Endpoint Protection

 View Only

  • 1.  My SEP does not turn on!

    Posted Aug 25, 2010 08:39 AM
    hello everybody
    i have a archive server running a windows dserver 2003 and Symantec Endpoint Protection Manager on it!
    today i noticed that my SEPM is deactive and some kind of virus(i think) exist in root of every partitions!
    there is a autorun.inf that runs tbox.exe
    so when i try to open the Drive , a textbox appears and writes : hello world!
    the main problem is this that my SEPM is deactive and doesnt perform any scan or active scan or ...
    please help me...
    how can i turn it on back?



  • 2.  RE: My SEP does not turn on!

    Posted Aug 25, 2010 01:58 PM
    Its the SEP(Symantec Endpoint Protection) Client that protects your server from threats. The SEPM is a management console and installing it alone does not protect your server. In this case if you have installed SEP client and if its functional then go ahead and get the latest definitions and perform a full scan on the server and it should take care of the infection.

    Erroneously if you have not installed SEP Client, then install SEP as an unmanaged client from the source CD/DVD and then scan the server. The SEP client would be in the SEP folder of the source, run the exe and you should be good to go.


  • 3.  RE: My SEP does not turn on!

    Posted Aug 25, 2010 02:17 PM
    First of all Disable Autoplay on the server.
    Then run a full scan on this server using norton power eraser
    http://security.symantec.com/nbrt/npe.asp?lcid=1033



  • 4.  RE: My SEP does not turn on!

    Posted Aug 25, 2010 02:29 PM
    Cheap but effective.
    Start by doing the following.
    - Delete the FILE autorun.inf
    - Create a Directory called "AUTORUN.INF" on all partitions.

    There is likely to be a registry entry in RUN or RUNONCE calling a DLL that is going to recreate the FILE everytime the machine is restarted.

    By having the "AUTORUN.INF" FOLDER there, the system will not be able to create the file, thus preventing the system from recreating it.

    When you reboot, you will receive an error saying something.DLL error.

    That is one of the files you will need to delete.

    After that, you will be able to re-activate your AV and clean the system.

    Cheap but Effective! 


  • 5.  RE: My SEP does not turn on!

    Posted Aug 26, 2010 12:11 AM
    thanks for your help
    i had a mistake.
    my SEP client is disabled and i cant start its service!
    and cant delete autorun.inf file too!
    i am trying norton power eraser.
    so i will be back soon 


  • 6.  RE: My SEP does not turn on!

    Posted Aug 26, 2010 12:26 AM
    Can you see in the event viewer any error or warning under Application..


  • 7.  RE: My SEP does not turn on!

    Posted Aug 26, 2010 12:29 AM
    @ali_sampad....You  do not  have to delete autoplay, but you have to disable it, by  following:http://security.symantec.com/nbrt/npe.asp?lcid=1033.

    After this, download the  Norton security scan from ftp.symantec.com/misc/tools/nss, and run a full scan from it....


  • 8.  RE: My SEP does not turn on!

    Posted Aug 26, 2010 12:51 AM
    hi again symantec event manager and symantec setting manager and symantec client servisec are diabled!
    and when i start symantec setting manager and symantec event manager manually i could start symantec endpoint protection service but suddenly it stops working and i cant enable it and all of above servisec turn off again!! 


  • 9.  RE: My SEP does not turn on!

    Posted Aug 26, 2010 01:10 AM

    That isexpected, as there is a threat on the  computer....


    Could you please let me know what folders are present inside the folders, C:/program files/Common files/Symantec shared/VirusDefs folder? These foldrs  correspond to Virus definitions date and revision.

    Kindly do as mentioned in my post above this...the  NSS should detect the Threat, that sep could not as it is disabled...and then the  services would start......