Unlimited Giveaway Symantec Endpoint Unmanaged without time limit

[Vitali Ortzi]

Perhaps not so clever question, but will Windows Firewall be disabled?

By default yes but you shouldn't have any issues using both in case you are too lazy to import them since I have no knowledge of an automated firewall policies migration from defender firewall.

Anyway you should be warned running both firewalls at the same time since it might create conflicts and performance degradation as well as the vender Broadcom doesn't recommend doing it as well .

But if you have a huge defender policies setup I would recommend automation via scripting using the rest API and python .

 

[Brahman]

There is an update to Symantec Endpoint Protection. New version is 14.3 MP1 (14.3.0.1) (14.3.1148.0100). the update is also available in the original download link.

What's new for Symantec Endpoint Protection 14.3 MP1 (14.3.0.1)
Last Updated August 6, 2020

This section describes the new features in this release.

• • A REST API enhancement lets you copy over settings in the
    General Settings
    policy to other groups. If you do not have inheritance for groups enabled, you can use the API call to change settings for multiple groups. For example, you can set the heartbeat and download randomization values, enable Tamper Protection, and configure Server control options.
  • The Audit log includes details about policy changes, such as whether a policy was withdrawn or reassigned to another group, who made the changes, and which settings changed. This change adds a log line containing the policy payload when a policy change is made and recorded.
  • External logging forwards information about the type of scan to Syslog servers. This information includes whether the scan was a full scan or active scan and a manual or scheduled scan. This change adds a new SCAN_TYPE column in External Logging for scan events. You can use this information to track regularly scheduled scans on your client computers.
  • The Symantec Endpoint Protection Manager Administrative Log displays the administrator's user name and the source and destination group names after a client moves from one group to another.
  • Added command-line scan support for the Windows Subsystem for Linux (WSL) processes. Dependent on SDS 1.12 or later.
    What is the Windows Subsystem for Linux?
  • The database schema includes the following table changes:
    • • SEM_AGENT: TDAD_GLOBAL_DATA_PROCESSING_DONE_TIME (Timestamp for when the agent is done processing the TDAD policy).
      • SERVER_POLICY_LOG_1 and 2: EVENT_CONTENT (Stores the policy contents when added, edited, or deleted after Audit Log option is enabled.)

 

[Lenny_Fox]

Vitali Ortzi[/B][]
It's the proactive and Auto protect causing high ram and CPU usage made a firewall and exploit mitigation only installation config (for replacing the heavy av component with a lighter one ) to get under 20mb ram and near zero CPU usage by SEP.

Would it be possible to run it along side Kaspersky Free or Windows Defender in this Firewall and exploit mitigtion mode?

 

[Vitali Ortzi]

Would it be possible to run it along side Kaspersky Free or Windows Defender in this Firewall and exploit mitigtion mode?

Yes you can .

There is an update to Symantec Endpoint Protection. New version is 14.3 MP1 (14.3.0.1) (14.3.1148.0100). the update is also available in the original download link.

Didn't mention it since it such a small update .

 

[SearchLight]

Symantec Endpoint Protection: is this a free antivirus app with firewall than be used on a personal Home PC or is it for corporations only on servers?

 

[roger_m]

Symantec Endpoint Protection: is this a free antivirus app with firewall than be used on a personal Home PC or is it for corporations only on servers?

You can use it for free as a home user too.

 

[Soulbound]

Many moons ago, I used to run the firewall module only (credit to Umbra back then for suggesting). I still cant remember the reason why I stopped using SEP, since i had already access to McAfee products for Endpoint and other stuff.

Considering I have McAfee on one system and just rolled out EIS on another, I might do the switch to EIS for the spare system, keep McAfee Endpoint on my Son's laptop and give SEP a try (latest version) with AV module.

Thanks for sharing

 

[Vitali Ortzi]

Many moons ago, I used to run the firewall module only (credit to Umbra back then for suggesting). I still cant remember the reason why I stopped using SEP, since i had already access to McAfee products for Endpoint and other stuff.

Considering I have McAfee on one system and just rolled out EIS on another, I might do the switch to EIS for the spare system, keep McAfee Endpoint on my Son's laptop and give SEP a try (latest version) with AV module.

Thanks for sharing

What I noticed is that resource usage from 14 to lastest 14.3 slowly got worse and worse used to be as light as Norton but not anymore unfortunately .
Anyway if you're used to MacAfee client you might feel underwhelmed from the lack of options in the client itself , a lot of stuff is hidden in the management server aka as SPEM.
As about the client it is slightly stronger then Norton (at least while playing with the options)

 

[Soulbound]

Forget about being underwelmed. 2 restarts and i still cant launch the GUI to begin with.
Searched online and seems like its a plague occasionally since 2014/2015

Also twice restart command was literally unresponsive, couldnt open any other program. had to force shut down.

Probably im just unlucky but I am not gonna waste anymore time with it.

McAfee aint really that heavy for me. It however starts to feel a bit heavy when I am running multiple EVE clients, but I never really excluded the processes/exe/folder (i should really).

And yeah, McAfee I can fully configure, either standalone client or via ePO deployment (i used to use ePolicy Orchestrator but then stopped since only one system at a time was using McAfee).

Shame really since SEP still uses a modified Sygate Personal Firewall to some extend.

 

[Vitali Ortzi]

Forget about being underwelmed. 2 restarts and i still cant launch the GUI to begin with.
Searched online and seems like its a plague occasionally since 2014/2015

Also twice restart command was literally unresponsive, couldnt open any other program. had to force shut down.

Probably im just unlucky but I am not gonna waste anymore time with it.

McAfee aint really that heavy for me. It however starts to feel a bit heavy when I am running multiple EVE clients, but I never really excluded the processes/exe/folder (i should really).

And yeah, McAfee I can fully configure, either standalone client or via ePO deployment (i used to use ePolicy Orchestrator but then stopped since only one system at a time was using McAfee).

Shame really since SEP still uses a modified Sygate Personal Firewall to some extend.

Shame that Symantec basically bought it off and haven't added to much to it over the sygate Enterprise.

But yeah SEP is a really buggy program maybe even more than comodo XD

 

[ak2901]

Is there an easy way to upgrade to newer versions once they are released? On unmanaged client we have to do that manually IIRC but do we have to uninstall the current client first then install new or just run the new version setup.exe and will it upgrade?
Please anyone confirm.

 

[Brahman]

Is there an easy way to upgrade to newer versions once they are released? On unmanaged client we have to do that manually IIRC but do we have to uninstall the current client first then install new or just run the new version setup.exe and will it upgrade?
Please anyone confirm.

I have upgraded without uninstalling the previous version. Everything running fine, no issues till now.

 

[Vitali Ortzi]

Is there an easy way to upgrade to newer versions once they are released? On unmanaged client we have to do that manually IIRC but do we have to uninstall the current client first then install new or just run the new version setup.exe and will it upgrade?
Please anyone confirm.

For updating the client you just need to download lastest client from cmoss.ru or update the client via the manager.
And uninstall isn't required to update the client

 

[bayawak69]

Worth the backread. Thank you Vitali

 

[ak2901]

Got rid of some bitcoin miners on my PC (maybe false positives), don't wanna bad rep any other AV but I was using emsisoft (since last year) and kaspersky since many years that wasn't able to detect those. I'll stick to this even if it is a but more intrusive.

 

[ZeroDay]

Got rid of some bitcoin miners on my PC (maybe false positives), don't wanna bad rep any other AV but I was using emsisoft (since last year) and kaspersky since many years that wasn't able to detect those. I'll stick to this even if it is a but more intrusive.

Have you got any details about the bitcoin miners? It may be easier to check if they are false positives or not.

 

[ak2901]

Have you got any details about the bitcoin miners? It may be easier to check if they are false positives or not.

Yes, I can post some images that I took.

Spoiler: images

The Remote IP is backtracked to my ISP and the application blocked was SYSTEM. Not sure what's happening here but I was using better discord (open source modification for discord) and a few JS plugins since a couple years and Symantec was the only one that flagged a couple files for it. Since I've removed better discord the notifications have stopped.

EDIT: Nevermind, I think it's not resolved yet even after a full scan and deletion of whatever PUPs and threats found. I still got same notification after about 24 hours. I don't know what to do now. I've also scanned with MBAM and HitmanPro, nothing found.

 

[Brahman]

EDIT: Nevermind, I think it's not resolved yet even after a full scan and deletion of whatever PUPs and threats found. I still got same notification after about 24 hours. I don't know what to do now. I've also scanned with MBAM and HitmanPro, nothing found.

You can seek help here Windows Malware Removal Help & Support

 

[bayawak69]

Do I just ignore these reports from SymDiag or do I need to fix them all per solutions offered? Thanks

 

[Vitali Ortzi]

View attachment 246321
View attachment 246322
View attachment 246323

Do I just ignore these reports from SymDiag or do I need to fix them all per solutions offered? Thanks

Click live update reboot and post a screenshot of the definitions date to make sure no corruption is happening on the client's definitions .

Other errors you encounter are minor and won't matter in a non Enterprise environment .