One day, you look in the Windows Task Scheduler and see the message:

The selected task “{0}” no longer exists.  To see the current tasks click Refresh

symNG2

Well after you click OK and then click Refresh, you are still missing that task.  And Windows is really great about not informing you of what that task is.

Other articles on the Internet suggest going through the actual Tasks folder to determine where the disconnect is.  I think I have an easier solution for anyone using a Symantec security product, particularly the Symantec Endpoint Protection Small Business Edition (also known as Symantec.cloud).

Open an elevated command prompt and issue the following commands:

cd \
cd program files\symantec.cloud\antivirus
avagent –SHOW_UI

The GUI will be displayed. (Norton Internet Security users simply open the product.)  Depending on your version, the screen’s appearance may differ from the one shown below (which is from NIS 21.5.0.19)

Click on Settings, and select the General tab.

symNG3

When you click the question mark to the right of the Idle Time Optimizer, you see the web page that explains that this “feature” automatically defragments the hard drive when the user is inactive for a period of time.

symNG4

I find this too pretentious for words.  If I have set a disk defragment schedule on my computer, or any of my clients’ computers, I fully expect those schedules will be maintained and adhered to.  I certainly don’t expect my security software to come along and interfere with them.  Even worse, is the error message that ends up being displayed as a result of Symantec’s change.

So, turn off the Idle Time Optimizer.  Click OK to apply.  Close the GUI, and the command prompt.

After you turn off this setting, click the Windows Start button, type “defrag” (without the quotes) in the Search bar to launch the Windows Defragmenter.  Change any one of your existing settings to force the entry back into the Task Scheduler.   You can reset the minor change immediately, and then close the Defragmenter.

Now, go back to the Task Schedule and see that there is no error message.

There you have it, an amazingly simple solution to a vexing (and stupidly annoying) error message.

Recently, Symantec updated the Endpoint Protection component of their cloud-based Internet Security offering. The Cloud Agent is a wrapper, while the base product – Endpoint Protection – is the Norton Internet Security product. The current version, NIS-22.5.2.15 has been updated to work with Windows 10 and has been given a new user interface. However, the problem with the update is in the number of settings that were added to this version and turned on by default.

Symantec partners access their clients’ portals via the Partner Management console (https://manage.symanteccloud.com). Most of the operations of the cloud product are controlled via policies and settings that are defined in each client’s web page (https://hostedendpoint.spn.com). From there you can control how the computers and servers will be protected, how USB devices will be controlled, the kind of web protection and network protection to be offered, as well as the scanning schedule. With the exception of providing Firewall rules and Program control rules, those are the only facets of the program that can be controlled via the web.

To control other elements of the product, you have to log in to the client’s computer, open up an elevated Command Prompt, access the C:\Program Files\Symantec.cloud\Antivirus folder and issue the Avagent.exe –SHOW_UI command. And that’s where we can find the latest problem. With the 22.5.2.15 update, the sheer number of settings that have been included – all without any option to control from the web – are startling.

Within the Firewall settings is the “Network Cost Awareness” setting.

SEPx1

This new policy allows you to configure the amount of bandwidth the agent will use. There is no equivalent setting in the cloud to manage this.

There is a completely new section for Tasks Scheduling.

SEPx2

Again, none of these settings are controlled via the policies on the web.

Last are the newly enhanced Administrative Settings which contain some of the more egregious changes.

There is now a 30-day report, which is gathering statistics that the end user will never even see.

SEPx3

And there is the “special offer notification” (what you and I would call advertising), which appeared on one of my client’s computers a few weeks ago. I had opened a case with Symantec Technical Support months ago about this specific setting and I was told that it would never happen again. Someone in the development group apparently didn’t get the message.

SEPx4

I am, quite frankly, horrified that these settings are on my clients’ computers. As a Managed Services Provider, I already use a Remote Monitoring and Management (RMM) software product to take care of scheduled Windows tasks, including the removal of temporary files. I don’t expect a third-party software product – ostensibly one designed for Internet Security – to be introducing a completely new and totally ungovernable set of tasks to my client base. I certainly don’t expect the software to adversely affect the performance of an end-user’s computer without my ability to control what does, and doesn’t, occur. And I absolutely want the software to respect my clients’ right to privacy from ANY kind of advertising – especially from Norton – because I sold my clients a Symantec product!

I don’t mind that I have to explain why the statistics in my RMM’s monthly reports show a nose dive with respect to performance and file clean-up. But what I do mind is that I cannot explain why Symantec did not inform its partners that they were going to be introducing these new “features” to the product. I have done some research since these settings appeared, and I have yet to find anything mentioned other than the fact that Windows 10 will be supported and that the screens have changed in appearance. It seems that all of the other items that were added did not deserve any mention whatsoever.

This product is marketed as a Symantec business product – and for years, I have sold it as a business-class product. And while I realize that it is built on the Norton consumer base, it must be completely managed; otherwise it is next to useless. There has to be a way to control ALL of these settings from the client’s web portal. Without that ability, it will be necessary log in to each of the affected computers (as they receive this update) and manually change the settings. That is going to take time, effort, and coordination. Plus, I am going to have to keep on checking to see if anything else like this occurs in the future.

Symantec, this is simply unacceptable behavior. In an effort to improve the consumer product, you’ve thrown garbage into the workings of a business product. The only way that you can reconcile this oversight is by providing discrete controls in the client web portal. Until you do that, I cannot, as a Symantec partner, continue to advise clients to purchase this product.

The newly updated Symantec Protection Suite Small Business Edition 4.0 contains Symantec Endpoint Protection 12.1.  As part of that offering, there is a module called “Tamper Protection,” which is designed to prevent any form of malware from adversely affecting the operation of the Symantec Software.

As a managed service provider, I am using a third-party software product to monitor and maintain the health of my clients’ servers and workstations.  The software takes an inventory of a variety of things and reports back to the data center on a regular basis.  I get to view the results on my web-based portal.

Somehow, and quite unfortunately, Symantec Endpoint Protection thinks each of these activities is a threat to its existence, and the default setting for Tamper Protection is to block any offending program.  When it does, it places an entry in the Windows Event log.

Windows EventID 45

Windows EventID 45

Of course, my MSP software is designed to keep trying to get its information back to the data center – so the Event log just fills up with EventID 45 records as it struggles against Symantec Endpoint Protection.

There has to be some way of preventing this.
Read More →