Endpoint Security Complete

Hi Team,

We are encountering following error while trying to connect to Live Shell from SES.

Below prerequisite are set, 

- Logged in as Super Administrator in SES
- Live Shell functionality is turned on in the EDR Policy
- PowerShell is available  on Client machine
- Tried Logging with Windows credentials of the device as well as AD domain credential
- URLs are whitelisted



Kindly advise.

BR,
AK

Hi AK,

I'm also a customer of SES complete, and would like to know where you found the prerequisite documentation for Live shell. The documentation I found for SES complete does not speak about URL's that need to be whitelisted for Live Shell, or is that part of the initial setup of SES and just wanted to mention it? I believe also, you need to be either, domain admin, or local admin on the device to be able to have a live shell (PowerShell Remote) to the device.

I would like more information from Broadcom regarding live shell capabilities, as I haven't been successful in using it either.

Thank you,




Original Message:
Sent: Jun 23, 2022 04:46 AM
From: Archana Kini
Subject: SES Live Shell connect issue - Unable to authenticate user credential

Hi Team,

We are encountering following error while trying to connect to Live Shell from SES.

Below prerequisite are set,

- Logged in as Super Administrator in SES
- Live Shell functionality is turned on in the EDR Policy
- PowerShell is available  on Client machine
- Tried Logging with Windows credentials of the device as well as AD domain credential
- URLs are whitelisted

https://ws.securitycloud.symantec.com

https://bds.securitycloud.symantec.com

Kindly advise.

BR,
AK

Hi Samim,

For more information from Broadcom regarding live shell capabilities and configuration prerequisite, please find below Broadcom technical documents easy reference,

https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-security/sescloud/Endpoint-Detection-and-Response/EDR-Actions/Live-Shell-Connect-for-Windows.html

https://knowledge.broadcom.com/external/article/234037/unable-to-run-smc-command-in-live-shell.html

https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-security/sescloud/Troubleshooting/urls-to-whitelist-for-v129099891-d4155e9710.html

Hope it helps.

Best Regards,
AK
Original Message:
Sent: Jun 24, 2022 09:15 AM
From: Samim Baray
Subject: SES Live Shell connect issue - Unable to authenticate user credential

Hi AK,

I'm also a customer of SES complete, and would like to know where you found the prerequisite documentation for Live shell. The documentation I found for SES complete does not speak about URL's that need to be whitelisted for Live Shell, or is that part of the initial setup of SES and just wanted to mention it? I believe also, you need to be either, domain admin, or local admin on the device to be able to have a live shell (PowerShell Remote) to the device.

I would like more information from Broadcom regarding live shell capabilities, as I haven't been successful in using it either.

Thank you,




Original Message:
Sent: Jun 23, 2022 04:46 AM
From: Archana Kini
Subject: SES Live Shell connect issue - Unable to authenticate user credential

Hi Team,

We are encountering following error while trying to connect to Live Shell from SES.

Below prerequisite are set,

- Logged in as Super Administrator in SES
- Live Shell functionality is turned on in the EDR Policy
- PowerShell is available  on Client machine
- Tried Logging with Windows credentials of the device as well as AD domain credential
- URLs are whitelisted

https://ws.securitycloud.symantec.com

https://bds.securitycloud.symantec.com

Kindly advise.

BR,
AK

Thanks AK,

Did anyone from broadcom/symantec support fix your issue or respond to your issue? I've already also setup my environment for Live Shell, using the above documentation but it seems like the specific service WINRM needs to be enabled and configured on the client OS, just looking at the PowerShell Remote capabilities on Windows OS itself, no live shell connections can be made unless this service is listening and configured on the client, but further clarification is required from Broadcom, If I get any additional info, I'll post here.

Samim
Original Message:
Sent: Jun 28, 2022 02:15 AM
From: Archana Kini
Subject: SES Live Shell connect issue - Unable to authenticate user credential

Hi Samim,

For more information from Broadcom regarding live shell capabilities and configuration prerequisite, please find below Broadcom technical documents easy reference,

https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-security/sescloud/Endpoint-Detection-and-Response/EDR-Actions/Live-Shell-Connect-for-Windows.html

https://knowledge.broadcom.com/external/article/234037/unable-to-run-smc-command-in-live-shell.html

https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-security/sescloud/Troubleshooting/urls-to-whitelist-for-v129099891-d4155e9710.html

Hope it helps.

Best Regards,
AK
Original Message:
Sent: Jun 24, 2022 09:15 AM
From: Samim Baray
Subject: SES Live Shell connect issue - Unable to authenticate user credential

Hi AK,

I'm also a customer of SES complete, and would like to know where you found the prerequisite documentation for Live shell. The documentation I found for SES complete does not speak about URL's that need to be whitelisted for Live Shell, or is that part of the initial setup of SES and just wanted to mention it? I believe also, you need to be either, domain admin, or local admin on the device to be able to have a live shell (PowerShell Remote) to the device.

I would like more information from Broadcom regarding live shell capabilities, as I haven't been successful in using it either.

Thank you,




Original Message:
Sent: Jun 23, 2022 04:46 AM
From: Archana Kini
Subject: SES Live Shell connect issue - Unable to authenticate user credential

Hi Team,

We are encountering following error while trying to connect to Live Shell from SES.

Below prerequisite are set,

- Logged in as Super Administrator in SES
- Live Shell functionality is turned on in the EDR Policy
- PowerShell is available  on Client machine
- Tried Logging with Windows credentials of the device as well as AD domain credential
- URLs are whitelisted

https://ws.securitycloud.symantec.com

https://bds.securitycloud.symantec.com

Kindly advise.

BR,
AK