Hi I have problem with GUP I will tell detail below

first I install SEPM at HQ between HQ and remote site connect by leased line can ping and communication normally

so I install SEP at remote site and assign policy GUP to them like this

and status GUP is True

problem is when GUP try to download content from SEPM it have error like this:

2017/09/01 11:16:52.568 [1636:3276] GUProxy - Content-Availability-Time: (60)
2017/09/01 11:16:52.588 [1636:3800] CAsyncHttpConnection::Close - Request: HttpSendRequest; CtrlBlk: 06FF3F00 time: 0
2017/09/01 11:16:52.588 [1636:3800] SyLinkEventFunc - EVENT_LU_REQUIRE_STATUS: Calling QueryContentSeqData with Moniker: {A78E095A-8FED-4937-9D5C-0B6C20EA696C} Target Sequence: 170801034
2017/09/01 11:16:52.588 [1636:3800] LuMan: Entering QueryContentSeqData: {A78E095A-8FED-4937-9D5C-0B6C20EA696C}, 170801034
2017/09/01 11:16:52.588 [1636:3800] LuMan: QueryContentSeqData result: 0x20010006
2017/09/01 11:16:52.588 [1636:3800] SyLinkEventFunc - EVENT_LU_REQUIRE_STATUS: QueryContentSeqData returned CMC_CONTENTUPDATE_NEEDED(536936454)
2017/09/01 11:16:52.588 [1636:3800] SyLinkEventFunc - EVENT_LU_REQUIRE_STATUS: No cached content information was returned. Request full package
2017/09/01 11:16:52.588 [1636:3800] GUProxy: find the downloading which should be cancelled.
2017/09/01 11:16:52.588 [1636:3800] GUProxy: erase the downloading /content/{A78E095A-8FED-4937-9D5C-0B6C20EA696C}/170801034/Full.zip
2017/09/01 11:16:52.588 [1636:3800] GUProxy: SetDownloadStatus for /content/{A78E095A-8FED-4937-9D5C-0B6C20EA696C}/170801034/Full.zip status 8
2017/09/01 11:16:52.588 [1636:3800] GUProxy: Current GUP 10.21.71.97 staus is 1
2017/09/01 11:16:52.588 [1636:3800] GUProxy: GUP 10.21.71.97 chosen
2017/09/01 11:16:52.588 [1636:3800] AH: Setting the Browser Session end option & Resetting the URL session ..
2017/09/01 11:16:52.588 [1636:3316] GUProxy: accepted socket 9004 for 10.21.71.97 port 49482
2017/09/01 11:16:52.588 [1636:3284] GUProxy: Begin to handle accepted socket 9004
2017/09/01 11:16:52.588 [1636:3284] GUPROXY - GUProxy HTTP in - GET /content/{A78E095A-8FED-4937-9D5C-0B6C20EA696C}/170801034/Full.zip
2017/09/01 11:16:52.588 [1636:3284] GUPROXY - GUProxy File - /content/{A78E095A-8FED-4937-9D5C-0B6C20EA696C}/170801034/Full.zip
2017/09/01 11:16:52.588 [1636:3284] GUPROXY - GUProxy mangled file - #content#{A78E095A-8FED-4937-9D5C-0B6C20EA696C}#170801034#Full!zip
2017/09/01 11:16:52.588 [1636:3284] GUProxy - Add request into download queue.
2017/09/01 11:16:52.588 [1636:3244] GUPROXY - GUProxy - TARGET_IP: - 172.16.0.99;
2017/09/01 11:16:52.588 [1636:3244] GUProxy - GET SEPM info from SYLINK(1) ,GET /content/{A78E095A-8FED-4937-9D5C-0B6C20EA696C}/170801034/Full.zip  BEGIN with 15757,total with 303
2017/09/01 11:16:52.608 [1636:3244] GUProxy - DownloadThread: 15454 bytes need to be resumed
2017/09/01 11:16:52.608 [1636:3244] GUProxy - DownloadThread() max abort times will use the default value
2017/09/01 11:16:52.608 [1636:3244] GUProxy - Download loop, remain 15454 bytes to download
2017/09/01 11:16:52.618 [1636:3244] GUProxy - **downloadHelper.CreateUrlRequest Faile GET://172.16.0.99:8014/content/{A7i8E095A-8FED-4937-9D5C-0B6C20EA696C}/170801034/Full.zip
, begin from 0 with size 15454

and apache log from SEPM look like this :

(I have more then 1 GUP log error is same differance at url,ip,port)

[Fri Sep 01 11:15:19.022233 2017] [mpm_winnt:error] [pid 5544:tid 4528] (OS 64)The specified network name is no longer available.  : [client 10.21.71.97:49487] Thread(7428) TransmitFile failed, socket: 05432, Threads ready: 498, URI: GET /content/%7B5A7367E1-D1F6-43b5-BD94-4AFFA896D724%7D/161121023/Full.zip HTTP/1.1

I also test GUP and SEPM connect

GUP can access SEPM:8014/content/contentinfo.txt

and SEPM can access GUP:2967/content/contentinfo.txt but this is empty page because GUP can't download it from SEPM

in SharedUpdate have file but it size about 1KB

I'm also try to access url 172.16.0.99:8014/content/{A7i8E095A-8FED-4937-9D5C-0B6C20EA696C}/170801034/Full.zip from GUP and it download full.zip

I try to uninstall and install it for few time it not fix

SEPM version is 

install it in windows server 2008 r2

and SEP that act as GUP is 14.0.2415.0200 generate from SEPM install in win7 close UAC already

i think problem is **downloadHelper.CreateUrlRequest Faile but no idea why this happen Anyone found this problem plese tell me how to fix it : )

Thank you

Hello,

we currently have the problem that our customer can't send E-Mail to one of their suppliers. Our new mailserver that we recently moved to was on a symantec blacklist and we managed to get it removed from there (http://ipremoval.sms.symantec.com/lookup/) but the suppliers mailserver keeps sending the error: 501 Connection rejected by policy [7.7]

Can you help me to get our mailservers IP [85.214.68.151] removed from all blacklists? 

Thank you,
ggt-soft

Is it possible to request 2FA for Windows RUNAS (privilege escalation) using Windows Credential Provider integration?

Dear Support,

We had a former technician who installed trial license for symantec endpoint protection 14 manager on our server but he is no longer with us. We intend to pay for permannet 10 user license but the problem is that we can't login to the SEPM console becuase no one has the login credentials to the manager.

I intend uninstalling SEPM, SEP and live updates and start installation afresh.

I would like someone to advice if this will be a possible solution to the issues we are having or if there is a better way to resolve this kindly let me know.

Regards

Udensi

Hello,

We are currently having an issue with 2 new VPS. All our clients who are sending to emails to some of their recipients are receiving the following message:

SMTP error from remote mail server after initial connection: 501 Connection rejected by policy [7.7] 3911, please visit www.messagelabs.com/support for more details about this error message.

The IPs are: 93.190.137.192 and 93.190.137.218

We have just ordered these servers and started using these IPs. It looks like these IPs have been blacklisted previously by the old owner. We have checked with http://ipremoval.sms.symantec.com/lookup/ and the tools says: "does not have a negative reputation and therefore cannot be submitted for investigation. " but our clients keep receiving the 501 error.

Can someone please investigate to whitelist these two IPs.

Thanks.

Vince.

The public cloud offers undeniable benefits for organizations including agility, cost savings, and competitive advantages. In fact, some enterprises are choosing to abandon their on-premises data centers altogether and go “all-in” with the public cloud. The reality, however, is that most companies are pursuing a “hybrid” approach, using a combination of public cloud, private cloud, and on-premises resources and infrastructure to deliver applications and services to their employees and customers. But how can you efficiently protect all of your workloads against the latest data breach threats and ransomware attacks across such diverse environments and infrastructures? Tune in to our webcast and learn:

•          How to discover, secure, and monitor all of your hybrid cloud workloads from a single console

•          How to respond to alerts and update policy across your hybrid cloud without hiring an army of experts

•          How to manage virtualized and physical on-premises servers protected by Symantec Data Center Security (DSC) agents from the Cloud Workload   Protection (CWP) console​

Speaker: Dan Frey, Senior Manager, Product Marketing, Symantec

I got the latest standalone client SEP 14 build 2415 installed.

When trying to open device manager either from windows 10 start menu or anywhere else, it takes it 2-3 seconds to open up, on my high end computer.

Before installing SEP client it launched instantly. I uninstalled it to test, rebooted and again it launches instantly.

I tried to have it installed and disabled it from the taskbar, but the device manager is still launching in 2-3 seconds.

I tested this on multiple computers with completely different hardware and was able to reproduce this issue on all.

Why is SEP slowing down the machines so badly?

I have been struggling for a while with a memory leak in non-paged pool on a number of computers belonging to an industrial SCADA system. Using "Driver Verifier", I've been able to trace the leak to two driver files belonging to SEP: symefasi.sys and symtdi.sys. The computers are running XP and Server 2003, and because those OS'es have a rather limited non-paged pool (256MB), it gets exhausted after approximately 100 days. This will eventually cause the computer to either respond extremely slow or even crash completely.

The SEP version in use is 12.1.7166.6700 (12.1 RU6 MP7)

Unfortunately, upgrading the operating systems is at the moment not an option.

I can't find anything about correcting for memory leaks in the release notes for the later version 12.1.6 MP8.

Does anyone have a suggestion on how to solve this issue?

Whenever I have SEP 14 MP1 (2332) or MP2 (2415) "Proactive Threat Protection" installed and an active network connection (tried wireless and wired WAN. Didn't try just LAN), any system I tried is running much slower than usual. Most programs take seconds to launch, instead of instantly.
This happens on any windows 10 1703 x64 system that I tested (multiple configurations, including vanilla WIN 10 Creators Update systems), so can be easily reproduced.

As a workaround, I am able to eliminate the performance issues by:
1) Uninstalling the "Proactive Threat Protection" module. This completely restores performance.
2) Disconnecting from the internet wired or wiresless connection. This almost completely restores performance.

An easy way to test this is by opening up "device manager" from the start menu search or from cortana search. Typically it should launch instantly, but it can take 2-10 seconds (depends on the machine I tested) with "Proactive Threat Protection" module and an active internet connection.

Is there any other way to fix this without uninstalling PTP module or disabling the connection?

Hi, comunity.

My apologizes if this is no correct place to do this question.

I'm doing a comparative document and I need know, what are the differences between the Microsoft RMS and Symantec Encryption Management Server with Desktop Email Encryption.

thanks 

After the SCU patch, we try to scan linux servers and the error prompt "[Field] not found: [Unix.Machine.DOCKERVERSION]". Can anyone help how to exclude this docker version check?

Thanks.

Good day,

simple question: Will SECS work with Exchange 2016?
The latest Implementation Guide I could find is: https://support.symantec.com/en_US/article.DOC8042.html
It only covers Exchange until Version 2013.

Best regards
Daniel

Hi,

From a few days ago, I can´t see the agents on Agent List (System > Agents > Overview > Agent List)

This problem only occurs with my admin user. If I try to connect with other admin user the agents appear on the Agent List. This isn't a connexion problem with the Endpoint Server.

Regards.

Hi

I have a question regarding the ProxyAV. I do not know if this is the right forum. 
The old Blue Coat forums used to have a section dedicated to ProxyAV & CAS as far as I can remember.

We have a proxy policy with malware scanning for all traffic by default, the Blue Coat Proxy is connected to a ProxyAV. 
Password protected Archives are blocked.

When trying to download a password protected PDF we get one of three different outcomes:

Success - File is downloaded
Failure - Exception log message 1 below 
Failure - Exception log message 2 below

All these three different results occured for the same file, namely:
http://www.novapdf.com/uploads/novapdf_en/media_items/pdf-example-password.original.pdf

What could be the explaination for getting different results for the samt file (no change in policy)?
How can a PDF trigger an archive error?
The policy to block password protected archives, is that supposed to block password protected PDFs also? 

Log message 1 (excerpt):
URL: http://www.novapdf.com/uploads/novapdf_en/media_items/pdf-example-password.original.pdf
ATEXT=Cause: File is password protected (engine error code: 0x000A0000)
File has been dropped.

Log message 2 (excerpt):
URL: http://www.novapdf.com/uploads/novapdf_en/media_items/pdf-example-password.original.pdf
ATEXT=Cause: Maximum total files in archive exceeded (engine error code: 0x00070000)
File has been dropped.

I'm getting the above message from messagelabs.com.  I have completed a blacklist check with MXToolBox and a reputation check on Cisco Talos.

IP Address in question 50.73.29.85

log file entry:

Mon 2017-09-04 16:30:51.135: 01: Parsing message <e:\mdaemon\queues\remote\retry\pd90000000213.msg>
Mon 2017-09-04 16:30:51.135: 01: *  From: sziegler@haverfield.com
Mon 2017-09-04 16:30:51.135: 01: *  To: scott.cantor@pnc.com
Mon 2017-09-04 16:30:51.135: 01: *  Subject: RE: 2016 Financiaks
Mon 2017-09-04 16:30:51.135: 01: *  Size (bytes): 577461
Mon 2017-09-04 16:30:51.135: 01: *  Message-ID: <65fa57ce.1d325ac.11329910.43eb@haverfield.com>
Mon 2017-09-04 16:30:51.135: 05: Resolving MX record for pnc.com (DNS Server: 192.168.1.10)...
Mon 2017-09-04 16:30:51.306: 05: *  P=010 S=000 D=pnc.com TTL=(6) MX=[cluster5.us.messagelabs.com]
Mon 2017-09-04 16:30:51.306: 05: *  P=020 S=001 D=pnc.com TTL=(6) MX=[cluster5a.us.messagelabs.com]
Mon 2017-09-04 16:30:51.306: 05: Attempting SMTP connection to cluster5.us.messagelabs.com
Mon 2017-09-04 16:30:51.306: 05: Resolving A record for cluster5.us.messagelabs.com (DNS Server: 192.168.1.10)...
Mon 2017-09-04 16:30:51.306: 05: *  D=cluster5.us.messagelabs.com TTL=(14) A=[216.82.242.34]
Mon 2017-09-04 16:30:51.306: 05: *  D=cluster5.us.messagelabs.com TTL=(14) A=[216.82.241.195]
Mon 2017-09-04 16:30:51.306: 05: *  D=cluster5.us.messagelabs.com TTL=(14) A=[216.82.250.83]
Mon 2017-09-04 16:30:51.306: 05: *  D=cluster5.us.messagelabs.com TTL=(14) A=[216.82.242.147]
Mon 2017-09-04 16:30:51.306: 05: *  D=cluster5.us.messagelabs.com TTL=(14) A=[216.82.250.99]
Mon 2017-09-04 16:30:51.306: 05: *  D=cluster5.us.messagelabs.com TTL=(14) A=[216.82.251.35]
Mon 2017-09-04 16:30:51.306: 05: *  D=cluster5.us.messagelabs.com TTL=(14) A=[216.82.251.36]
Mon 2017-09-04 16:30:51.306: 05: *  D=cluster5.us.messagelabs.com TTL=(14) A=[216.82.251.37]
Mon 2017-09-04 16:30:51.306: 05: *  D=cluster5.us.messagelabs.com TTL=(14) A=[216.82.250.51]
Mon 2017-09-04 16:30:51.306: 05: *  D=cluster5.us.messagelabs.com TTL=(14) A=[216.82.242.131]
Mon 2017-09-04 16:30:51.306: 05: *  D=cluster5.us.messagelabs.com TTL=(14) A=[216.82.242.37]
Mon 2017-09-04 16:30:51.306: 05: Randomly picked 216.82.250.51 from list of possible hosts
Mon 2017-09-04 16:30:51.306: 05: Attempting SMTP connection to 216.82.250.51:25
Mon 2017-09-04 16:30:51.306: 05: Waiting for socket connection...
Mon 2017-09-04 16:31:12.244: 04: *  Socket error 10060 - The connection timed out.
Mon 2017-09-04 16:31:12.244: 05: *  216.82.250.51 added to connection failure cache for 5 minutes
Mon 2017-09-04 16:31:12.244: 05: Attempting SMTP connection to cluster5a.us.messagelabs.com
Mon 2017-09-04 16:31:12.244: 05: Resolving A record for cluster5a.us.messagelabs.com (DNS Server: 192.168.1.10)...
Mon 2017-09-04 16:31:12.244: 05: *  D=cluster5a.us.messagelabs.com TTL=(14) A=[216.82.251.230]
Mon 2017-09-04 16:31:12.244: 05: *  D=cluster5a.us.messagelabs.com TTL=(14) A=[85.158.139.103]
Mon 2017-09-04 16:31:12.244: 05: Randomly picked 85.158.139.103 from list of possible hosts
Mon 2017-09-04 16:31:12.244: 05: Attempting SMTP connection to 85.158.139.103:25
Mon 2017-09-04 16:31:12.244: 05: Waiting for socket connection...
Mon 2017-09-04 16:31:12.354: 05: *  Connection established 192.168.1.16:4239 --> 85.158.139.103:25
Mon 2017-09-04 16:31:12.354: 05: Waiting for protocol to start...
Mon 2017-09-04 16:31:12.463: 02: <-- 220 server-14.tower-558.messagelabs.com ESMTP
Mon 2017-09-04 16:31:12.463: 03: --> EHLO haverfield.com
Mon 2017-09-04 16:31:12.573: 02: <-- 250-server-14.tower-558.messagelabs.com says EHLO to 50.73.29.85:4239
Mon 2017-09-04 16:31:12.573: 02: <-- 250-STARTTLS
Mon 2017-09-04 16:31:12.573: 02: <-- 250-8BITMIME
Mon 2017-09-04 16:31:12.573: 02: <-- 250 PIPELINING
Mon 2017-09-04 16:31:12.573: 03: --> STARTTLS
Mon 2017-09-04 16:31:12.682: 02: <-- 220 2.0.0 continue
Mon 2017-09-04 16:31:13.135: 05: SSL negotiation successful (TLS 1.0, 2048 bit key exchange, 128 bit RC4 encryption)
Mon 2017-09-04 16:31:13.135: 03: --> EHLO haverfield.com
Mon 2017-09-04 16:31:13.244: 02: <-- 250-server-14.tower-558.messagelabs.com says EHLO to 50.73.29.85:4239
Mon 2017-09-04 16:31:13.244: 02: <-- 250-8BITMIME
Mon 2017-09-04 16:31:13.244: 02: <-- 250 PIPELINING
Mon 2017-09-04 16:31:13.244: 03: --> MAIL From:<prvs=14201c4baf=sziegler@haverfield.com>
Mon 2017-09-04 16:31:13.354: 02: <-- 250 2.0.0 MAIL FROM accepted
Mon 2017-09-04 16:31:13.354: 03: --> RCPT To:<scott.cantor@pnc.com>
Mon 2017-09-04 16:31:13.463: 02: <-- 421 Service Temporarily Unavailable
Mon 2017-09-04 16:31:13.463: 03: --> QUIT
Mon 2017-09-04 16:31:13.463: 01: *  This message is 0 days old; it has 2 days left to get delivered
Mon 2017-09-04 16:31:13.463: 04: SMTP session terminated (Bytes in/out: 350/227)
Mon 2017-09-04 16:31:13.463: 01: ----------

Any Help would be greatly appreciated.

Thanks

Hi

Today it was discovered that the policy had stopped working. Global change was just an update to 14 mp2.

Any ideas why it happened?

thnx.

New admin in DLP and migrating from an old DLP 11 version to DLP 14.5 and the IM's for the Endpoint is missing the checkbox while the Network is still there when trying to create the new policy rule for "Protocol or Endpoint Monitoring". Checked the agent configurations between the two and it is available in 11 but not in 14. Tried searching for a release note on this and haven't found it yet.

Was this removed in 14? Seems it was in 12. Or is there another place to enable IM for the Endpoints?

Hi,

I recently uninstalled an agent from machine and installed a newer agent and after restarting machine I am stuck and the screen says, "Loading drivers...".  Does anyone know how to resolve this issue?

Thanks,

Lorenzo

I tried to uninstall DLP agent using the "msiexec /x {GUID}.... All went well on client side, looking at services EDPA and WDPA all are remove.

Question: Do I need to remove on SDLP console? Per looking the agent was not remove..

We're looking at deploying endpoint encryption for a client with visually impaired users.  I can find references to F5 pre-boot audible tones in documents about older versions but no mention of this feature in the current version. do they still exist in the current version?

also, there is mention of the versions of SQL that are supported but no indication that SQL is included in the product - does this have to be purchased seperately?

many thanks.