Endpoint Security Complete

 View Only

  • 1.  Installation problem by GPO and dashboard

    Posted Jun 08, 2021 01:37 PM
    Hi.
    I'm new to SES and I'm having trouble installing via GPO or console. I've had an open call for several weeks and I'm not getting a response from support for the issue below.
    The client starts the package installation, downloads the file {SA1434615-2Q21S2} -S-1-5-18.dat, but during the installer process it ignores proxy settings and ends up not installing due to firewall blocking.
    We have a .pac proxy defined on the workstations that is working fine and doesn't have symantec URLs blocked.
    I've already asked support if there should be any parameter in the .mst file for installation by GPO, but I don't have any feedback on that.
    Problem occurs either by GPO or by console.

    I put some logs if it helps.

    2021-06-08-09-09-21-876 : 0x025C : Information : Getting settings from IE
    2021-06-08-09-09-21-876 : 0x025C : Information : Proxy per Machine is not configured
    2021-06-08-09-09-21-876 : 0x025C : Information : No manual proxy settings found
    2021-06-08-09-09-43-469 : 0x025C : Error : fsd::FSDDataReporter::submitToServer(1696) : httpClient.GetRequest() failed, hr=0x80072EE2
    .
    .
    2021-06-08-09-10-42-154 : 0x1AA4 : Error : Unable to connect https://us.spoc.securitycloud.symantec.com/status, hr 0x80072EE2
    2021-06-08-09-11-03-202 : 0x1AA4 : Error : Unable to connect https://us.spoc.securitycloud.symantec.com/status, hr 0x80072EE2
    2021-06-08-09-11-24-256 : 0x1AA4 : Error : Unable to connect https://us.spoc.securitycloud.symantec.com/status, hr 0x80072EE2
    2021-06-08-09-11-24-256 : 0x1AA4 : Information : fsd::FSDJobEngine::OnJobEvent(1106) : Sending jobEvent 12
    2021-06-08-09-11-24-288 : 0x1AA4 : Information : fsd::FSDJob::run(1017) : jobState==eFinished
    2021-06-08-09-11-24-288 : 0x1AA4 : Error : fsd::FSDJobEngine::OnJobEvent(748) : Handling eJobFinish failure, engine state=2 job failed with hrJob=0x80047ECD
    2021-06-08-09-11-24-288 : 0x025C : Information : request to show/hide main window
    2021-06-08-09-11-24-288 : 0x1AA4 : Information : fsd::FSDJobEngine::OnJobEvent(1106) : Sending jobEvent 1
    2021-06-08-09-11-24-288 : 0x025C : Information : send message to display window
    2021-06-08-09-11-24-288 : 0x025C : Information : fsd::FSDBaseUI::OnUpdateJobInfo(783) : LPARAM - 12
    2021-06-08-09-11-24-350 : 0x025C : Information : DING::CFilePackerEx::CArchiveInfo::Deserialize_legacy(631) : Segment header FSDManifest.js Deserialized
    2021-06-08-09-11-24-350 : 0x025C : Information : 64-bit package selected to install
    2021-06-08-09-11-24-350 : 0x025C : Information : Proxy host or port or both are empty in manifest. Use browser settings.
    2021-06-08-09-11-24-350 : 0x025C : Information : Getting settings from IE
    2021-06-08-09-11-24-350 : 0x025C : Information : Proxy per Machine is not configured
    2021-06-08-09-11-24-350 : 0x025C : Information : No manual proxy settings found
    2021-06-08-09-11-24-350 : 0x025C : Information : fsd::FSDProxySettings::determineBrowserProxySettings(112) : Using Proxy setting, autodetect is set
    2021-06-08-09-11-24-350 : 0x025C : Information : Status reporting switched off. No Reporting URL specified in manifest
    .
    .
    2021-06-08-09-11-26-116 : 0x025C : Information : 64-bit package selected to install
    2021-06-08-09-11-26-116 : 0x025C : Information : Proxy host or port or both are empty in manifest. Use browser settings.
    2021-06-08-09-11-26-116 : 0x025C : Information : Getting settings from IE
    2021-06-08-09-11-26-116 : 0x025C : Information : Proxy per Machine is not configured
    2021-06-08-09-11-26-116 : 0x025C : Information : No manual proxy settings found
    2021-06-08-09-11-26-116 : 0x025C : Information : fsd::FSDProxySettings::determineBrowserProxySettings(112) : Using Proxy setting, autodetect is set
    2021-06-08-09-11-26-116 : 0x025C : Information : Status reporting switched off. No Reporting URL specified in manifest
    2021-06-08-09-11-26-116 : 0x025C : Information : FSD exited. Error code: 18


  • 2.  RE: Installation problem by GPO and dashboard

    Broadcom Employee
    Posted Jun 08, 2021 01:42 PM
    Hey there. That error code is explained here: https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-security/sescloud/Installing-the-Symantec-Agent-and-enrolling-devices/symantec-agent-installer-and-symantec-download-man-v134128608-d4155e6256.html

    It looks like the endpoint you are attempting to install with is unable to phone home to ICDm. Take a look at this and see if this helps: https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-security/sescloud/Troubleshooting/urls-to-whitelist-for-v129099891-d4155e9710.html
    --
    Kris Gainsforth
    CompTIA CSAP (Sec+, CySA+), Symantec Security Awareness Advocate (SSAA)
    Solutions Engineer  | Symantec Endpoint Security Division
    Broadcom

    M:3859003984
    Draper, UT, USA
    kris.gainsforth@broadcom.com   | broadcom.com

    This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.



    Original Message


  • 3.  RE: Installation problem by GPO and dashboard

    Broadcom Employee
    Posted Jun 08, 2021 01:43 PM
    As far as installing by GPO, that shouldn't make a difference. The endpoint just needs to have a clear path to the URLs listed in my other post.

    ------------------------------
    Kris Gainsforth
    Solutions Engineer
    Broadcom
    ------------------------------

    Original Message


  • 4.  RE: Installation problem by GPO and dashboard

    Posted Jun 08, 2021 04:13 PM
    Thanks for the answer.
    I've already checked these two documentations.
    The problem that happens is that it starts installation using the proxy, but after it downloads the .dat file it ignores the system's proxy and ends up being blocked in the firewall.
    In the .mst file I configured some proxy entries, but they gave an error at the beginning of the process.
    Either the parameter I put is wrong or it doesn't allow changing the file.
    This behavior occurs in both cases, installation via GPO or via the console.
    On a machine I installed it manually without problems. This way I was able to do the discovery and send the package.
    I've already questioned support for entries that could be placed in the proxy .mst file, but it doesn't answer that. Just say you'll check with the senior team.
    Original Message


  • 5.  RE: Installation problem by GPO and dashboard

    Broadcom Employee
    Posted Jun 08, 2021 04:33 PM
    I understand that this is frustrating. At this point, we have to follow the process for support. I do appreciate you confirming that you have followed the documentation, that's a big help. I'll see if there's any other info I can find out, but this is something that I have not personally seen before.


    ------------------------------
    Kris Gainsforth
    Solutions Engineer
    Broadcom
    ------------------------------

    Original Message


  • 6.  RE: Installation problem by GPO and dashboard

    Posted Jun 14, 2021 03:33 PM
    Hi Kris. I spent 2 hours with the technician and we couldn't reach an agreement.
    I explained that error happens during the installation made by GPO or the dashboard, informed that it was to contact the IT team or Microsoft because the problem is with the proxy.

    If anyone can give another view.

    If I run the manual Symantec_Agent_install.exe installer on the computer, the proxy information appears in the log.

    2021-06-14-15-31-42-038 : 0x1714 : Information : Proxy host or port or both are empty in manifest. Use browser settings.
    2021-06-14-15-31-42-054 : 0x1714 : Information : Getting settings from IE
    2021-06-14-15-31-42-054 : 0x1714 : Information : Proxy per Machine is not configured
    2021-06-14-15-31-42-054 : 0x1714 : Information : AutoConfigURL http://proxy.domain.com.br:9001/proxy.pac
    2021-06-14-15-31-42-054 : 0x1714 : Information : No manual proxy settings found
    2021-06-14-15-31-42-054 : 0x1714 : Information : fsd::FSDProxySettings::determineBrowserProxySettings(118) : Using Proxy setting, autoconfig url - http://proxy.domain.com.br:9001/proxy.pac
    2021-06-14-15-31-42-054 : 0x1714 : Information : Status reporting switched off. No Reporting URL specified in manifest
    2021-06-14-15-31-42-054 : 0x1714 : Information : DING::CFilePackerEx::CArchiveInfo::Deserialize_legacy(631) : Segment header FSDManifest.js Deserialized
    2021-06-14-15-31-42-054 : 0x1714 : Information : 64-bit package selected to install
    2021-06-14-15-31-42-054 : 0x1714 : Information : Getting settings from IE
    2021-06-14-15-31-42-054 : 0x1714 : Information : Proxy per Machine is not configured
    2021-06-14-15-31-42-054 : 0x1714 : Information : AutoConfigURL http://proxy.domain.com.br:9001/proxy.pac
    2021-06-14-15-31-42-054 : 0x1714 : Information : No manual proxy settings found
    2021-06-14-15-32-03-132 : 0x1714 : Error : fsd::FSDDataReporter::submitToServer(1696) : httpClient.GetRequest() failed, hr=0x80072EE2


    If you send it via the dashboard or via GPO, you can't find it

    2021-06-14-15-39-50-474 : 0x0F44 : Information : Proxy host or port or both are empty in manifest. Use browser settings.
    2021-06-14-15-39-50-474 : 0x0F44 : Information : Getting settings from IE
    2021-06-14-15-39-50-474 : 0x0F44 : Information : Proxy per Machine is not configured
    2021-06-14-15-39-50-474 : 0x0F44 : Information : No manual proxy settings found
    2021-06-14-15-39-50-474 : 0x0F44 : Information : fsd::FSDProxySettings::determineBrowserProxySettings(112) : Using Proxy setting, autodetect is set
    2021-06-14-15-39-50-474 : 0x0F44 : Information : fsd::FSDEngineBase::Start(245) : Starting the job engine
    2021-06-14-15-39-50-474 : 0x0F44 : Information : wWinMain(638) : spFSDEngine->Start() succeeded, starting message loop
    2021-06-14-15-39-50-474 : 0x0F44 : Information : fsd::FSDBaseUI::OnUpdateJobInfo(783) : LPARAM - 9
    2021-06-14-15-39-50-474 : 0x261C : Information : fsd::FSDJob::run(890) : jobState==ePreProcess
    2021-06-14-15-39-50-474 : 0x261C : Information : fsd::FSDJobEngine::GetPreviousDownloadDuration(3441) : Failed to read download duration registry key
    2021-06-14-15-39-50-474 : 0x261C : Information : fsd::FSDJobEngine::OnJobEvent(1106) : Sending jobEvent 0
    2021-06-14-15-39-50-474 : 0x0F44 : Information : fsd::FSDBaseUI::OnUpdateJobInfo(783) : LPARAM - 0
    2021-06-14-15-40-11-598 : 0x261C : Error : Unable to connect https://us.spoc.securitycloud.symantec.com/status, hr 0x80072EE2
    2021-06-14-15-40-32-660 : 0x261C : Error : Unable to connect https://us.spoc.securitycloud.symantec.com/status, hr 0x80072EE2
    2021-06-14-15-40-53-706 : 0x261C : Error : Unable to connect https://us.spoc.securitycloud.symantec.com/status, hr 0x80072EE2
    2021-06-14-15-40-53-706 : 0x261C : Information : fsd::FSDJobEngine::OnJobEvent(1106) : Sending jobEvent 12
    2021-06-14-15-40-53-706 : 0x261C : Information : fsd::FSDJob::run(1017) : jobState==eFinished
    2021-06-14-15-40-53-706 : 0x0F44 : Information : request to show/hide main window
    2021-06-14-15-40-53-706 : 0x261C : Error : fsd::FSDJobEngine::OnJobEvent(748) : Handling eJobFinish failure, engine state=2 job failed with hrJob=0x80047ECD
    2021-06-14-15-40-53-706 : 0x0F44 : Information : send message to display window
    2021-06-14-15-40-53-706 : 0x261C : Information : fsd::FSDJobEngine::OnJobEvent(1106) : Sending jobEvent 1
    2021-06-14-15-40-53-706 : 0x0F44 : Information : fsd::FSDBaseUI::OnUpdateJobInfo(783) : LPARAM - 12
    2021-06-14-15-40-53-706 : 0x0F44 : Information : DING::CFilePackerEx::CArchiveInfo::Deserialize_legacy(631) : Segment header FSDManifest.js Deserialized
    2021-06-14-15-40-53-706 : 0x0F44 : Information : 64-bit package selected to install
    2021-06-14-15-40-53-706 : 0x0F44 : Information : Proxy host or port or both are empty in manifest. Use browser settings.
    2021-06-14-15-40-53-706 : 0x0F44 : Information : Getting settings from IE
    2021-06-14-15-40-53-706 : 0x0F44 : Information : Proxy per Machine is not configured
    2021-06-14-15-40-53-706 : 0x0F44 : Information : No manual proxy settings found
    2021-06-14-15-40-53-706 : 0x0F44 : Information : fsd::FSDProxySettings::determineBrowserProxySettings(112) : Using Proxy setting, autodetect is set
    2021-06-14-15-40-53-706 : 0x0F44 : Information : Status reporting switched off. No Reporting URL specified in manifest
    2021-06-14-15-40-53-706 : 0x0F44 : Information : fsd::FSDBaseUI::showFsdDialog(1210) : Display FSD dialog with id 18
    2021-06-14-15-40-53-706 : 0x0F44 : Information : fsd::FSDBaseUI::showFsdDialog(1224) : FSD executed in silent mode or do not have access to desktop, suppress any dialogs
    2021-06-14-15-40-53-706 : 0x0F44 : Information : fsd::FSDBaseUI::stopJobAndDisableStartAfterReboot(661) : Force job to exit with 500ms timeout
    Original Message


  • 7.  RE: Installation problem by GPO and dashboard

    Posted Feb 16, 2022 05:28 AM
    Hi Mauricio, did you resolve this issue? 
    We noticed same behavior on 14.3ru4, tottaly ignored proxy settings on enpdoint when deploying SES agent using console/gpo.
    Original Message


  • 8.  RE: Installation problem by GPO and dashboard

    Posted Feb 16, 2022 06:23 AM
    Hi, support was unable to help resolve the issue. which releases the symantec/broadcom domain in the firewall.
    Original Message