Proxy error messages appear in the Endpoint Protection Manager Cloud tab > Troubleshooting

book

Article ID: 170160

calendar_today

Updated On:

Products

Endpoint Protection Endpoint Security

Issue/Introduction

Error messages in Symantec Endpoint Protection Manager (SEPM) 14.0.1 under Cloud > Troubleshooting suggest that the communication with the cloud portal through the Bridge is failing. Your system traffic routes through a proxy or other network traffic filtering device. You add the addresses that the proxy or network traffic filtering device rejects, but this communication still fails.

Similarly, if your system traffic routes through a proxy and you try to download the client installation package for Symantec Endpoint Protection 15 in the cloud portal, the download fails.

Cause

Communication for the Bridge's components pass through a single fully qualified domain name (FQDN). You must configure the System account to bypass the proxy for it.

You may also be using an unsupported proxy configuration.

For Symantec Endpoint Protection 15, your computer is behind a proxy that does not allow the necessary URLs to complete the download.

Resolution

Update the proxy settings for the System account to bypass the correct fully qualified domain name for use with the cloud portal.

To update proxy settings for the System account

  1. Download a copy of PsTools from the following page: Windows Sysinternals PsTools
  2. From within the PsTools folder, run the following command to launch Internet Explorer with the System account:
    psexec -i -s "%ProgramFiles(x86)%\Internet Explorer\iexplore.exe"
    Note: The command uses default values for the location of Internet Explorer.
  3. Click Tools > Internet Options > Connections > LAN settings.
  4. Under Proxy Server, next to your configured proxy information, click Advanced.
  5. In Proxy Settings, under Exceptions, enter the following values:
    • aws.amazon.com
      • Symantec hosts within AWS for cloud products, thus this FQDN must be allowed.
    • usea1.r3.securitycloud.symantec.com/*
      • This is the Symantec Cloud API gateway for agents to upload events to our cloud server. If this is blocked, clients will be unable to upload events or download policies.
    • *.s3.amazonaws.com
      • This is for cloud file storage. If this address is blocked, the client will be unable to upload files.
    For Symantec Endpoint Protection 15, also enter the values in the Symantec Endpoint Protection 15 list.
  6. Click OK, OK, and OK to save the changes.

If you do not want to use the Sysinternal tool:

  1. Open cmd.exe using Run as Administrator.
  2. Change directory to the system root, e.g. C:\Windows\SysWOW64.
  3. Enter the following:
    netsh winhttp set proxy proxy_server_ip:proxy_port bypass-list="aws.amazon.com;usea1.r3.securitycloud.symantec.com;*.s3.amazonaws.com"
    Where proxy_server_ip is the proxy’s IP address, and proxy_port is the proxy port number. The bypass list addresses are separated by semicolons.
    For Symantec Endpoint Protection 15, extend the bypass list with values provided under the Symantec Endpoint Protection 15 list.

Supported proxy configurations

The following proxy configurations are supported for the Symantec Endpoint Protection Manager Bridge:

  • WinHTTP and WinINet, without authentication
  • WinHTTP and WinINet, with digest authentication

The following is not supported:

  • Basic, NLTM, or Kerberos authentication for WinHTTP and WinINet

Additional URLs to whitelist

For additional URLs to whitelist for Symantec Endpoint Protection 15, including reputation and licensing servers, see: URLs to whitelist for Symantec Endpoint Protection