Endpoint Protection

Hi,

We have a server with SEP 11 installed and about 30 clients are managed by that server.

Clients are Windows 7.

My problem is some of the clients are not getting updated with the latest definition files.

In SAV 10 we have the procedure to update out of update clients by copying GRC.DAT file to c:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5 and then restarting the Symantec service.

Like the above is there any similar procedure to update the out of the update clients.

Can some one help me please?

Thanks,

Rajesh

What is the exact problem you are facing only clients not receiving updates?In one of the client go to Help and support--->troubleshooting and see whether you are able to see the server Name/IP address and group ?

The clients that are not updating, are they commuincating with the SEPM?

Please check the commuincation first. If you find that the clients are not commuincating with the SEPM , then please replac the sylink.xml on the clients , this will restore the commuincation.

Hello, this article from sandip sali;

Symantec Endpoint Protection: Troubleshooting Client/Server

Hi ,

I am able to see the server name from the clients.

What exactly is only 3 clients are out of update with respect to virus definition files.

All other clients are updated fine.

Thanks,

Rajesh

If these three clients are communicating the server (Showing IP and Group) still not updating(Assuming that all other clients in the same subnet/group is receiving updates), the virus defs may got corrupted

How to clear out corrupted definitions for a Symantec Endpoint Protection Client

Making Windows Firewall off and tried to Update content, or delete the old definition file and tried to update once again

I followed the procedure in the following link

How to clear out corrupted definitions for a Symantec Endpoint Protection Client

Now when SEP client is saying File system Auto protect is malfunctioning.

And when i checked from SEPM the client status is Auto protect is not running.

Thanks,

Rajesh

Go to services.msc

stop all the symantec services

open task manager

kill smc.exe 

smcgui.exe

restart all the services again

should fix the issue.

Update the client using Intelligent updater once .You can download it from here .After downloading the first file in the link double click on it and wait for some time.In the confirmation window click on yes and wait for 2-3 min....

Hi Aravind,

After installing the Intelligent updater the Virus files are upto date but the remaining two Network Threat protection and proactive threat protection are not updated.

Can we use Intelligent updater directly instead of the procedure in this link

How to clear out corrupted definitions for a Symantec Endpoint Protection Client

Thanks,

Rajesh

yes you can;

intellilgent updater will only update AV/AS

once the corrupt defs is cleared by running intelligent updater;you can then update the policy , ntp and ptp will be updated.

Hi,

But this fixed the issue temporarily because yesterday when I did Inelligent Updater AV got updated to the 27th date and now again when i checked the client for AV definition files it is still showing 27 th date and all other clients are with definition files with 28th date.

Thanks,

Rajesh

In the affected  client go to Help and support--->troubleshooting and see whether you are able to see the server Name/IP address and group ?

yes i am able to see the server and the group to which the client belongs to.

Thanks,

Rajesh

Repair the SEP from add/remove programs (In add/remove programs select symantec endpoint protection-->change-->next-->repair-->next--->install)

hi,

We are still facing the issue.

On the clients which are not get updated we reinstalled the SEP even then also the virus definition files are not getting updated.

Everytime we can't reinstall the SEP?

Please someone help in this regard.

Thanks,

Rajesh

whats the version of your SEPM?

Hi,

SEP 11 and clinets are having OS windows 7.

Thanks,

Rajesh

What is the exact build of the SEPM and SEP clients?  Earlier builds had sporadic client communication issues, so let's eliminate that as a possible cause of the issue.  You should ideally be at least up to 11.0.6005 (RU6a), preferably 11.0.6100 (RU6 MP1).

There's also using the Support Tool on a client that's not updating for communication checks, etc.

Edited to add:  I'd also verify that the SEPM is up to date with the latest content (Admin > Servers > Local Site > Tasks, look for Show LiveUpdate Downloads, look at Revision dates for AV/AS definitions).  I have seen it happen before where some clients were updating only because they had a LiveUpdate schedule, and the fault really fell with the SEPM's failure to update.

sandra

We are having an identical issue. Only with 1 client though. Here's what I did:

I updated clients & manager to SEP 11.6 MR1 (or isit called MP1?). 

I issued the update command from the SEPM. It said it completed successfully, but definitions were not up-to-date.

I requested new definitions from the client. The system log reported "Network Threat Protection is up to date".

I verified the client could see the SEPM by using the http://servername:9090 and by going through help and support. 

I ran the support tool as well, and it reported no issues.

I tried deleting the virus definitions as outlined here: http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce.

Finally, I ran the intelligent updater, which did update the AV/AS definitions to Oct 29. However, the Network Threat Prote ction is still Sept 10, and Proactive Threat Protection is Sept 15. They both have green check marks though so maybe that is the latest definitions?

Anyway, I can try updating the AV/AS definitions later to see if it helps, but this is the second time this machine has failed to update for over 30 days.

Any clues?

The Intelligent Updater will only update AV/AS.

I'll be looking into this (sylink logging, etc) as this is continuing to occur on my own test system.

sabdra