We have issues with our e-mails being delayed to servers using symantech and messagelabs.com.
I found the previous post: https://www.symantec.com/connect/forums/emails-being-rejected-delayed-filtered-messagelabs
which suggests e-mailing investigation@review.symantec.com and submitting e-mails for investigation; however, this e-mail sends a kickback anytime I try sending samples. How do we get this issue corrected??
Hola buenas
Estoy implementando SEPM en mi empresa y todo perfecto. El problema es que por error deje abierta la politica de excepciones para algunos usuarios. Me gustaría poder saber que excepciones han creado los usuarios y como revertirlas, pero no consigo saber como. Hay alguna manera?
Un saludo y gracias
Hi,
One of my users encountered the below error when she sent an email to a client. There are no attachments in the email. The receiptient's email address has been whitelisted on our end too but we still have problems sending emails to them. I cannot so sure about this Private/Loopback Address error. Can anyone advise?
Delivery has failed to these recipients or groups:
zengyj@fineland.com.cn
A problem occurred during the delivery of this message. Please try to resend the message later. If the problem continues, contact your helpdesk.
Diagnostic information for administrators:
Generating server: server-5.bemta.az-c.us-east-1.aws.symcld.net
zengyj@fineland.com.cn
#< #5.4.6 smtp; 551 5.4.6 [internal] Private/Loopback Address> #SMTP#
Original message headers:
Return-Path: <clara.poa@shooklin.com>
Received: from [67.219.246.202] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits))
by server-5.bemta.az-c.us-east-1.aws.symcld.net id 4D/4B-19274-709EA9C5; Wed, 27 Mar 2019 03:07:51 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrPJsWRWlGSWpSXmKPExsVyum7CPV32l7N
iDD7M5LdY2r2N0WL/0UtsFv+fS1p0zVnDZrF7wWVmB1aPf6eesXice/KYyeP6zVVsAcxRrJl5
SfkVCawZ3yauYS3o/sJdcfnfb6YGxgf3ubsYuTiEBPYySvzf2MjSxcjJwSagITH9dw+YLSJgL
HFo10RmEJtZ4DaTxJobMl2MHBzCAoESt2aFQ5SESTxsWM8EYetJ7Hq6H8xmEVCVaNrYzw5i8w
r4Scw5PgdsDKOAmMT3U2uYIEaKS9x6Mh/MlhAQkXh48TQbhC0q8fLxP1YIW0ni0+l7zCB3Mgt
0Mkp8/viSDWKooMTJmU9YJjAKzEIyaxayullI6mYB3c0skCdxZpY9hKkpsX6XPkSrosSU7ofs
ELaGROucueyY4roS0yccYYKJz17+ihFi1WJGiUU3X7JAJHQk5hzexIKpWUdi5s4bcPHjR68yw
TWfnLafEaao/c1JZmTNCxiFVjGaJhVlpmeU5CZm5ugaGhjoGhoa6ZrqGpvrJVbpJuuVFuumJh
aX6BrqJZYX6xVX5ibnpOjlpZZsYgQmmJQCVtUdjOu70g8xSnIwKYnyfrg0K0aILyk/pTIjsTg
jvqg0J7X4EKMMB4eSBO/PZ0A5waLU9NSKtMwcYKqDSUtw8CiJ8GqApHmLCxJzizPTIVKnGC05
Dix6OJeZo+MViNzz6/FcZiGWvPy8VClxXsXnQA0CIA0ZpXlw42Dp+BKjrJQwLyMDA4MQT0FqU
W5mCar8K0ZxDkYlYd5tIGt5MvNK4La+AjqICeggya7pIAeVJCKkpBoYuZjkT+Vvbft2RaP/5S
fvNKtp0w/ZH5fYciLN5ojOdQ3uFzrHGl8VbPyXxbO8TJ0vMpqtlF2hqtT6udKNc9oljll72f/
6/3wqFJ+zr3Lzssi35U+vBmfo/nC+nR9YqenvP9Gt76Ff3p/dfHvVIpdtbJj09bzVZKaSh7MP
Xjaem830tsLezahbiaU4I9FQi7moOBEA9PJHuMIDAAA=
X-Env-Sender: clara.poa@shooklin.com
X-Msg-Ref: server-16.tower-410.messagelabs.com!1553656066!5280080!1
X-Originating-IP: [203.126.144.222]
X-SYMC-ESS-Client-Auth: outbound-route-from=pass
X-StarScan-Received:
X-StarScan-Version: 9.31.5; banners=shooklin.com,-,-
Received: (qmail 25395 invoked from network); 27 Mar 2019 03:07:49 -0000
Received: from unknown (HELO SLBMAIL.shooklin.com.sg) (203.126.144.222)
by server-16.tower-410.messagelabs.com with DHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 27 Mar 2019 03:07:49 -0000
Received: from SLBMAIL.shooklin.com.sg ([fe80::3d42:ed3:fe8e:8971]) by
SLBMAIL.shooklin.com.sg ([fe80::3d42:ed3:fe8e:8971%24]) with mapi id
14.03.0439.000; Wed, 27 Mar 2019 11:07:45 +0800
From: Clara Poa <clara.poa@shooklin.com>
To: =?utf-8?B?6buO5qGC6LSk?= <ligx@fineland.com.cn>
CC: "scarlet.feng@sidley.com"<scarlet.feng@sidley.com>, Melissa Huang
<melissa.huang@shooklin.com>, "GFDCM@gfgroup.com.hk"<GFDCM@gfgroup.com.hk>,
Gan Cheng Kai <chengkai.gan@shooklin.com>, "SidleyProjectOrient@sidley.com"
<SidleyProjectOrient@sidley.com>, =?utf-8?B?5pu+546J5ZCb?=
<zengyj@fineland.com.cn>, Clara Poa <clara.poa@shooklin.com>
Subject: =?utf-8?B?UHJvamVjdCBPcmllbnQg4oCTIFNHWCBGZWVzIOaWsOS6pOaJgOi0ueeUqA==?=
Thread-Topic: =?utf-8?B?UHJvamVjdCBPcmllbnQg4oCTIFNHWCBGZWVzIOaWsOS6pOaJgOi0ueeUqA==?=
Thread-Index: AdTkSjWg9RAcJNO7TdSUSrP06uTBtg==
Date: Wed, 27 Mar 2019 03:07:44 +0000
Message-ID: <62B77E66EF46774E9166D16CA83ECB6618182A30@SLBMAIL.shooklin.com.sg>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.16.160]
Content-Type: text/plain
MIME-Version: 1.0
Thanks.
Hello,
We have a SEPM (Symantec Endpoint Protection Manager) version - 14.2.1031.0100 configured for a customer.
This environment has both Windows and Linux servers on which Symantec AV is installed and configured.
No issues are being faced for Windows, but we are facing Reporting challenges for LINUX (RHEL) Servers.
1) The customer has access to the SEPM and can see the reports by himself.
In one of the "Computer Status Logs" Report, the customer says that "only Auto Protect is seen Enabled and rest all are seen as - Not Installed, No Status Reported & Unavailable. Does this mean that the Anti virus which has been installed on LINUX servers are incomplete?"
Even though, on Linux server Auto-Protect is Enabled, then reporting for only Auto-Protect should be shown.
The other options should either be -> Greyed-Out OR should be marked as hyphen OR should have NAwritten. This will make sure that the other options are NOT available for LINUX and thus our customer will not think on it much.
2) Is there any option for HIPS report in Symantec where it will show the exact date and time for any activity seen and blocked by HIPS.
(screenshot of exact issue, has been attached for your assistance)
Requesting your actions on this.
Regards,
Sudarshan
I'm new to using Ghost Solution Suite. I recently created a hot image of a Windows 7 and stored it on my GSS share. I've made some changed to the machine since the hot image and now I want to restore the PC using my hot image .gho file.
Does anyone have any advice for a GSS rookie? Thanks in advance!
Hi All,
I am in need of a SQL report which will fetch below fields.
Computer Name, OS Name, Bulletin Name, Update Name, Release Date, Reboot Status, Installed Status.
The intention of this report is to determine all pending/not installed patches on a group of machines or a collection/filter. I have found one similar report by going through Compliance By Computer --> Right Click on any machine and choose View Applicable/Not Installed Updates.
Unfortunately this report is not be editable and shows report for only one machine at a time, and does not show Reboot status.
Please help me out in creating a report which will help greatly to improvise patch compliance issue in our environment.
Thanks.
We have Enforce and Detection Server on version 15.0.0100.01063. Does this support DLP agent version 15.1 MP1 and greater?
Iam testing the version 15.5 and Iike to add another endpoint server but the status in the enforce server is "Unknown"
The single tier server was create in a W2008 and the second endpoint server using a W10 computer.
Additional the W2008 stay in vlan 10.99.220.xxx and the W10 stay in vlan 10.99.116.xxx
How can be the problem ? I need to do some additional configuration?
Pessoal, estou tendo um problema, toda vez que clico em check in project e clico no servidor para selecionar a pasta que ira salvar o projeto. porem aparece erro de InsufficientPrivilegeException .
**
Guys, I'm having a problem every time I click check in project and click on the server to select the folder that will save the project. however InsufficientPrivilegeException error appears.
Need to know if SYMC DLP is able to support macOS Mojave 10.14 with Office versions 16.21 with System Integrity Protection enabled.
Can we still see Send Mail events from Outlook? Will the event include sender, recipient, subject like normal?
Can we still see File Print and Copy/Paste from any Office app for example Word?
Dear,
In reference to this KB https://support.symantec.com/en_US/article.TECH131045.html the version 14.0.1 is not compatible with Mojave (10.14) and my environment some mac have installed the mojave version.
In this case , is possible to install the sep client ? what feature are not available for this issue?
Environment: Windows 7 Professional 64-bit, SEP 14.2 MP1 on UNMANAGED client(s)
Issue: It appears that SEP 14.2 incorrectly identifies our hardware ethernet connection as a VPN connection. We see traffic flowing through the Allow VPN firewall rule even though there is no VPN on the UNMANAGED client(s). These clients have no access to the SEPM
Any ideas?
Before installing Symantec MSI on new PCs (no present in SEPM) , the preferredGroup in the Sylink file is changed. Once installed, the SEP client stays always in the default group.
I can't find why this is happening. Checking the registry keys for Sylink, current group is defualt group and preferred group is the group I configured.
Having over 30000 Clients and many Groups, the only way to get the Clients in the right place, is editing the Sylink.xml before Installation.
It is only happening 14.2. It was not happening with 14.0 MSI
Hi,
I have tried, unsuccessfully, to find a way to protect quarantine traffic between scanner and control center. Could someone comment on whether this is possible at all, and how?
Thanks a lot.
Paul
Hi All, we have been experiencing frequent proxy authentication issues before the ideal timeout in order to access the internet. Purpose ********** In order to provide exceptional access to the developers and other users enabled proxy authentication with SSL interception enabled(which is mandate) Follow below steps and rules applied in proxy **************************************************** Whitelisted the proxy virtual link in IE intranet sites and also applied similar changes in mozilla as cascaded in the KB article. https://origin-symwisedownload.symantec.com/resour... Set idle time out for 2hrs (But users will get prompt/to switch to the new tab within 30 mins even though if we have the active session) we have logged many cases with the support but no luck ,Trying the last option by using forum as it is major issue for the most of the developers ! This is because either user have to switch to the new tab in the same browser or go back to IE to access internet Please let us know what is best practice that is being followed in other company networks which will help us a lot in saving of our time and pressure. Thanks in advance Regards, Praveen
Hi Team
One of my customer is looking for security for MIcrosoft Dynamics CRM(Saas).
Use cases that customer wants to achieve:
1. He wants only official laptops shoud be allowed to use Microsoft Dynamics CRM.
2. Any ouside machine which tries to use Microsft dynamics CRM should be blocked.
Please let me know whether CASB for SaaS is right fit for customer. WIll i achieve above two use cases with CASB for Saas model.
Similar to other requests about legitimate emails being blocked by MessageLabs, it looks like some of your MX hosts are blocking testing from CheckTLS.com (see below, 5 of 8 are blocked). Either that or you have some failing MX hosts.
I understand why your automated systems may see testing from CheckTLS as a threat.
CheckTLS users, which include some of the largest financial institutions, health systems, insurers, and law offices world wide, do thorough testing of domains, some of which are protected by MessageLabs. These tests probe every MX they can find looking at security. No test ever actually sends an email (we have a strong abuse policy).
CheckTLS has been testing for 9 years, growing 50% per year, and is reaching critical mass in the industry. We do over a million tests a month now.
But from MessageLab's viewpoint, you see more and more tests, targeting every one of your hosts, that never send an email. I suspect this looks like an attack to you.
Let me assure you, these tests are not an attack. They are not a threat. In fact, they are good for MessageLabs and Symantec. It means more and more people are checking you out.
These are either paying customers verifying that MessageLabs is doing what they say they do, or
outside companies who email MessageLabs paying customers who are verifying that MessageLabs is secure, or
potential MessageLabs customers who are looking at how MessageLabs works.
All this long message is to respectfully request that MessageLabs and Symantec white list CheckTLS.com. In as many places as you can. We do not send email, we do not spam, we are not a hacker site. Our users only have access to the test we publish on our web site.
Please contact me personally if you have any questions or concerns.
Thank you.
--- Steve Shoemaker
Principal, CheckTLS
MX Server | Pref | Answer | Connect | HELO | TLS | Cert | Secure | From |
cluster1.eu.messagelabs.com | 10 | OK | FAIL | FAIL | FAIL | FAIL | FAIL | FAIL |
cluster1.eu.messagelabs.com | 10 | OK | FAIL | FAIL | FAIL | FAIL | FAIL | FAIL |
cluster1.eu.messagelabs.com | 10 | OK | FAIL | FAIL | FAIL | FAIL | FAIL | FAIL |
cluster1.eu.messagelabs.com | 10 | OK | FAIL | FAIL | FAIL | FAIL | FAIL | FAIL |
cluster1.eu.messagelabs.com | 10 | OK | FAIL | FAIL | FAIL | FAIL | FAIL | FAIL |
cluster1a.eu.messagelabs.com | 20 | OK | OK | OK | FAIL | FAIL | FAIL | OK |
cluster1a.eu.messagelabs.com | 20 | OK | OK | OK | FAIL | FAIL | FAIL | OK |
cluster1a.eu.messagelabs.com | 20 | OK | OK | OK | FAIL | FAIL | FAIL | OK |
Average | 100% | 38% | 38% | 0% | 0% | 0% | 38% |
What does this error message mean? And how can I resolve this?
03/28/19 08:33:01 [0x000003dc] WARN EventConnector.DCNAMEHERE Could not get last update query time from Enforce. Error: 404_0002: No Ip User Mapping found for domain controller host: DCNAMEHERE [EventConnector.cpp(309)]
Dear,
Only its possible to create a deployment package when I can select "Install feature Set" or "Install Setting" for Windows? for mac OS the only way is after the sep client is installed in the macOS I have to run the SylinkDrop for mac to assign to the current OU?
The best way is create a OU in the Active directory and later add the setting for the sepm console?
There is another consideration for mac computer and SEPM?
I have SEP 14.0.2349.0100 running on 2012 windows servers. Every day I get a notice from at least one of the servers stating "Reputation check for unproven files failed because of network errors for the last 3 days."
I am sitting behind a proxy server, but I found this website (https://support.symantec.com/en_US/article.TECH162...) that lists all the exclusion addresses. I added https://*symantec.com to my proxy's exclusion list so that should cover all of them, but I'm still getting the message. The clients have internet connectivity just fine. Everything else (virus defs, etc) update just fine. Any ideas?
