Symantec Endpoint Protection

PsyOps

PsyOps

Pixelated
Any experts out there with SEPM?

We have a SEPM server running on Win2003 and our clients are XP Pro SP3. Clients are not getting updates from the server. The shield icon on the client shows a circle with a line through it rather than a green dot indicating it's not communicating with the server. On SEPM each client shows a green dot indicating this is talking to the clients but not the other way around. I have googled this to death. Any ideas?

BTW... this happened after our SAN server crashed and we had to rebuild it.

Thanks.
 
PsyOps

PsyOps

Pixelated
I forgot to mention that I can ping the server from each client, connectivity is not the problem.
 
E

EmptyTimCup

Guest
PsyOps said:
Any experts out there with SEPM?

Thanks.
Click to expand...



the "old" Symantec had a dat file you could open in note pad, and see the path to the update server ... .. alternately you could push out the clients, thereby reinstalling them and hopefully fixing the broken link

:buddies:
 
PsyOps

PsyOps

Pixelated
From everything we're seeing it appears to be a DCOM problem. Although COM+ services are running I think there some permission problems. Probably set in the resgistry.

Does anyone know of any specific settings for DCOM in GPO that would affect this?
 
clevalley

clevalley

...
We actually wound up getting away from Symantec Endpoint Protection because it was causing EXTREMELY long times in file copies to our file servers hosted in another building. Symantec Endpoint Protection has gotten WAY to big/bloated over the past few years, plus controlling their built-in firewall is almost non-existent.

We are migrating to Microsoft Security Essentials, and waiting on Forefront to come out with their management console. We are assuming the risk (very small) that we cannot look at a moments notice and give metrics to the FED, but we do have a workable solution in sight; we are waiting on Microsoft... :lol:

Also, some of the obscure problems we have seen with workstations here and there have gone away snice the removal, plus the login time has been cut in half.

Long and short, Symantec Endpoint Protection has tuned into a piece of crap...

Can you remove SEP and see if DCOM comes back around?
 
clevalley

clevalley

...
EmptyTimCup said:
the "old" Symantec had a dat file you could open in note pad, and see the path to the update server ... .. alternately you could push out the clients, thereby reinstalling them and hopefully fixing the broken link

:buddies:
Click to expand...

I believe newer versions of SEP (I think 10.5 +) has done away with that. :frown:
 
PsyOps

PsyOps

Pixelated
clevalley said:
We actually wound up getting away from Symantec Endpoint Protection because it was causing EXTREMELY long times in file copies to our file servers hosted in another building. Symantec Endpoint Protection has gotten WAY to big/bloated over the past few years, plus controlling their built-in firewall is almost non-existent.

We are migrating to Microsoft Security Essentials, and waiting on Forefront to come out with their management console. We are assuming the risk (very small) that we cannot look at a moments notice and give metrics to the FED, but we do have a workable solution in sight; we are waiting on Microsoft... :lol:

Also, some of the obscure problems we have seen with workstations here and there have gone away snice the removal, plus the login time has been cut in half.

Long and short, Symantec Endpoint Protection has tuned into a piece of crap...

Can you remove SEP and see if DCOM comes back around?
Click to expand...

I would pay good money to get of of Symantec. Unfortunately the Air Force sees them as the end-all for virus protection.
 
clevalley

clevalley

...
PsyOps said:
I would pay good money to get of of Symantec. Unfortunately the Air Force sees them as the end-all for virus protection.
Click to expand...

You are bound by THEM, huh? :lol:

I am not sure of why it is killing DCOM, never saw that happen - but as a test I would un-install SEP and see what happens to the workstation.

I'll ask around and if I hear of a like problem I will repost. Good luck. :smile:
 
PsyOps

PsyOps

Pixelated
Got the problem fixed. It ended being the ftp site (not symantec) was blocking us and there was a registry setting that tells the clients to talk to our server rather than the upstream server.

I appreciate the help.
 
Last edited:
E

EmptyTimCup

Guest
PsyOps said:
Does anyone know the Symantec ftp site I would configure in SEPM?
Click to expand...



my old boss was like that when I did consulting ... I tried to make the cast a newer and better product was on the market ( back in 05 Counter Spy was an up an comer)


he refused to consider, should we ever get sued because a client lost data because of a virus or spy-ware .... something about Symantec being an "Industry" standard :buddies:
 
PsyOps

PsyOps

Pixelated
clevalley said:
You are bound by THEM, huh? :lol:

I am not sure of why it is killing DCOM, never saw that happen - but as a test I would un-install SEP and see what happens to the workstation.

I'll ask around and if I hear of a like problem I will repost. Good luck. :smile:
Click to expand...

Turns out the DCOM problem was not affecting Symantec. Because the DCOM problem already existed we assumed it was causing our Symantec problem. There are a lot of posts on the intarvebs talking about DCOM errors when trying to run SEPM. Our problem with DCOM is when we try to scan computers with Retina. For some reason COM+ processes wont start properly. It's a permissions issue that is set somewhere in a registry entry. We just can't find where.

I'm just happy I got the Symantec problem fixed. Our network is safer now... For what that's worth :lol:
 
You must log in or register to reply here.
Top