Endpoint Protection

 View Only
Expand all | Collapse all

Can't disable URL Reputation after upgrade to 14.3_RU7

  • 1.  Can't disable URL Reputation after upgrade to 14.3_RU7

    Posted Jun 17, 2023 04:31 PM

    Dear friends,

    I never had a problem disabling "URL Reputation" before, but after upgrading from 14.3_RU4 to 14.3_RU7 it did. No matter how I disabled "URL Reputation" - in the policy on the serv

    er or locally on the client - this setting still works. How to turn it off now?



  • 2.  RE: Can't disable URL Reputation after upgrade to 14.3_RU7

    Broadcom Employee
    Posted Jun 18, 2023 02:24 AM

    What do you see that makes you think that URL Reputation is still working despite the disabled setting?




  • 3.  RE: Can't disable URL Reputation after upgrade to 14.3_RU7

    Posted Jun 18, 2023 07:12 AM
    Edited by adroman Jun 18, 2023 07:15 AM

    There are several types of confirmation:

    1) Self-triggering in the browser.
    2) No errors in the client status, when disabled there is a notification that it is disabled with orange color.
    3) I have green dot in system tray - it is not green when it's disabled.




  • 4.  RE: Can't disable URL Reputation after upgrade to 14.3_RU7

    Broadcom Employee
    Posted Jun 18, 2023 12:10 PM

    That's odd. A quick test of my own behaves as expected. Is this reproducible, occuring on different machines? What is the full SEP version, original and upgrade? What is the version of the SEPM? Are the symptoms unique to the upgrade path you followed, i.e. does it behave this way in a fresh installation of RU7? I'd otherwise gather SymDiag WPP logging while toggling this setting off/on, and open a case with Broadcom tech support for further investigation.




  • 5.  RE: Can't disable URL Reputation after upgrade to 14.3_RU7

    Posted Sep 11, 2023 12:46 AM

    Unfortunately after reinstalling SEPM the issue still persists. It works for some time, approximately for 10 minutes and than goes back to green dot and enabled policy.




  • 6.  RE: Can't disable URL Reputation after upgrade to 14.3_RU7

    Posted Sep 12, 2023 07:19 AM
    Edited by Still LOL Sep 12, 2023 07:19 AM

    Hi,

    Why don't you Allow the SID: 60501 from Exceptions (SEPM, Intrusion Prevention Policy, Under Windows Settings) 




  • 7.  RE: Can't disable URL Reputation after upgrade to 14.3_RU7

    Posted Sep 13, 2023 01:02 PM

    I did. Unfortunately it also doesn't work. 




  • 8.  RE: Can't disable URL Reputation after upgrade to 14.3_RU7

    Posted Sep 14, 2023 04:26 AM

    Have you also tried the below as test - 

    move one of the affected user to new Test group, create and apply new non-shared intrusion prevention policy to Test Group, then allow the ID 60501.




  • 9.  RE: Can't disable URL Reputation after upgrade to 14.3_RU7

    Posted Sep 18, 2023 01:05 PM

    Thank you Sir, I tried to do as you suggested. Unfortunately it didn't help.
    I use computer mode, so I created Test group, relocated to it my computers and switched to non-shared group policy. Unfortunately no luck. It works aporoximately for 10 minutes and after some short period of time enables again.




  • 10.  RE: Can't disable URL Reputation after upgrade to 14.3_RU7

    Posted Sep 18, 2023 01:05 PM

    I also created new Test group, relocated to it my computers and switched to non-shared group policy. Unfortunately no luck. It works approximately for 10 minutes and after some short period of time enables again. It seems even that the problem is not that I can't disable URL Reputation, but that it enables back itself automatically after some short period of time.




  • 11.  RE: Can't disable URL Reputation after upgrade to 14.3_RU7

    Posted Sep 18, 2023 02:31 PM
      |   view attached

    Client logs also confirm that the policy disables URL reputation, but URL reputation enables automatically without any reason after some period of time without any reason. 




  • 12.  RE: Can't disable URL Reputation after upgrade to 14.3_RU7

    Posted Sep 19, 2023 03:34 AM
    Edited by Still LOL Sep 19, 2023 03:35 AM

    Please create symanctec support ticket, and post back the suggestion and result.

    It will be helpful to us to understand what and where exactly the trigger.