Enterprise Security Manager
Sunny G
|
November 16th, 2009
Hello,
I am having an odd sort of issue. When installing the ESM 6.5.3sp2 agent on a MS Windows Server 2008 service pack 2 (sp2) the install is successful and there are no issues, but when it registers to the ESM Manager it is detected as Windows Vista. - Actually, i suspect this happens locally and not at registration time, but it becomes apparent after registration.
I have also installed a windows 2008 server agent and it showed up as Windows 2008. It may not have been service pack 2, however.
So the question is, does anyone know why this would be happening, if there is a fix/workaround, any other information that would be helpful?
In the mean time, I can still run a policy with WinVista checks against this system, but it is not the ideal scenario. I have not tried the ESM 9.0 or 9.0.1 agent yet since the manager is not upgraded. But as I said, i was able to install a 6.5.3sp2 agent properly in the past. I suspect there is some registry...
2 comments
Bryan S
|
November 12th, 2009
I would like to know, don't think we have a license, but it is a good thing to know and use.
Thank you.
1 comments
Asane
|
November 9th, 2009
I have enabled checks for security patches on Windows based server. I have a few servers reporting as missing patches. I need to understand what is it that Symantec looks for while determining that a machine is missing an update. Our patching tool did not highlight any missing security updates. Would anyone know if Symantec just does a file version comparison as given on MS site?
0 comments
ant2010
|
November 6th, 2009
My Domain server has this problem 2 weeks ago. it worked fine before.
About every one day, the DC server will automatically create user's profile under "document and setting" in server. No roaming profile was set. when we have this problem, we cannot access the shared folder in server. Restart the server solve it temporary but about 10 hours later, same problem come again.
I searched the solutions for this problem, some one suggested uninstall symantec, so I stopped all symantec service in DC server, and seems the problem fixed.
we use symantec antivirus version 10.1.5.5002.
any one know how to fix it?
Any suggestion would be appreciated..
Thanks,
Ant
0 comments
doi
|
November 4th, 2009
Hi;
I have installed ESM 9.0 on Windows Server and also i have installed ESM agent to the same server. When I want to run a policy on the agent, i get an error like :
"Error, error writing the server name to the remote process for agent xxxx; The ESM agent () is not authorized to contact the manager. Please re-register the agent with the manager."
I have re-register the agent many times. But the problem did not fix. Do you have any idea?
Thanks;
turgay
6 comments
SymantecFriendly
|
October 26th, 2009
Hello,
I'm an ESM beginner and I quickly found how to make it work and how to use it. But now I'd like to customize it by creating customized templates and policies (for Windows, AIX and/or Solaris checks).
Symantec documentation only says :
- double-click the template to open the Template Editor,
- specify row information, including any sublist information that is needed,
- click Save and then click Close.
Unfortunately, no documentation to explain "row information, including any sublist information that is needed". So, I can't succeed in creating a simple template that verify if a file exists (with Green report if it does, and Red report if not).
So, I don't specifically need a solution for that example, but I need documentation on modules, templates, checks, or (better) course support.
Thanks for your answers.
3 comments
bruthe
|
October 26th, 2009
Hi,
I get an error when I run dbconvert tool:
Connecting to database...Connection established
Connecting to manager *********... Connection established
Converting Manager Name... Finished
Converting Messages... Finished
Converting Agents... Finished
Converting Domains... Finished
Converting Policies... Finished
Converting Suppressions... % +++++++++com.symantec.esm.jcif.CifException: error sendi
ng termination message to manager.
error reading reply from manager on ************
connection closed by remote process
connection lost
failed to close suppress database on server
error reading reply from manager on ***************
connection closed by remote process
failed to read first suppress record from server
connection closed by remote process
at com.symantec.esm.jcif.CifConnection.checkCall(Unknown Source)
...
10 comments
seperlinky
|
October 12th, 2009
Hi,
Does anyone knows how to remove the missing summary report on ESM Manager?
I am on ESM Manager 6.5
10 comments
nemo6868
|
October 12th, 2009
We're using Symantec End Point protection Manager v 11.0.4202.75 with a network of some thousands of clients and servers.
I'd like to add a notification when the number of attacks in a defined time period of time is outnumbered. I created a notification of "Client security alert" type:
But I couldn't succed.
Do you have any suggestion about it?
Thanks
1 comments
bruthe
|
October 8th, 2009
Hi,
a user created many suppress of Yellow messages (like 160 000!!!) but only one was enough...
:-(
now I want delete these suppress.
when I select all suppress and I click delete, ESM is working like a dog!
2 days after, only 50 suppress was deleted!!!
Someone know an another way to delete these suppress more faster?
R.
Bruthe
7 comments
Bryan S
|
October 5th, 2009
Good day everyone, pretty simple question. I just need to know if we have access to this and who I need to reach out to in order to check on it.
Thank you
1 comments
bruthe
|
September 29th, 2009
Hi,
I have a probleme to find which process listen on TCP or UDP port.
ESM return port XXXXX is listen but "process unknown"
the process is running in non-global zone on solaris 10.
however when I run lsof on global zone, it works! I can get the process name but ESM can't!
Why ESM can't get the process name?
thanks
Bruthe
4 comments
LyNeTtE-sKi23
|
September 22nd, 2009
Host ID Transfer
What is a Host ID?
A Host ID, sometimes called a Node ID, is a unique identifier on aUNIX system. Symantec asks for this ID during license registrationand utilizes the ID to ensure that only the license owner can install and use the license
When a license key/file is generated for a specific computer, it is locked to a number that is unique to that machine.
What is a Symantec System ID (SSID)?
The Symantec System ID is a unique identifier for a particular machine. An SSID is similar to a Host ID, except that the Symantec software adds data to the core Host ID value to create a unique string format. The Symantec System ID format varies from product to product, and across machine types.
What is the difference between "Node-Locked" and "Non-Node-Locked" license keys?
A "Node-Locked" license key is one that can only be used on a single host machine, which is typically identified during the license registration process. "Non-Node-...
0 comments
Jeff Vandervoort
|
September 13th, 2009
Prelude
Initially, I wrote this about Backup Exec, because that's where I ran into this problem. I'm also a SAV & SEP veteran but don't recall seeing this heinous language in their KB articles. So maybe it's a Veritas thing. But, whatever...
...then it occurred to me that while BE may (or may not) be the only Symantec enterprise product to which the symptom applies, the cure is universal. Because it bridges a huge gap between the goals of Symantec Sales, Support, Connect, Knowledge Base, and Product Managers. So I've taken the unusual-and-hopefully-not-presumptuous step of tagging it to all available products. It is global.
That kinda makes it Ideas spam, I know. Never done it before; probably never will again. Hope you can forgive me!
Don Quixote Battles Symantec
Two KB articles I've browsed recently contain variations on this boilerplate (emphasis mine):
"There are currently no plans to address this issue by way of a patch or hotfix in the...
11.x, 12.x, 8.x, Altiris Client Management Suite, Security, 10.x, 11.x, 7.x and Earlier, Altiris Deployment Solution, Vision User Conference, 10.x and Earlier, 9.x and Earlier, Altiris IT Asset Management, Storage Management, Altiris Notification Server, Backup and Archiving, Altiris Recovery Solution, Clustering and Replication, Altiris Server Management Suite, Endpoint Management and Virtualization, Inside Symantec, Brightmail Gateway, Cluster Server One, Control Compliance Suite, Critical System Protection, Data Loss Prevention (Vontu), Dell Management Products, Endpoint Encryption, Endpoint Protection (AntiVirus), Endpoint Protection Small Business, Enterprise Security Manager, General Symantec, Ghost Solution Suite, Helpdesk Solution, Hosted Mail Security, HP Management Products, IM Manager, Mail Security for Exchange/Domino, Mobile Security, Network Access Control, Online Backup, Online Storage for Backup Exec, pcAnywhere, Replication Exec, Security Information Manager, SecurityExpressions, ServiceDesk, SFHA Management (SFM, VIAS, VOS), Storage Foundation for Windows, Symantec Connect, Symantec Vision, Volume Replicator, Web Gateway, Wise Application Packaging, Wise Installation Development, Workflow Solution, Workspace Corporate, Workspace Remote, Workspace Streaming, Workspace Virtualization
15 comments
pejacoby
|
September 4th, 2009
I'm trying to use Document ID 316829 to change the location of LiveUpdate download folder on my ESM machine.
The KB appears to be incorrect -- it indicates the setting to change is PREFERENCES\WORKDIRECTORY, but this is what is in the file:
Settings.LiveUpdate file
PREFERENCES\WORKINGDIRECTORY=C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads
I'm trying to change that value to "E:\Program Files\Symantec\LiveUpdate\Downloads", a directory I created.
When I change the setting and save the file, whatever action is taken next with LiveUpdate resets the WorkingDirectory value to it's default.
When I open the Symantec LiveUpdate control panel, the settings get reset!
I can see that the 1.Settings.LiveUpdate backup file has the DEFAULT C:\... value in it, while the 2.Settings.LiveUpdate has the E:\... setting I had put in place.
Settings.LiveUpdate will show a zero-byte file until I close the LiveUpdate control...
1 comments
Daniel S
|
September 3rd, 2009
ESM 9.0 Agent installation issues on Windows Server 2003 Ent SP2 running SQL2005 with Cluster Services.
We have a physical windows server 2003 enterprise edition sp2 server running SQL server 2005 with sql cluster services. When attempting to install the W2K3 agent on the server, we encounter the following condition. the install screen appears for a brief moment and closes with a message cannot install the ESM agent.
I have tried with the 9.0.1 agent and have the same issue
I have checked the windows logs and there isn’t any information regarding a failed install.
Our team has contacted Symantec support and they have recommended changes to the registry however our team would like to research other resolution paths before turning to this option.
Please assist and if you require any additional information or logs please let me know
Daniel
2 comments
FrankR
|
August 31st, 2009
For monitoring Windows Server 2008, there are some tests that do not seem to be available via ESM currently.
The tests are as follows (all of these are new settings for Server 2008, not in Server 2003):
Account Integrity module:
1. Access credential manager as a trusted caller
2. Change time zone
3. Create symbolic link
4. Increase a process working set
System Auditing module
1. Fine-grained auditing settings such as:
a. Audit Special Logon
b. Audit Directory Service Access
c. Audit Sensitive Privilege Use
This enhancement request (Idea) resulted from a case we raised on Symantec MySupport for ESM 9.0 SU37. The Symantec response was that these tests are not currently supported and we should submit an enhancement request.
0 comments
pejacoby
|
August 27th, 2009
My \ESM\ESM Enterprise Console\LiveUpdate folder is currently 3.9 gigabytes in size, with 2.7 gig in the granularlu folder.
The \ESM\granularlu holds another 1.8 gigabytes of data
Is this a typical amount of disk to be used by the LiveUpdate system?
Would I release disk space by resetting the LiveUpdate folder using the procedure in Document 2005111516095553 ? Would this also speed up the LiveUpdate process? It currently takes many hours for a Live Update "Updating Manager..." process to complete when running via the Console on my ESM Manager server.
http://service1.symantec.com/support/intrusiondete...
1 comments
btcfashion
|
August 27th, 2009
Hi..
I managed to install ESM 6.5.3 on Windows 2008 with the service pack 1 but i am unable to install it on server 2008 with SP2. i am getting the error "1720" i have done the registration of following dll files in the machines.
%systemroot%\System32\wbem\stdprov.dll
%systemroot%\System32\Scrrun.dll
i have got the same kind of error before in windows 2003 server once i have done the re-registration it worked fine..
Can anyone let me know the workaround for this issue..
Thanks in advance..
5 comments
btcfashion
|
August 27th, 2009
Hi..
I managed to install ESM 6.5.3 on Windows 2008 with the service pack 1 but i am unable to install it on server 2008 with SP2. i am getting the error "1720" i have done the registration of following dll files in the machines.
%systemroot%\System32\wbem\stdprov.dll
%systemroot%\System32\Scrrun.dll
i have got the same kind of error before in windows 2003 server once i have done the re-registration it worked fine..
Can anyone let me know the workaround for this issue..
Thanks in advance..
1 comments
duongthienson
|
August 26th, 2009
Hello everybody, I have a problem about NAV in my company about symantect, Please help me solute it. Many thanks
Now our system using Symantec AntiVirus Corporate Edition 10.2 client and server. NAV Server setup in to Window Sever 2003. And nearly all of client using windows XP. Untill now the symantec run ok,
But now we have some client setup window vista ultimate. I setup Symantec AntiVirus Corporate Edition 10.2 client into vista but the server can't see client.
I don't know how to fix it. Because now Microsoft don't sell winxp
Please help me, thanks
2 comments
Daniel S
|
August 26th, 2009
We have a physical windows server 2003 enterprise edition sp2 server running SQL server 2005 with sql cluster services. When attempting to install the W2K3 agent on the server, we encounter the following condition. the install screen appears for a brief moment and closes with a message cannot install the ESM agent.
I have tried with the 9.0.1 agent and have the same issue
I have checked the windows logs and there isn’t any information regarding a failed install.
Our team has contacted Symantec support and they have recommended changes to the registry however our team would like to research other resolution paths before turning to this option.
Please assist and if you require any additional information or logs please let me know
Daniel
3 comments
SwathiTurlapaty
|
August 21st, 2009
Companies risk billions of dollars in revenue and lost productivity each year due to loss of sensitive or confidential data. The primary sources for this loss are email systems, removable media, and mobile computers. Eliminating these damaging vulnerabilities requires careful prevention policies and security software tools. This TechTip describes how even small and mid-sized business customers can implement basic data loss prevention schemes and policies, starting with Symantec Protection Suite Enterprise Edition and Symantec Endpoint Encryption.
Protecting email
Over 90 percent of data losses through email are inadvertent: for example, an employee mistakenly forwards a sensitive document to the wrong person, or a virus is introduced to the system by a trusted email correspondent without their knowledge. With the proper configuration of Symantec Brightmail Gateway, a key component of Symantec Protection Suite Enterprise Edition, customers can prevent the disclosure of sensitive...
Security, Best Practice, TechTips, Features, Brightmail Gateway, Endpoint Protection (AntiVirus), Endpoint Protection Small Business, Enterprise Security Manager
2 comments
Bounsy
|
August 20th, 2009
For monitoring Windows Server 2008, there are some tests that do not seem to be available via ESM currently. Are these supported in any version of ESM or in any SU or are they going to be supported soon? Currently, we are using ESM 9.0 and have installed SU 37, but the tests are still not visible.
The tests are as follows (all of these are new settings for Server 2008, not in Server 2003):
Account Integrity module:
Access credential manager as a trusted caller
Change time zone
Create symbolic link
Increase a process working set
System Auditing module, Fine-grained auditing settings such as:
Audit Special Logon
Audit Directory Service Access
Audit Sensitive Privilege Use
etc.
0 comments