Home > Symantec Endpoint > Symantec False Positive Submission

Symantec False Positive Submission

Contents

Solution: Added code to update the CIDS opstate cache when the CIDS opstate cache is not initialized. Submit a Threat Submit a suspected infected fileto Symantec. Note: In Small Business Edition 12.1 RU1 MP1 this setting cannot be modified and is on by default if you are using the "High Security Virus and Spyware Protection Policy". SEPM fails to upload logs by batch mode when BCP fails Fix ID: 3646935 Symptom: Symantec Endpoint Protection Manager 12.1.5 (12.1 RU5) fails to revert to batch mode when BCP fails. http://recupsoft.com/symantec-endpoint/symantec-pop-up-message.html

Solution: Added alternate method of obtaining the profile data with the required encryption key if the ProfileMangement.dat file cannot be migrated. Solution: Added appropriate mapping between config.xml and setAid.ini. “Query Failed” when switching between log content tables Fix ID: 3741906 Symptom: “Query Failed” error screen displays when switching between log content tables Submit a False Positive Report a suspected erroneous detection (false positive).

Information for: Enterprise Small Business Consumer (Norton) Partners Our Offerings: Products Products A-Z Services Solutions Connect with us: Support Solution: Check to sanitize the group name during the package export.

Symantec False Positive Submission

The lock for Intrusion Prevention setting is disabled if the HI check fails and changes quarantine policy Fix ID: 3714724 Symptom: If a parent location has IPS policy with IPS enabled Hosts File Change in File: c:\windows\system32\svchost.exe by: SONAR scan" Did this article resolve your issue? Translated Content This is machine translated content Login to Subscribe Please login to set up your subscription. Solution: The caller MD5 now writes to the logs after its calculation.

Cannot uncheck FileCache option on SEPM Fix ID: 3640759 Symptom: When you close the Virus and Spyware Protection policy dialog, a redundant instruction saves the default FileCache options. IIS Service error during SEPM repair after removing IIS Fix ID: 3661647 Symptom: You upgrade Symantec Endpoint Protection Manager from 11.0, then repair the installation. Create a SymAccount now!' Event ID 40: Symantec Endpoint Protection has determined that the virus definitions are missing on this computer. Symantec Endpoint Protection Has Acted On The Risks SEPM 12.1 RU5 Risk Log displays fewer events than in CSV export Fix ID: 3688344 Symptom: Exported risk logs show more events than when viewing the same log in the user

Package creation succeeds for ADK 6.2.10812 and earlier, but fails with ADK 6.2.11785 and later. Symantec Endpoint Protection Detection Results Keeps Popping Up Note that it is not necessary to open a case with Technical Support for non-emergency requests. Solution: Moved DevManStub.exe to the proper installation path location to allow this to work. Solution: Updated the IRON driver to make it thread-safe.

FQDN not allowed in the HI file download page Fix ID: 3653276 Symptom: A FQDN is not allowed when providing a UNC path for Host Integrity. How To Turn Off Symantec Endpoint Protection Notifications Solution: Append the custom port to the JDBC URL string if the default port 2638 is occupied by other application. Solution: Updated Symantec Endpoint Protection Manager’s routines to appropriately manage latest and non-latest full definition content removal logic. SMC commands do not set proper return code in %errorlevel% Fix ID: 3387362 Symptom: SMC commands do not return any error codes if the operation fails.

Symantec Endpoint Protection Detection Results Keeps Popping Up

Solution: Added this content in subsequent builds. Solution: Fixed logic to give limited administrators the correct rights for read-only groups. Symantec False Positive Submission The following article can then be used: Restoring a false positive from the Symantec Endpoint Protection quarantine For suspected IPS False Positives, please see Best Practice for Responding to Suspected Symantec Endpoint Protection Notification Keeps Popping Up ccSvcHst.exe crashes and fills up the hard drive with large dump files Fix ID: 3673616 Symptom: The Common Client Crash Handler fills the client hard drive with large memory dump files

Unmounting volume fails after services restart on SEP client Fix ID: 3519280 Symptom: After a backup runs, unmounting the volume fails after the Symantec Endpoint Protection 12.1.4 (12.1 RU4) smc service http://recupsoft.com/symantec-endpoint/allow-autorun-inf-symantec-endpoint.html Solution: Updated sorting column to default to Time if the previous sorting column is not in the new table. Solution: Changed code to unlock the section of the registry before the Sysplant driver tries to modify it, and restores the lock immediately after Sysplant is done. How can it be confirmed whether this is a genuine detection or if it is a "False Positive"? Symantec Pop Up Message

  • Solution: Corrected query logic to correctly display all information that is available to the limited administrator. 12.1 RU5 Download Insight fails due to IPS component with Virus and Spyware Protection-only install
  • Supported Products A-Z Get support for your product, with downloads, knowledge base articles, documentation, and more.
  • Don't have a SymAccount?
  • Thank you for your feedback!
  • Solution: Updated the deployment report so that the report displays “Not deployed, version is same or later” in this situation.
  • This computer will remain unprotected from viruses until virus definitions are downloaded to this computer.
  • Solution: Handled specific case of a null file-size in the database, related to a particular application which threw an exception while parsing, but failed to show the application exception dialog box.
  • Users may see screen prompts and/or a toolbar notification balloon and the event may be logged in the Proactive Threat Protection Logs.
  • After using AutoUpgrade, the deployment report in SEPM shows “The client decided to reject the upgrade package” for many clients Fix ID: 3624243 Symptom: Many clients in a group display a
  • SEPM stops replicating with an error when a file named "Program" is located at the root of the SEPM install drive Fix ID: 3641315 Symptom: When an executable path contain spaces

It now reads Last Scan Started. Solution This issue may be resolved by one of the following methods: Wait until the Symantec Endpoint Protection client downloads definitions from its Symantec Endpoint Protection Manager. Solution: Updated the installer script to ensure a successful installation on Ubuntu 14.04. click site Expanding this row should now display the details of the clients.

Solution: Update the Content Distribution Monitor tool to display the correct IPS version. Symantec Endpoint Protection Detected Risks While You Were Logged Out Solution: Corrected the logon parameter so that the push install can succeed with the Client Deployment Wizard. This package contains a complete set of virus definitions and can be used to update Symantec Endpoint Protection clients which do not have access to content from another source (e.g., clients

Try these resources.

Error The following error is written to the Windows System Event Log: "Security Risk Found! Solution: Fixed a boundary condition error in loop that caused this issue. Provide feedback on this article Request Assistance Print Article Products Subscribe to this Article Manage your Subscriptions Search Again Situation You see an error in the Windows Application Event Viewer with Ariesms When you export a client package assigned to this group, it fails.

However, this page includes other resources which are not secure.” Solution: Correct the protocol in use to visit links on the Home page to an encrypted version. Provide feedback on this article Request Assistance Print Article Products Related Articles Subscribe to this Article Manage your Subscriptions Search Again Situation Detections occur over and over in C:\Documents and Settings\All After the Application and Device Control rule triggers on the clients, the Symantec Endpoint Protection Manager logs contain the target MD5, but not the caller MD5. http://recupsoft.com/symantec-endpoint/resetpass-bat-for-symantec-12.html Solution: Compared the registry string lengths to make sure the string search does not overrun the boundary.

Scheduled Reports run at a later time every day Fix ID: 2148375 Symptom: A scheduled report does not run on time in many common scenarios, such as the Symantec Endpoint Protection Solution: Added a command-line password prompt for this specific case. No Yes Report a Suspected Erroneous Detection (False Positive) Use this "wizard" to tell us about a situation where you believe that a Symantec or Norton product is incorrectly reporting a Solution: Added scm_rmm_refresh_token_expiration_days to conf.properties to configure the refresh date.

SEPM unable to expand settings in Reports Fix ID: 3640460 Symptom: In the Symantec Endpoint Protection daily or weekly reports, nothing happens when you click Greater than 7 days under the