Over 1 million tech questions and answers.

Symantec Endpoint Protection Clients Local Elevation of Privilege, CSV Formula Injection

Q: Symantec Endpoint Protection Clients Local Elevation of Privilege, CSV Formula Injection

SEP 12.1 RU6 MP6 and earlier as well as SEP 14.1 MP1 are vulnerable as per CVE-2016-9093, CVE-2016-9094

Users running SEP 12.1 are advised to upgrade to SEP12.1 RU6 MP7. Users running SEP 14.1 are advised to update to SEP 14.1 MP1

Read other answers
Preferred Solution: Symantec Endpoint Protection Clients Local Elevation of Privilege, CSV Formula Injection

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)


i have this software version 11.0 i think, and it giving me trouble, the auto protect feature is disabled. i cant scan my computer as well.

i hope someone know the solution to this problem.

i am using windows vista ultimate 64 bit.
thanks alot! =)

A:symantec endpoint protection

Try reinstalling the program. Then get the updates and do a scan. Malware / hackers tend to disable on board protection when they are in a machine. Its also better to do another antivirus online scan from another vendor to get another opinion. Online scanners are listed in this forum's sticky 'Security Help Tools' ( at the top of all messages )

Read other 1 answers

Has anyone had any experience upgrading from SAV corporate 10.0 to the new Symantec Endpoint Protection software?

I am wondering what kinda issue you encountered when upgrading......


A:Symantec Endpoint Protection

This forum sucks!

Read other 1 answers

Just thought that I'd share, this version of endpoint protection works great on build 7077-7100, it will not work on older builds.

A:Symantec Endpoint Protection

Thanks for sharing ccatlett1984.

I'm not a fan of Norton/Symantec. But for those who are "die-hard loyal", I'm sure they may have some more 'bloatware' in mind for you.

*** sarcastic remark was intentional

Read other 9 answers

Looks like it works. I checked with Symantec, they say they don't support Beta OSes but if you were going to try to do it, this is how you should, not that they're saying nuthin'...

You have to use version 11.0.4. Run (as admin) LUSETUP.EXE to install liveupdate, reboot, and then run SETUP.EXE.

Works for me. (W7 build 7000)

A:Symantec Endpoint Protection 11

Don't party yet, SEP people; I'm getting Stop 8E in symevent now.

Read other 9 answers


My Lappy is a Hp 430

Our College has given us the lappy and symantec endpoint protection for free
Now the thing is Symantec does not automatically scan pen drives
Its quite light its not intrusive but the problem is it shows the latest updates 1 day earlier

It tells me the system is up to date i.e. i used Norton at it updates it self after 30 minutes so is symantec endpoint not updating properly

Also it does not automatically scan pen drives
and most suprisingly A threat on a pendrive has to be executed for Symantec endpoint to detect and resolve it.....

Although my system is clean and we are behind the college firewall their is still the problem of pen drive infection

Is their any way to make Symantec Endpoint Auto Scan pendrives or should I change the Antivirus

My college is giving it for free so please don`t ask me to change to one of the paid ones

A:Symantec Endpoint Protection

Here is Symantec's official response to the lack of flashdrive/pendrive auto scanning in their Enterprise Endpoint product.Does Symantec Endpoint Protection or Symantec Antivirus Scan USB flash drives?if any infections/threats present on the USB drive attempt to access or modify any of the content on the system it would be detected. The detection mechanism within File System Auto-Protect ensures safety from threats present on the USB drives.Plus you are able to manually scan after inserting the drive as well.Only you are able to decide if this level of protection is something you can live with.

Read other 5 answers

I got tired of searching through symantec's forums, and thought I'd try here... Does anyone know how to permanently disable the network threat protection on the workstations and on the server? Seems that anytime a re-boot, or just a long period of time, it re-enables itself and causes hell. I've adjusted the firewall to what I think would be appropriate to letting normal traffic flow, but still so many network issues arise when it's enabled.

Read other answers

I have lost my username and password, how do unlock Symantec Endpoint Protection without my username and password?

A:Symantec Endpoint Protection

to the best of my knowledge you don't. Also, we don't assist with passwords. May want to read the rules page at www.techguy.org/rules.html .

closing thread, thanks.


Read other 1 answers

I am writing in inquiring information on installing SEP 11 on Windows 7 Home Premium. A family member works at a university and therefore can download it for free from their site. It installs "OK" but after a scan and updates for it, LiveUpdate gets corrupted with error LU1808. This is extremely frustrating! When I do a complete uninstall of the product and attempt to reinstall it, it gets through one process of the installation then rolls back everything and says that the installation was "interrupted" and has been stopped. It also says to try again later.
Does anyone know why LiveUpdate keeps corrupting?

Thanks in advance for your response!

A:Symantec Endpoint Protection

Try here:

Forums | Symantec Connect

Read other 9 answers

My Symantec Endpoint Protection is disabled. When I click on it it says it is going to install it. After it installs it says that there is nothing installed. Can you help me?

A:Symantec Endpoint Protection

Symantec Endpoint Protection is business protection so ask your company IT support
It is NOT available for home users

Read other 1 answers

I would like to monitor a filename from Exceptions in SEP, except it can also be a part of a big filename. In exceptions I can monitor a filename but will it also believe wildcards as well. So for example If I am looking for Filename.exe, can I too report on *Filename*.exe?

Read other answers

Hi, i keed getting this notification. What should i do??


How should i update it??

Even after Liveupdate, i still get this... What now?? Thanks

A:Symantec Endpoint Protection serious help needed

use Revo Uninstaller Freeware - Uninstall Software, Remove Programs, Solve uninstall problems and remove the AV and then reinstall and update it.

Read other 3 answers

Hi there, we are trying to install Symantec Endpoint Protection in a particular PC (windows 7 Ultimate in the domain environment) & the installation process is proceeding upto 20-25%, but then after sometime its not installing, then I did a clean unistall & reinstall again, still the same. But when I installed in another Windows & Ultimate PC in the domain, it worked fine without any issues........

Steps did-
First I did the LUSetup & then restarted the PC.
Then installed the setup.exe - couldnt install.

A:Symantec Endpoint Protection not installing

Try the official forums:
Endpoint Protection (AntiVirus) Forum | Symantec Connect
Endpoint Protection Small Business Forum | Symantec Connect

Read other 2 answers

Hi everyone!

I bought a new comp. a while ago, with Vista Home Premium 64bit. My problems is, that, when I tryed to install "Symantec Endpoint Protection v11.0.4000", it says, there?s a pending installation, which needs a reboot...but the problem is..I don?t even have a pending installation which needs a reboot.

Ofcourse, I tryed with rebooting, several times in a row, but with no success.

I beg you, please please, have a solution on this


A:Symantec Endpoint Protection v11.0.4000

Any Norton/Symantec apps listed in Add/Remove Programs ? ?
If so remove them and re-boot.
You may also want to run the Norton Removal Tool from their site.

Read other 5 answers

If I purchase Symantec Endpoint Protection 11.0, will I have to renew after some years.

Read other answers

I would like to monitor a filename from Exceptions in SEP, except it can also be a part of a big filename. In exceptions I can monitor a filename but will it also believe wildcards as well. So for example If I am looking for Filename.exe, can I too report on *Filename*.exe?

Read other answers

Hi everyone!

I bought a new comp. a while ago, with Vista Home Premium 64bit. My problems is, that, when I tryed to install "Symantec Endpoint Protection v11.0.4000", it says, there?s a pending installation, which needs a reboot...but the problem is..I don?t even have a pending installation which needs a reboot.

Ofcourse, I tryed with rebooting, several times in a row, but with no success.

I beg you, please please, have a solution on this


Read other answers

I have been using Symantec's Endpoint Protection...
Any opinions on the functionality and efficiency would be welcome.
At a critical point when I was infected with indt2.sys and routing.exe etc.
SEP recognized the threat but could not eliminate the cause of the problem...
Generally I'm pleased with it.
Problem is, it will report as infected most of keygens I dload....
And delete the file even if SEP is deactivated....

Read other answers


The other day I booted up my computer. Everything was normal until Symantec Endpoint Protection started to install without me running any install applications. I did have it already installed because my colleges provides it for free. Anyways, I am wondering why this happened and continues to happen every time I turn on my computer. Also, is there is a way to stop it. I am running the Home Premium version of Windows 7.

A:Symantec Endpoint Protection Problem

Check in your startup programs whether the updater is sitting there. If yes, disable it.

Read other 6 answers

@[email protected]

Version from local university (unmanaged client)

I don't know much about SEP. I've heard it's not good to run it on a personal home PC b/c of how bare it comes by default. I looked through the settings and everything seems setup pretty well.

Question: What should I look for to make sure it is setup properly? If I have a subscription already for Norton Security Premium, should I just use that instead?

All the firewall ports seem to be in there and enabled. Sonar, Download Insight, Intrusion Prevention, etc. seems to be checked and setup for a good default protection (I raised a couple settings up, but not much).


Read other answers

I am a new member to Bleeping Computers so forgive me if I am not posting in the forum correctly.
For the last few weeks I've had a problem with some applications running slowly on my laptop.
Outlook stops responding also.
I regularly run MalwareBytes and supper anti spy ware (free versions) and have Symantec Endpoint protection running.
I noticed today that the Symantec dashboard looked different, there is a graphic at the top of the screen like a meter running left to right and indicating that a scan is running, I have also noticed there are 2 shields in my notifications area instead the usual 1 shield. I have just managed to start the normal scanner in symantec and its now showing a tracking cookie, filename is Cookie:"myusername"@smartadserver.com/ it shows the computer as a server within our organisation rather than my local hardrive.
I have run Super anti spyware many times and even though I remove the items from quarantine and then scan again it finds more Adware tracking cookies.
I get the feeling that I am just removing the result of a virus without getting the cause, is there someway I can find if there is an infection?
I have to confess I have also run several other tools eg, Combo fix, Minitoolbow, Tdsskiller, OTL, Adware cleaner etc, most of which I have seen in various other forum discussions where the symptoms looked similar to mine.
Looking forward to some expert advice.

A:Possible Fake Symantec Endpoint Protection

Hello tarcher, to Bleeping Computer!My name is whoabuddy and I will be assisting you today. Before we get started, please keep the following in mind while I am helping you to make things go easier and faster for both of us.Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process. Also watch for items italicized or in green, these entries are notes to help explain the process or common occurrences.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back... Read more

Read other 30 answers

Is it posible on our domain (Windows 2003 server) to have a script that when we add a new computer the the network and provision them on the domain/exchange, The symantec is automaticaly promts the installation to begin??

Read other answers

Computer Info:OS: Windows XP SP3Memory: 2 GBHD: 120 GBFor refrence, here's a previous thread I created in December:http://www.bleepingcomputer.com/forums/ind...p;#entry1050691Recently, Symantec has given me numerous false positives and I am sick of it! This program even detected its own updater as a trojan, and I'm not the only one to have this issue if their forum is any indication.https://forums.symantec.com/syment/board/me...d=3941314#M1381https://forums.symantec.com/syment/board/me...=3941314#M24046I want to uninstall this program and do a clean re-install and while I have seen instructions to do it, I am not sure which removal tool to use because all the ones I've seen are for Norton products. Does anyone know a recommended method of doing this?

A:Uninstalling Symantec Endpoint Protection v. 11.0.7


Read other 1 answers

Two weeks ago I purchased a new out of the box OS 7 Home Premium 64bit/32bit to replace the XP Pro 32bit operating system. I did a complete clean install of the 64 bit OS 7. Terrific no problem except for:

a) The PCMove that Laplink recommended did not work (requires like to like operating system and Laplink unwilling to resolve the issue on their miss advertised product and my subsequent $39.00 purchse) but that's another story.

b) Our company provides SEP 11.0.5 for remote system use. I down loaded the appropriate file and attempted to load as administrator. However, it runs through the install routine and then delivers an error statement with the exclamation point forward: "Symantec Endpoint Protection has detected that there are pending system changes that require a reboot. Please reboot the system and rerun the installation". I've done so several times with no success. Our internal tech support folks are mystified as well. They indicated that if I were attempting to install a pre-release version then MS had issued a patch that would generate the error message. They indicated that they were not aware of any reason for the clean install to fail....any ideas?

A:Symantec Endpoint Protection v11.0.5 Install Error

i have same problem also, always rollback after system checking configuration. until now ihave no idea how to solve this problem

Read other 9 answers

Symantec Endpoint Protection found DWH116.tmp (Trojan.Gen.3) in
C:\Documents and Settings\JZ\Local Settings\Temp\
but was unable to clean it. When I search i can't find the file. The same thing happened a few weeks ago but the infected file was not found again.
Symantec Endpoint Protection logs the file but can't fix it. When I scanned again 3 days later Symantec Endpoint Protection didn't find it (? because it was logged?).
Comodo doesn't find it.
I'm running XP SP3 on a Dell PC.
Any help or advice would be appreciated.

A:Trojan which can't be removed by Symantec Endpoint Protection

Hello JohnEmpty your temp folders using TFC (Temporary File Cleaner)Please download TFC by Old Timer and save it to your desktop.alternate download linkSave any unsaved work. (TFC will close ALL open programs including your browser!)Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)Click the Start button to begin the cleaning process and let it run uninterrupted to completion.Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.Run Symantec again.

Read other 3 answers

I was using my laptop earlier today when it shut off all of a sudden. I figured it had overheated because it was very hot. But then I noticed that Symantec wasn't working. On the main screen it says "File system Auto-protect is not function correctly. Your protection definitions may be damaged or your product installation may be corrupt."

When I try to run a scan, it starts and then immediately says "completed." Also, liveupdate will download half of the new definitions and then get stuck until I cancel it.

I've already reinstalled in at it's exactly the same. Any advice would be greatly appreciated.

Also, I should mention that I'm using Windows 7

A:Symantec Endpoint Protection has stopped working!

I had the same problem...try open main screen, than click options of "Antivirus and Antispyware Protection" and "change settings". Check on the "File System Auto-Protect" tab - if it is turned on it's OK, if not - do this.
You can also download the latest deifinitions update from http://www.majorgeeks.com/Norton_Virus_Definitions_200820092010_d5772.html and try to install it.

Read other 3 answers


i just installed Symantec Endpoint Protection (SEP) ; so i will briefly explain what is is and what it does:

Spoiler: Status

Spoiler: Settings

Endpoint ? what is that?

Endpoint security is an approach to network protection that requires each computing device on a corporate network to comply with certain standards before network access is granted. Endpoints include PCs, laptops, smartphones, tablets and specialized corporate equipment such as bar code readers or point of sale (POS) terminals.

From Symantec

Symantec Endpoint Protection is an endpoint security solution created through a layered approach to defense. With unique, layered technology, it detects and removes more malware than any other product in its class1. Derived from Symantec?s global intelligence network, our unique Insight and SONAR technologies enable faster scan, more accurate detection, and higher performance while utilizing fewer resources. With single management console, Symantec Endpoint Protection provides advance protection across multiple platforms both physical and virtual
the main target of endpoint protections is to protect your network from various attack vectors. the keyword here is network protection opposed to local protection of Home users solutions.

while some of its components (RT engine, Behavior Blocker known as Sonar, etc...) look similar to the home version (aka Norton IS) , the way SEP handle them (The firewall configurations, 0-day ( and definitions ... Read more

A:Symantec Endpoint Protection (review & explanation)

Yes @Umbra Polaris That is exactly how i explained it to you.
However i want to add that this was a private convo between you and me where i did try to explain it as proper as i could without being to technical using easy every day examples of real life to point out how things work.
Anyway very nice job very nice article and very well explained = Job well done

@ All others
I installed SEP on Umbra's PC to show him what SEP really is and how it really works, and based upon Umbra's own reaction SEP did just a wee bit more then being a firewall. If i may be frank here he was pretty impressed with a product that is being associated with the old Norton / Symantec myths about being a resource hog with bad/average protection and not to forget slowing the PC down to grind modus.
Obviously having SEP running at only 25mb during a full scan on virtually max settings is a testimonial example of being a resource hog (Just kidding)

Umbra why don't you point out what SEP does to your computer now you got it running and can see things for your self?
I am sure that the average Symantec hater gets a culture shock... lmao.


Read other 55 answers

SEP 12.1 RU6 MP2 (12.1.6465.6200) Enterprise Edition has been released & available to download on Flexnet.

Symantec Endpoint Protection 12.1.6 RU6 MP2 v12.1.6465.6200














http://esdownload.symantec.com/akdlm/CD/MTV/Symantec_Endpoin... Read more

A:Symantec Endpoint Protection 12.1.6 RU6 MP2 v12.1.6465.6200

As far as I know, on Windows, there is no difference between MP1 and MP2.
This update is only for Linux and Mac.

Read other 2 answers

My Symantec Endpoint Protection started blocking svchost.exe every few minutes. A message will pop up and make a noise each time. I've checked the Symantec log file and the location for svchost.exe is the right one C:\WINDOWS\system32 . Any help is appreciated. Thanks. Here's the popup message:

Traffic has been blocked from this application: Generic Host Process (svchost.exe)

I don't know if this issue is related, but my computer has been freezing. I don't know why. I feel it shouldn't be,considering the fact that it's fairly new since I purchased it 2-3 weeks ago, brand new.

Read other answers

How do I make the "Disable Symantec Endpoint Protection" active. The corp policy has it grey, but I need to be able to disable it. I'm sure there is a tweak in the registry, but I need help finding it.

A:Disable Symantec Endpoint Protection is Greyed out

the corporate policy has it greyed out due to their network admins group policy. In short, they disabled that function for a reason. You will need to take it up with the IT department of your corporation.

I'll leave this open for your response, but I can tell you now that there is nothing we can do to assist you in bypassing restrictions that your corporate system engineers have put in place.

Also, as an aside, I work as an SE, and we have fired people in the past for attempting to bypass our group policies.

Read other 2 answers

This is for a computer at work( not my computer) details were provided about the virus problem on symantec endpoint protection :

Scan type: Auto-Protect Scan
Event: Risk Found!
Security risk detected: Trojan.Dropper
File: C:\Users\username\AppData\Local\Temp\DWHD8A5.tmp
Location: C:\Users\username\AppData\Local\Temp
Computer: servicetag
Action taken: Pending Side Effects Analysis : Access denied
Date found: Monday, 23 January 2012 10:55:34 AM

This problem is recurring. Im wondering if this is a real virus or just a suspicious file. The user is not an administrator and has no administrator privledges, she said that she could not delete the file because she did not have the permission.

Perhaps temp files used by certain programs are being recognised as trojan droppers? im not sure.

Read other answers

Hi,I recently began receiving Symantec Endpoint Security notifications saying that it detected a trojan in the TEMP folder of my LOCAL files. I have experience using computers, so I very carefully ran ComboFix (I hope you all are not angered) and I am posting my log here. I really appreciate the help!ComboFix 11-05-09.02 - Bunsree 05/10/2011 8:15.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3957.1772 [GMT -4:00]Running from: c:\users\Bunsree\Downloads\ComboFix.exeAV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Bunsree\AppData\Roaming\inst.exec:\users\Bunsree\AppData\Roaming\pcouffin.sysc:\windows\system32\drivers\etc\lmhosts..((((((((((((((((((((((((( Files Created from 2011-04-10 to 2011-05-10 )))))))))))))))))))))))))))))))..2011-05-10 12:22 . 2011-05-10 12:22 -------- d-----w- c:\users\Default\AppData\Local\temp2011-05-10 02:35 . 2011-05-10 02:35 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services2011-05-08 21:52 . 2006-06-19 16:01 69632 ----a-w- c:\windows\Sy... Read more

A:Symantec Endpoint Protection detecting Trojan.Gen

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

Read other 2 answers

One of our laptops got hit by VirusDoctor last week. Symantec caught it and quarantined it. I went in and deleted it. I ran Malwarebytes and found Security.Hijack and My Security Shield (Rogue.MySecurityShield) which Malwarebytes quarantined and deleted. BUT, the Windows msg ,"Symantec Endpoint Protection has detected a problem and needs to close............" and it closed. Ok, no problem. I completely removed Symantec from the laptop (Control Panel, deleted folders, & deleted all references to Symantec & Live Update in the Register. Re-deployed from the server. Same Windows msg keeps popping up. I've done this about 4 times now. Symantec Support gave me CleanSweep to run after we did the same things I had already done. It didn't work either.

Somewhere there's a command blocking the startup of any (?) virus software. I've check all the startup locations (.ini's, registers, etc) and don't see anything that I recognize as a prob.

I'm about ready to reinstall from scratch. Any ideas?

Thanks in advance.

A:Solved: Symantec Endpoint Protection Closes

As I recall from running Sysinternal's AutoRun program, there are Tons of places where software can start. Have you considered running MalwareBytes again, in case it missed something on the first pass.?

Read other 3 answers

Hi all! This is the issue: I need to disable Symantec Endpoint Protection completely because is blocking some tools I used for remote connections. I need to disable it, not uninstall it because sometimes is needed for an authentication process in a VPN.

The problem is that eventhough I disabled all Symantec-related services and starting processes in msconfig, it stills appears ON in the Security Service Center.
I've tried disabling in msconfig and regedit (I don't see any entry for this). I'm using Windows Vista, with no Windows Defender.
And it is not possible for me to change any setting from the software, it was locked by the administrator.

Can someone please help me? I'm desperate!

A:Completely disable Symantec Endpoint Protection

We do not assist getting around restrictions put in place by administrators.

Closing thread.

Read other 1 answers

I'm trying to install SEP and the install won't complete. I'm using an administrator account and click Run as Administrator when starting the installation. Windows installer starts but it never gets to the Symantec installer. This is on an older 32 bit laptop and I'm using the 32 bit version of SEP. Any ideas?

A:Install not completing- Symantec Endpoint Protection

Have you un-installed all other AVs?

Read other 9 answers

Last night my computer started freaking out. SEP started popping and quarantining files. The computer became unusable. So, I shut it down. I restarted it and the whole thing started over again. I noticed that it was quarantining its own Quaratine directory. I didnt have any option by uninstalling SEP. Now I want to make sure my computer is not infected.

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.3.1
Run by Prabhu Rajagopalan at 22:29:55 on 2012-03-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1371 [GMT -8:00]
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
============== Running Processes ===============
F:\WINDOWS\system32\svchost.exe -k DcomLaunch
F:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
F:\WINDOWS\System32\svchost.exe -k netsvcs
F:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
F:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
F:\Program Files\Microsoft\BingBar\BBSvc.EXE
F:\Program Files\Microsoft\BingBar\SeaPort.EXE
F:\Documents and Settings\All Users&#... Read more

A:Symantec Endpoint Protection Endless Quaranting

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Your DDS log is clean. Lets check further.Please download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
Do not install any other programs until this if fixed.[/b]
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Some Rookit infection may damage your boot sector. The Windows Recovery Console ... Read more

Read other 7 answers

On September 18, 2014, Symantec released Symantec Endpoint Protection 12.1 Release Update 5 (12.1.5). You can download this version from Symantec FileConnect.

Symantec Endpoint Protection 12.1.5 includes a number of new features, including:

Bandwidth throttling to control client/server communication traffic
Content storage optimization that greatly reduces disk space used by Symantec Endpoint Protection Manager. It's applicable only for SEPM not for clients.
Symantec Endpoint Protection for Linux, which allows Linux clients to be managed through the Endpoint Protection Manager
For more information about this release, read the Release Notes or the updated product documentation in the Related Articles section.

Refer this blog: https://www-secure.symantec.com/connect/blogs/symantec-has-released-new-...

English versions of Symantec Endpoint Protection 12.1.5337.5000 (RU5) is now available to download on FileConnect. Other languages versions will be available soon. We shall update you on its availability.

The primary download is distributed into two installation files: Part1_Installation and Part 2_Tools. Please download and extract both files before continuing with the software setup.?

As part of the upgrade to Symantec Endpoint Protection Manager (SEPM) 12.1 RU5, all content converts from full definitions to delta definitions. This process is resource intensive and upgrades may take longer than expected. For more details: http://www.symantec.com/docs/TECH224055

... Read more

Read other answers

I foolishly downloaded Symantec Endpoint from the University that I go to, only to find out that there is no removal tool for Endpoint. I've decided that what ever extra protection Endpoint adds to my system isn't worth it, since I don't really trust it anyway, and it uses up a considerable amount of system resources and isn't very friendly when scheduling scanning times.

So I want to remove it. From previous Symantec software encounters I've learned that if you want to uninstall a symantec product, and then replace it with another (in this case just the University's Symantec Antivirus) there will most likely be trouble if you don't remove all files of the previous software.

Honestly, after my experience with Norton 360 I never wanted to EVER have to put another symantec product on my system. However, see as it is the University's ResNet policy that you have to use one of their Symantec products or you can't get on the internet, my hand is kind of forced.

So the questions are:
1. How do I remove symantec endpoint from my system/where can I get a removal tool?

**Note**(I've looked around and apparently Cleanwipe will do the job, but you have to call Symantec in order to get a copy. And THEY say that they abide by the Universities' policies and that you have to have the University submit a ticket in your name. Then you call the University line and they no absolutely nothing about it, and say call Symantec. So it goes ... Read more

A:Solved: Symantec Endpoint Protection Removal

Read other 8 answers

A couple of days ago, Symantec Endpoint Protection ran, and found Combofix.exe in my Downloads folder.

It flagged it as a virus and deleted it!
Anything I should worry about?
(This is a business computer, so I don't want to set off alarms in IT, but ComboFix has bailed me out numerous times when Symantec can't).

A:Symantec Endpoint Protection Deleted ComboFix!

Combofix is a powerful program and shouldn't be used on-a-whim. If used improperly it can essentially brick your PC. Your IT dept. will then be DELIGHTED to fix the problem.

Read other 3 answers

About 3 days ago my Symantec Endpoint Protection started blocking svchost.exe every few minutes. A message will pop up and make a noise each time. I've checked the Symantec log file and the location for svchost.exe is the right one C:\WINDOWS\system32 . Any help is appreciated. Thanks. Here's the popup message.

Traffic has been blocked from this application: Generic Host Process (svchost.exe)

Read other answers

Download Data Sheet (PDF): https://www.symantec.com/content/dam/symantec/docs/data-sheets/endpoint-protection-14-en.pdf

Symantec?s global intelligence network of 175 million endpoints and our advanced machine learning technologies allow you to detect threats more accurately.
Advanced machine learning done right: Stop unknown threats with advanced machine learning AI to deliver maximum protection at the endpoint with minimal false positives.
Wrap your endpoints in multi-layered protection?artificial intelligence in the cloud, combined with critical endpoint technologies creates the most threat-resistant endpoint security in the world.
Block zero-day attacks that prey on memory-based vulnerabilities in many popular applications with memory exploit mitigation.
Introducing Symantec Endpoint Protection 14 powered-by AI

Today?s launch of Symantec Endpoint Protection 14 (SEP14) represents significant innovation and integration for endpoint security, immediately available from the global leader in cybersecurity.

Our newest release delivers multi-layered endpoint protection in a single agent, including new innovations for advanced machine learning and zero-day exploit prevention, along with established technologies for file reputation and behavior analysis, firewall and intrusion prevention ? all powered by the world?s largest civilian threat intelligence network.

Let?s break that down [...]

Continue reading at Symantec Blog: Endpoint Security: Protect and Respond at ... Read more

Read other answers

Symantec Endpoint Protection keeps detecting this exploit. It says it is quarantined everytime, but almost everyday it keeps saying it found Bloodhound.Exploit.166, sometimes 3 files at a time. All of the time these files are found in the "C:\Users\Keston\AppData\Local\Temp" folder. I now have about 20+ of these in quarantine.Could you please help me get rid of this virus. Any help would be appreciated.Attached is a copy of my HijackThis log.ThanksLogfile of Trend Micro HijackThis v2.0.2Scan saved at 12:52:55 PM, on 6/1/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPStart.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exeC:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exeC:\Program Files\Lexmark X1100 Series\LXBKbmgr.exeC:\Program... Read more

A:Bloodhound.exploit.166 Found By Symantec Endpoint Protection

Hi kesso,I'm sorry it's taken so long for you to get a response, if you still need help please do as follows:Download Deckard's System Scanner (DSS) to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)Close all applications and windows.Double-click on dss.exe to run it, and follow the prompts.When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimizedMake sure Format->Word Wrap is uncheckedCopy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your replyOnce complete, please post both DSS logs, you won't need to produce a new HijackThis log as DSS produces one for you.Please do not attach logs unless directed to do so, thank you.

Read other 3 answers

OS: Windows XP SP3
Processor: Intel Core Duo 1.67 GHZ
Memory: 2 GB

For the past few days, Symantec Endpoint Protection has given me messages saying that it has stopped a Downloader from installing to my computer. It seems to always come up as a temporary file with these kinds of names:

The XXXX represents 4 characters consisting of numbers and capital letters.

I did a full scan using Symantec Endpoint Protection. Then, I scanned the computer using Spybot and finished by generating a HiJackThis log. I can not put it in the thread because this forum is not for that purpose, but anyone who wants to look at it can PM me.

I just want to know what's wrong, because I don't see how I can have a Downloader which is constantly deleted by an Auto-Protect scan and yet seemingly have no signs of infection even when scanning in Safe Mode.

A:False Positives from Symantec Endpoint Protection 2007?

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complet... Read more

Read other 7 answers

Source: Security Advisories Relating to Symantec Products - Symantec Endpoint Protection Multiple Security Issues - 2016-03-17T03:00:00 PDT | Symantec


Symantec Endpoint Protection (SEP) was susceptible to a number of security findings that could potentially result in an authorized but less privileged user gaining elevated access to the Management Console. SEP Client security mitigations can potentially be bypassed allowing arbitrary code execution on a targeted client.


The management console for SEPM contained a cross-site request forgery vulnerability that was the result of an insufficient security check in SEPM. An authorized but less-privileged user could potentially include arbitrary code in authorized logging scripts. When submitted to SEPM, successful execution could possibly result in the user gaining unauthorized elevated access to the SEPM management console with application privileges.

There was a SQL injection found in SEPM that could have allowed an authorized but less-privileged SEPM operator to potentially elevate access to administrative level on the application.

The sysplant driver is loaded as part of the Application and Device Control (ADC) component on a SEP client if ADC is installed and enabled on the client. A previous security update to this driver did not sufficiently validate or protect against external input. Successfully bypassing security controls could potentially result in targeted arbitrary code execution on a client syst... Read more

A:Symantec Endpoint Protection Multiple Security Issues

Av Gurus said:

Symantec product engineers have addressed these issues in SEP 12.1-RU6-MP4. Customers should update to RU6-MP4 as soon as possible to address these issues.Click to expand...

A good news for me

Read other 2 answers

Long story short...I lost my job yesterday based on the fact that a "random" check was done on a few computers with the Barracuda Website Filtering. Since I log onto my computer at the beginning of the day and don't log out until 5 any activity will appear under my name even if I locked my screen and leave my apps running. Now keep in mind 4 people have used this computer before me, and while I was out for a month others used my computer. In the past 2 months I have seen the Symantec message Web Attack: Exploit Kit Variant Activity 3 when I turn on my computer run a scan that found nothing and wasn't notified by the tech monitors of anything so I assumed everything was ok. Until yesterday when I was told that the Barracuda Website Filtering had monitored me going to multiple adult content websites that I had never heard of or seen for 1-4 or 5 min sessions. Some of the times I was out to lunch. The head of the tech department was called in as I was stating that it could be a virus, worm anything that could have been running in the background. The tech expert said it's not true you have to actually visit those pages  she said they can't run in the background
Was it possible I was infected and was not caught? I did not go to those sites. Your thoughts

Read other answers

"[SID:23674] System Infected: Virut Request 2 detected" keeps popping up every few minutes. I have windows 7 and use firefox as main browser. Symantec was updated 3 days ago automatically. I can see a large amount of events in Client management security log with the full message: "[SID: 23674] System Infected: Virut Request 2 attack blocked. Traffic has been blocked for this application: \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSWOW64\SVCHOST.EXE."
Is this a sign of infection or is my virus protection actively fighting an intruion? Is there anything I can do?

A:Symantec Endpoint Protection keeps detecting infection every few minutes

Welcome aboard  Virut (if confirmed) is a very bad news because it's not curable. Please run a free online scan with the ESET Online ScannerDisable your antivirus programTick the box next to YES, I accept the Terms of UseClick StartIMPORTANT! UN-check Remove found threatsAccept any security warnings from your browser.Check Scan archivesClick StartESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, push List of found threatsClick on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. 

Read other 1 answers