Endpoint Protection

Hi 

   I have updated SEPM to 14.0.1904. When i install client on windows 10 (had previously SEP Client 12 installed), i am unable to ping, RDP, or login with new account at all. seems like it disable network card. But when i login as cache crendential, ipconfig from comptuer, getting right ip. 

Policy was imported from SEPM 12 TO SEPM14, so there is no changed on policy.

RDP and ping enable in policy as shown below. Any help???

What shows in the Traffic log on the client? Any blocks related to this? You may need to enable logging on the very last rule in the stack.

Also let us know what first rule say?

I looked under following below all logs, and they are like 0 kb size file.

C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.x.\Data\Logs

If i disable SEP on client site, everythign works fine.

 

Hi,

 

What Brian means to say is enable the log for your 11th rule which allows ping requests.

Also have you checked the first rule?

They are likely 0 KB in size because they're currently in use. 

Check the Traffic log from the SEP GUI, it will make this much easier. 

Also, I'm referring to the very last rule in the stack. 'Block all other traffic and do no log' Set it to log.

You may need someone to remote in to see what's going on so you may need to open a case.

Hi Brian and Savitar,

 Appreciate your reply. i looked in Traffic log from GUI and it is blank. 

When i ran ipconfig, i am getting ip and dns fine. but seems like it blocks all traffic, so no new user can login, i can't ping out or in.

Seems like it is not even getting any policy from SEPM at all.

Brian said "I'm referring to the very last rule in the stack. 'Block all other traffic and do no log' Set it to log"

Would you please let me know where can i found this rule.

 

I do need to open a case with SEP Admin, any procedure i need to follow.

 

 

This is in the firewall policy on SEPM

ok thanks, but i don't think it is even checking SEPM polic. As soon i upgrade from 12 to 14, It is just lock down. I looked in SEPM for this computer and didn't find active one.

If you disable only the firewall component, does it work?

if i disable firewall, it works,...this is area i have disable firewall, if this looks good

Is the Base Filtering Engine service in Windows running?

Yes it is running

SEPM version i have is Version 14 build 1904 (14.0.1904.0000), is this the current version? because i ran the update and there is no update found.

You're running 14 RTM, which is one version behind. The latest version is 14 MP1:

http://www.symantec.com/docs/TECH154475

The fix notes for 14 MP1 don't seem to indicate this is any kind of bug:

http://www.symantec.com/docs/INFO4193

...but I suppose trying the MP1 client to see if that works would be a quick way to check. You can install the latest client version without needing to upgrade your SEPM to 14 MP1.

Additionally, you could follow the steps in this KB article:

http://www.symantec.com/docs/TECH203497

...to see if it helps narrow it down.

Hi Brian thx for sharing these documents. 

1. How can i update latest SEPM, i ran liveupdate on SEPM but it didn't update?

2. how can i update client to latest build?

3. Last document is exact situation i am getting when i install update SEP 14 client. I will read this document more in detail.

 

thx

Running liveupdate doesn't upgrade SEPM or SEP clients. You need to download​ the latest release from FileConnect. Upgrade info is here: http://www.symantec.com/docs/HOWTO80759