Introduction
The Symantec Endpoint Protection Support Tool is a standalone executable used for a number of different support, diagnostic and malware troubleshooting purposes. The SEP Support Tool is typically run locally interactively. This document will introduce the idea of running the SEP Support Tool remotely across the network.
The challenge of Multiple System Remote Diagnostics
In the ongoing effort to combat the malware deluge, companies are occasionally faced with the task of running the SEP Support Tool on multiple machines across the network. In some instances, due to the number of systems involved or simply due to time constraints, some companies find themselves tasking IT personnel to manually Remote Desktop to a machine and upload the SEP Support Tool utility and execute it interactively. Often this is not a burdensome issue when the task needs to execute on a single system, once a week or once a month or once a year. On the other hand, some customers want to run the SEP Support Tool utility more frequently and they wish to know a way to automate the task of upload, execution, and retrieval of the results. This document attempts to answer that need.
Some organizations already possess the capability to remote deploy software with their software management system; for those customers this document may only serve as an exception process. This process is especially useful when task creation in software management systems is out of the question due to the small number of machines involved or deployment package development time constraints. Organizations that do not possess an endpoint management or software delivery system can benefit from this alternative remote SEP Support Tool data collection solution.
Hope someone finds this useful.
Cheers,
NetRunner
Just adding a link to the official Symantec article (plus video) on command-line switches:
What command-line parameters are available for Symantec Help (SymHelp)? http://www.symantec.com/docs/TECH170732
Your white paper offers excellent detail and will be of great use to many admins. I have given this Connect Forum article a recommendation from the below:
How to run the Symantec Endpoint Protection Support Tool remotely Article: HOWTO72599 | Created: 2012-02-13 | Updated: 2012-03-30 | Article URL http://www.symantec.com/docs/HOWTO72599
Hi Netrunner,
Thank you for you response on this. I have not tested this yet but since you are an expert on this i believe every thing should go as designed. cheers...
A fellow coworker has added content to the whitepaper. It now contains a means to run SEPSupportTool via the Host Integrity Component of SEP 11.x or 12.x. This requires a Self Enforcement license (NAC).
Wonderful, awesome.
Steps to get the reputation data:
Execute sep_supporttool.exe -fg -lp -noup -s -out %TEMP% wait for execution to finish cd %TEMP% copy name.sdb to other computer that has internet access. Execute SEP_supporttool.exe by doubleclicking it. Click on "Open a report" on the top left hand side of the SEP_SupportTool GUI. Select the SDB file
The following message pops up:
"When running the Load Point check, the computer was unable to access the Symantec Reputation database! Would you like to use Symantec's Reputation database to re-check the unsigned Load Point files? NOTE: Thiw will update the file: FILENAME.sdbz"
Click Yes
Wait
Upon completion Click on "Load Points: 5 items" Click on "Windows Load Poinsts: Analysis" Scores are listed here on the left hand side green or red colored depending on the rating.
Please note that the sdbz file should be copied after the SEP_SupportTool has completed 100%. During the SEPSupportTool execution it creates a file named %machinedate%.sdb, please do not copy the file until SEP_SupportTool has finished.
I've run this procedure dozens of times with no problem. If you are having issues with the reputations being looked up, try running it on a machine with a different type of network access. For example, if in a proxy environment, try a non-proxied connection.
Good Luck,
The support log collected from a DMZ can be updated with the reputed database by openning the file from a machine which has internet conncetion.
But sadly this feature does not work often. Do you have any steps that can validate this process