Endpoint Protection

 View Only

  • 1.  Is there specific installation on SEP with ADC enabled?

    Posted Oct 04, 2016 04:55 AM

    Hey guys,

    Is there any files or registry that is unique to SEP clients that have Application and Device Control? Since there's no native logs on SEPM to tell who doesn't or does have ADC enabled, we though that maybe by checking the installation folder or registry. we can determine those that doesn't have ADC. I hope someone can tell us about this since this is our last resort.

    Thank you,



  • 2.  RE: Is there specific installation on SEP with ADC enabled?

    Posted Oct 04, 2016 06:44 AM

    You need to run a sql query to check that

    https://www.symantec.com/connect/forums/sepm-how-generate-clients-application-and-device-control



  • 3.  RE: Is there specific installation on SEP with ADC enabled?

    Posted Oct 04, 2016 07:24 AM

    The SQL query is here:

    https://www-secure.symantec.com/connect/forums/zero-day-flaws-found-symantecs-endpoint-protection-computerworld-article-73014-629am-et#comment-10365321

    As for the table, it very well may have been changed. You would need to refer to the 12.1.6 DB schema to verify and modify the query.



  • 4.  RE: Is there specific installation on SEP with ADC enabled?

    Posted Oct 04, 2016 07:55 AM

    I already tried this but I'm getting an error:

    Invalid object name 'V_AGENT_BEHAVIOR_LOG'.

    Maybe it is not applicable on 12.1.6mp5, considering that the post was from 2014?



  • 5.  RE: Is there specific installation on SEP with ADC enabled?

    Posted Oct 04, 2016 08:03 AM

    I checked the latest DB schema for 12.1.6 and that table still exists, however, the versions listed only go up to RU6 MP3 so it's possible something changed in MP5/MP6.



  • 6.  RE: Is there specific installation on SEP with ADC enabled?

    Posted Oct 05, 2016 12:39 AM

    So do you know what query to use for the 12.1.6mp5? Or we can just go back to my original idea, what file or registry key should I check to know if the ADC is enabled?



  • 7.  RE: Is there specific installation on SEP with ADC enabled?

    Posted Oct 05, 2016 08:40 AM

    Chekc your permissions on the DB table(s) you're trying to query. I have the same message and it's because I do not have the needed permissions.

    It looks like the table has changed to either AGENT_BEHAVIOR_LOG_1 or AGENT_BEHAVIOR_LOG_2



  • 8.  RE: Is there specific installation on SEP with ADC enabled?

    Posted Oct 11, 2016 04:16 AM

    Hi Brian,

    I tried checking the AGENT_BEHAVIOR_LOG_1 and 2, that the problem is the event_time column is not readable, which we need to know because there are so many duplicated hostname entries, we need the latest one based on time. Also we noticed that the AGENT_VERSION column from AGENT_BEHAVIOR_LOG_1 and 2 is not updated because the only listed entries on it are version 12.1.0.0 up to 12.1.4112.4156. Can you check from your side if you have 12.1.7004.6500 entry on the AGENT_VERSION column?

    Thank you,