Proxy error messages appear in the Endpoint Protection Manager Cloud tab > Troubleshooting
Last Updated February 14, 2019
Error messages in Symantec Endpoint Protection Manager (SEPM) 14.0.1 under Cloud > Troubleshooting suggest that the communication with the cloud portal through the Bridge is failing. Your system traffic routes through a proxy or other network traffic filtering device. You add the addresses that the proxy or network traffic filtering device rejects, but this communication still fails.
Similarly, if your system traffic routes through a proxy and you try to download the client installation package for Symantec Endpoint Protection 15 in the cloud portal, the download fails.
Communication for the Bridge's components pass through a single fully qualified domain name (FQDN). You must configure the System account to bypass the proxy for it.
You may also be using an unsupported proxy configuration.
For Symantec Endpoint Protection 15, your computer is behind a proxy that does not allow the necessary URLs to complete the download.
Update the proxy settings for the System account to bypass the correct fully qualified domain name for use with the cloud portal.
From within the PsTools folder, run the following command to launch Internet Explorer with the System account: psexec -i -s "%ProgramFiles(x86)%\Internet Explorer\iexplore.exe" Note: The command uses default values for the location of Internet Explorer.
Click Tools > Internet Options > Connections > LAN settings.
Under Proxy Server, next to your configured proxy information, click Advanced.
In Proxy Settings, under Exceptions, enter the following values:
Symantec hosts within AWS for cloud products, thus this FQDN must be allowed.
This is the Symantec Cloud API gateway for agents to upload events to our cloud server. If this is blocked, clients will be unable to upload events or download policies.
This is for cloud file storage. If this address is blocked, the client will be unable to upload files.
Change directory to the system root, e.g. C:\Windows\SysWOW64.
Enter the following: netsh winhttp set proxy proxy_server_ip:proxy_port bypass-list="aws.amazon.com;usea1.r3.securitycloud.symantec.com;*.s3.amazonaws.com" Where proxy_server_ip is the proxy’s IP address, and proxy_port is the proxy port number. The bypass list addresses are separated by semicolons. For Symantec Endpoint Protection 15, extend the bypass list with values provided under the Symantec Endpoint Protection 15 list.
Supported proxy configurations
The following proxy configurations are supported for the Symantec Endpoint Protection Manager Bridge:
WinHTTP and WinINet, without authentication
WinHTTP and WinINet, with digest authentication
The following is not supported:
Basic, NLTM, or Kerberos authentication for WinHTTP and WinINet