion for your application.

 

Nagesh Singh's picture

nothing found on above log.

 

please sugest

Thanks & Regards,

Nagesh Singh

 

Nagesh Singh's picture

Hi,

I have observed if we are uploading ZIP file which are more the 50 MB from the local system to network share drive then it is getting block but we disable the SEP then it working properly.

Both the system having SEP 11.0.6200.745 version and having all the SEP component.

Thanks & Regards,

Nagesh Singh

 

Ashish-Sharma's picture

HI Nagesh,

Have you create centralized exception exclusion for application ?

Can you sharing Blocked Snap Shot ?

Thanks In Advance

Ashish Sharma

 

 

Nagesh Singh's picture

Thank Ashish,

But we are not getting any error message only we will disable the SEP then it is started working.

And yes we have put the same application in centralize exception then also problem persist.

Thanks & Regards,

Nagesh Singh

 

Ashish-Sharma's picture

Hi,

Try to disable only NTP feature and check .

Thanks In Advance

Ashish Sharma

 

 

Nagesh Singh's picture

Hi Ashish,

Then also it's not working. We have disabled the NTP as well as PTP but result is same.

Actually the first time it’s working and if we are doing same then next time then it’s not working.

Can you please tell me how I can enable the log to check?

 

 

Thanks & Regards,

Nagesh Singh

 

Ashish-Sharma's picture

HI,

Do you have any policy create in NAC ?

What happed if you have disabled NAC service Or disable ?

Thanks In Advance

Ashish Sharma

 

 

Nagesh Singh's picture

Unable to get you. Can you please elaborate?

Are you taking about SNAC policy?

 

Thanks & Regards,

Nagesh Singh

 

Ashish-Sharma's picture

Yes, I think you have enabled SNAC ?

Thanks In Advance

Ashish Sharma

 

 

Nagesh Singh's picture

Hi All,

After Trouble shooting we have found if we disable the NTP + PTP on client system then software is working fine but as our requirement we need to disable the USB as well as External drives.

Please suggest.

Thanks & Regards,

Nagesh Singh

 

Riya31's picture

Try only disabling ADC policy..if successded then check the ADC rules.

If ADC is blocking you can check control log on client side or application and device control log on SEPM.

Ashish-Sharma's picture

HI Nagesh,

You can raised Support ticket for symantec support.

Thanks In Advance

Ashish Sharma

 

 

pete_4u2002's picture

are you using the latest version? if not , can you try that?

and is it seen on Win XP ?

Nagesh Singh's picture

Hi pete_4u2002,

We have window 7 system and my Antivirus version on client system is RU6 MP2 and SEPM version is also RU6 MP2,

so please tell me is it’s bug in this version?

Thanks & Regards,

Nagesh Singh

 

Nagesh Singh's picture

Hi All,

This is a bug in RU6 and after upgrade the SEP Version on client system from RU6 to RU7 it is started working.

Thanks to all.

Thanks & Regards,

Nagesh Singh

 

SOLUTION
pete_4u2002's picture

http://www.symantec.com/docs/TECH103087
 

mostly it matches this ,

Fix ID: 2102159
Symptom: With Server Message Block Volume 2 (SMB2) enabled, file copies between Windows 7 and Windows 2008 may hang. The file copy dialog may never complete.
Solution: The Teefer2 driver was optimized to avoid a FIFO queue bottleneck when processing SMB2 packets.