Endpoint Protection

Dear All,

Recently we have started using SEPM 12.1 in our environment. During testing i found that when we boot a machine in Safe Mode then all services of Syamntec are Disabled !!! Is this supposed to be like this?

Earlier i had used McAfee and at least the Anti Virus service remains active even in safe mode...

Firewall getting disabled in safe mode is understandable but why even AV?

yes,the services are disabled in safe mode.

Dear Harsh,

In safe mode all the services of sep are disabled...but if you want to scan in safe mode you can run the sep manualy from START--> All programs, it will ask to start the services but choose NO....SEP console will open after choosing NO and then you can run a full scan from console.......

Dear Pawan,

Thanks for the reply however the behaviour of SEP is different in my case.

[1] In safe mode - from all programs menu if i try to start SEP -

"SEP cannot be started, make sure required services are runnng"

[2] From services.msc if i try to start SEP services -

"Error 1084: This service cannot be started in safe mode"

[3] If i try to right click a file and - scan for threats -

"SEP cannot perform a right click scan. Make sure SEP service is started."

I think Symantec forgot to keep security in safe mode. If an attacker wants to steal data this would be a good option. Nothing scans so nothing logged in turn nothing reported.... :(

I would be really glad if someone from this forum can suggest a solution or a workaround at least.

Anyone from Symantec side.....???

Harsh....

Is your sep working fine in normal mode?

Yes Pawan, it works fine in normal mode.

you can open SEP in "safe mode with networking" mode

We are also facing same issue in our environment, i cann't protect our data & file in safe mode. but you can disabling/enable safemode option by entering below command.

For Disable: bcdedit.exe /set {bootmgr} displaybootmenu no

For Enable: bcdedit.exe /set {bootmgr} displaybootmenu yes

Regards, Chandan

Hi Harsh,

I tested in lab that sep 12.1 work in safe mode with networking....

Run the machine in safe mode with networking it will work....

harsh,

(I think Symantec forgot to keep security in safe mode. If an attacker wants to steal data this would be a good option. Nothing scans so nothing logged in turn nothing reported.... :(

I would be really glad if someone from this forum can suggest a solution or a workaround at least.)

Your this question also will be solved when you start machine in safe mode with networking....coz sep work in safe mode with networking...

And we do not have attacker tension in sfe mode without networking...coz no one can attack on ur machine without networking....

Hello,

The dependent service of Symantec Endpoint Protection is Symantec Management Client.

Now, since Symantec Management Client service remains disabled, the SEP service would not start as well.

However, You can surely scan in Safe mode.

You may face a difficulties when booted into Safe Mode and launching the Symantec Endpoint Protection client to perform a scan an error dialog with the following text: