Endpoint Protection

hi all

ive started receiving file reputation lookup alerts for a couple of servers. when it first started it was only for 1 server now another has popped up.

i found the following forum post about this and followed the suggestions but i wasnt able to resolve the issue and its still happening

 

https://www-secure.symantec.com/connect/forums/reputation-check-unproven-files-failed-because-network-errors-last-3-days

 

our product version is 12.1.5337.5000 

 

 

does anybody know how to resolve this?

It means the client couldn't connect to the reputation service. Usually this corrects itself. Do these servers have internet access?

yes both servers have access to the internet

there have been no changes in our network otherwise all the servers would be reporting issues :/

 

 

This is usually a one time issue and it may conmnect next time around, has it been constant for these servers?

its been happening to one of the servers for a while now..

 

the 2nd server has only popped up in the last few days

 

 

Could you share the alert message details/screenshot?

hi

sorry for the late reply i missed the email notification

here is the notification we get emailed.. let me know if you need anything else

 

 

 

 

Hello,

This happens when the SEP client file reputation check operation is timing out as the external firewall blocks access to https://ent-shasta-rrs.symantec.com/mrclean

Try the following steps:

Note: Though these settings are not recommended I would suggest to try them to find out possible root cause.

On the Symantec Endpoint Protection Manager (SEPM):

1) Go to Policies > Virus and spyware protection > right click and edit the policy > Under Windows settings > protection technology > Download protection

2) Uncheck "Enable download insight to detect potential risk in downloaded files based on file reputation"

& Monitor subsequent alerts.

Is there any update?

OR

If query has been resolved mark this thread as a 'Solved' with the best answer that helps you.

SEP 12.1 RU6 has been released & has a bug related to File repuation alert, check if it's applicable in your case or not however I would suggest you to upgrade to SEP 12 1 RU6.

File Reputation Lookup Alerts send malformed emails when triggered

Fix ID: 3713171

Symptom: File Reputation Lookup Alert notifications created after the install of Symantec Endpoint Protection Manager 12.1 RU5 sends incomplete emails when triggered and does not include details about why this email was sent.

Solution: File Reputation Lookup Alert notifications are now created correctly and generate the expected email report.

Reference: New fixes in Symantec Endpoint Protection 12.1.6

https://support.symantec.com/en_US/article.TECH230558.html

Upgrading or migrating to Symantec Endpoint Protection 12.1.6 (RU6)

http://www.symantec.com/docs/TECH230601

Dear Chetan,

 

I am running version 12.1.6168.6000 but I am receiving the same prompts from time to time as well but not always from servers but also from the client computers. They all have internet connection and much like the starter of the thread not much else has changed across the network configuration wise.

Also it used to be one server and now as you can see in the screen shot another server and two client machines have also joined up.

My question about the address you provided above is which port number and what protocol should also be allowed through the firewall to make sure of the proper functionality?

Thanks

 

 

Under exceptions can place the URL directly, port & protocol information isn't available as per my knowledge.

I took th is advice and changed the policy setting but I'm still getting the alerts.  I don't understand what the problem is and how to make them stop or how to correct them.

 

Dan

Hi all,

   We also getting same mail notification

     """"                

Sent: Tuesday, December 22, 2015 9:17 AM
To: IT Admins
Subject: FILE REPUTATION LOOKUP ALERT

 

Message from:
    Server name: IFSHOAVG01
    Server IP: 192.168.28.60
    Administrator Email: *********************
    Company Name: IFS
    
6 computer reported file reputation lookup issues.  """

 

Can any tell me the solution.

I am also experiencing this issue.  I am running 12.1.6 MP3 (12.1.6608.6300) - Has there been a solution?

I join the group having the same problem. Also I am running 12.1.6 MP3 (12.1.6608.6300). Help me, please

If you check the system log on an affected client do you see an error in regards to failed submissions?

The clients if they have connections to the network and have all the updates, how all other clients.

I checked the system logs on some affected machines (I have 8 machines that routinely say this):

https://goo.gl/HPa01l

I have verified that I can access the Insight, update, and licensing servers from the affected machines as per:

https://support.symantec.com/en_US/article.TECH162286.html

and

https://www-secure.symantec.com/connect/forums/computer-reported-file-reputation-lookup-issues

Is this a bug? Is there anything else I should be trying to fix this issue?

For whatever reason it looks like our SEP client is having an issue getting out.

Hi guys I was reported a similar issue by one of my clients . They are also running the latest version of SEP that is 12.1.6 MP3 . I just want to know if this is a known issue or bug in SEP 12.1.6 MP3 . Can Symantec confirm this if it is a known issue in this version ?

 

Thanks

HI

 

Same exact problem just popped up on one client. 12.1.6318.6100.

Nothing has changed on the client or nerwork.

Hi,

 

I am also experiencing same issue - running - 12.1.6318.6100.105 please help me.

How to find out which devices are affected by this alert?

Message from:
    Server name: XXXXXXX
    Server IP: XXX.XXX.XXX.XXX
    Administrator Email: XXXXXXX
    Company Name: XXXXXXXX
    
20 computer reported file reputation lookup issues. 

 

Please advise for understanding that this is a genuine alert and not a bug that requires a fix straight away right?

Thanks.

Same issue cropping up for me version 12.1.6 (12.1 RU6 MP3) 6608

Would be nice to know whats going on. Can someone update us please.

dear chetan

i have the same issue for a file reputation lookup alert ok. so you told to uncheck the following in above the comment. my qustion is if i uncheck the "Enable dowload insight to detect potential risk in downloaded file based on file reputation"  can i face any hard issue the server cant send the notification when virus is attacked on my system?

i need to know the above instrution is good for us or not?

and the following instrution is very good to avoid the solution but i need exact answer mr.chetan