Endpoint Protection

 View Only

  • 1.  SEP 12.1 Will Reach End of Standard Support Life on 3 April 2019

    Posted Mar 19, 2019 06:48 AM

    Just raising awareness: 



    End of Support Life for Endpoint Protection 12.x

    https://www.symantec.com/connect/blogs/end-support-life-endpoint-protection-12x

    http://www.symantec.com/docs/TECH239769

     

    Definitions will continue for two additional years, but after the 3rd of April SEP 12.1 will not be receiving any bug fixes, enhancements or improvements. All of those new features and technologies will be included in more recent product releases.  So: it's time to think about a calm and well-managed migration to SEP 14, in case the process has not already begun!   
     



  • 2.  RE: SEP 12.1 Will Reach End of Standard Support Life on 3 April 2019

    Posted Apr 01, 2019 11:26 AM

    Can SEPM 14 manage SEP 12.1 clients including updating of virus definitions from the SEPM 14 .jdb files ?

    Out of 25 computers on the domain 19 are currently running XP. A few could be Windows 7 but several have to be XP be due to the software not being compatible with Windows 7.

    The domain is totally off line and the clients run antivirus only.



  • 3.  RE: SEP 12.1 Will Reach End of Standard Support Life on 3 April 2019

    Posted Apr 01, 2019 11:48 AM

    Hi support_itsystem,

    Yes, SEP 14 SEPMs can manage SEP 12.1 clients.  You're OK there.  &: )

    XP itself should be considered inherently insecure here in 2019. With every month that passes, there are more and more known unpatched vulnerabilitites that freely-available tools can exploit. 

    If someone brings an infected USB drive into that environment, it will be very difficult for SEP 12.1 with AV only to provide protection. 

    I really recommend updating to modern equipment with modern defenses.  If that can't immediately be done, then at least add SEP's IPS and other components!



  • 4.  RE: SEP 12.1 Will Reach End of Standard Support Life on 3 April 2019

    Posted Apr 03, 2019 06:51 AM

    Hi Mick,

    Thanks for comfirming SEPM 14 can manage and update the definitions on SEP 12.1.x clients from the version 14 .jdb files.

    Most clients have SEP 12.1.5 but one running Win7x64 is 12.1.1 because of a strange confict with another application.

    The non-critical XP systems could mostly be Win7 with newer hardware, they are just XP as otherwise redundant systems used. In practice USB drives are rarely connected to these so the sockets could be covered over.

    The ciritcal ones have to stay as XP. By the time hardware availability is a real issue I hope to be retired !! While inconvenient the USB ports could be covered over and all file transfers via a Win7 system to the network then copied from the network to the XP systems.

    Years ago the clients were cut back to the basic antivirus to minimise the resources overhead but that ought not to be an issue now as at least Core2Duo rather than a single threaded P4 running at 2.0 - 2.8 GHz so other SEP components could be installed.

    The policy is that downloads via the internet if .zip etc files should be unpacked on the local system so any gremins should be found before transfer to the internal off-line network. The risk, as you highlight, is a USB brought in with files from a customer.

    All things to consider, just need that commodity called spare time !!!

    Again thank you.

     



  • 5.  RE: SEP 12.1 Will Reach End of Standard Support Life on 3 April 2019

    Posted Dec 15, 2020 09:42 AM
    Edited by support_itsystem Dec 15, 2020 10:53 AM
    Finally I have time and hardware to update this network.

    First a reminder that this network is totally stand alone. All virus definition and any other updates are by downloading files on an internet connected PC and transferring via a USB flash drive.

    Neither the server or clients are, or ought not to be, running any firewall.

    The Server / Domain Controller has been migrated from 2003 to 2012 R2 Essentials. The hardware is a Dell T420.
    Having two sets of hardware this has been done leaving the main network intect. I just have moved a couple of client PC's to create a test setup.

    On this I have installed SEPM 14.3 MU1 build 1169 ( 14.3.1169.0100 )

    Perhaps not neccessary, as the clients ( currently ) all have SEP running and if ever needed I could install locally,  I have added the SEP 12.1.671.4971 and 12.1 RU5 ( 12.1.5337.5000 ) Client Packages.

    From this page
    https://www.broadcom.com/support/security-center/definitions/download/detail?gid=sep14

    I am not certain I have chosent the correct definition file to download

    Symantec Endpoint Protection Manager Installations on Windows Platforms
    Supports the following versions of Symantec antivirus software:
    Symantec Endpoint Protection 14.3 and later

    Right now the file name is
    jdb/core3sds/vd5b1e02core3sdsi64.jdb

    My big issue though linking my clients to the new SEPM. Give they have SEP running to  SEPM 12.1.5 my thinking is all that ought to be needed is to update the communication package.
    Trying this from SEPM 14 using ' Add a client ', selecting a group and choosing Computer mode then remote push client can be seen, selected and Administrator login credentials added and the client added at the right of the screen. However the remote push fails.

    Next I went down the road of creating a package. Unpacking this on the client they trying to run Sylinkdrop.exe reported ' not a vaild Win32 application '

    Hence from SEP on the client I went to troubleshooting > Import and imported the Sylink.xml file.
    However the connection screen shows the details for the Server PC with SEPM but the connection fails.
    One difference is the port is shown as 444 rather than 8014

    Finding this test
    http://management_server_address:8014/secars/secars.dll?hello,secars

    this works returning OK
    http://100.100.103.10:8014/secars/secars.dll?hello,secars

    but this fails
    http://100.100.103.10:444/secars/secars.dll?hello,secars

    Hence potentially indicating the issue but what do I need to look at to resolve it ?

    I need to get this resolved ASAP as I want to migrate my test system to the main network early next week while very few staff are working.

    Hence all advice will be appreciated. If any of my explaination is not clear I will try to clairify any points.
    Original Message


  • 6.  RE: SEP 12.1 Will Reach End of Standard Support Life on 3 April 2019

    Posted Dec 15, 2020 12:02 PM
    I added this as an edit to my earlier post but to me anyway it is not showing hence this second post.

    The current SEPM 12.5 is running on a separate Windows 7 PC. Since SEPM 14 must run on a server platform this will be disconnected.

    On the new Windows 2012 R2 Essentials server if I deleted SEPM 14.3 and installed SEPM 12.5 is there a way of copying / exporting via USB flash drive the client lists from the PC currently running SEPM 12.5 ?
    Right now I don't really want to move the Win7 PC with SEPM 12.5 onto the temporary network with the Windows 2012 R2 Essentials server.

    If so will SEPM 14.3 install as an upgrade retaining the settings ? Is this a better route ?

    Since all the updates to SEPM will be offline should Liveupdate be uninstalled or disabled ? For the latter if so how ?

    Again thanks in advance.
    Original Message


  • 7.  RE: SEP 12.1 Will Reach End of Standard Support Life on 3 April 2019

    Posted Dec 16, 2020 03:43 PM
    I have moved forward with this by changing the communication from HTTPS to HTTP on port 8014.

    Now exporting the communication package, extracting sylink.xml then importing to two clients Windows XP one running SEP 12.1 and one 12.1.5 via troubleshooting on the client SEP console the clients communicate with the SEPM 14.3 and appear in the correct client group.

    The virus definitions are not updating but I suspect the issue here is with using the right .jdb file(s). I will make a separate post enquiring which are the correct files to download.
    Original Message