Endpoint Protection

 View Only

  • 1.  SEPM Not Displaying Correct Infomation about Client Status

    Posted Aug 25, 2010 04:08 PM

    We're in the process of converting our 30000 client environment from SAV 10 and Cisco CSA 5 to SEP 11.  As we get ready to Pilot in our Production environement we see Client with inaccurate date on Virus Def Dates, Scan Dates, etc. 

    Example: 
    Client A has Def Dated 2010-8-24 rev. 002
    SEPM shows that client with Def Dated 2010-8-14 rev. 002

    The machine has checked in multiple times today but the info in SEPM never updates.  We also have some client that give AntiVirus Status of Not Reporting Status, but the client is up to date.

    We're using version SEP 11 RU6 MP1  (this was present before upgrading to MP1)

    Any suggestions?



  • 2.  RE: SEPM Not Displaying Correct Infomation about Client Status

    Posted Aug 25, 2010 04:25 PM


    Title: 'Symantec Endpoint Protection Manager "Virus Definitions Distribution" shows incorrect date for virus definitions inspite of all clients being update-to-date'
    Document ID: 2010021702133348
    > Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2010021702133348?Open&seg=ent

    In order to resolve the issue we need to give "Everyone" FULL permission or at least READ and WRITE permission on C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox folder and Sub folders.

    Also Navigate to Symantec/Symantec Endpoint Protection Manger/data/inbox/agentinfo folder and delete .tmp files if present and the restart the SEPM service





  • 3.  RE: SEPM Not Displaying Correct Infomation about Client Status

    Posted Aug 26, 2010 08:04 AM

    The same engineer is logged on other clients and this is not an issue.  So I'm not sure of the permission issue.  Any other suggestions?



  • 4.  RE: SEPM Not Displaying Correct Infomation about Client Status

    Posted Aug 26, 2010 09:07 AM
    Stop the  sepm service.
    Go to C:/program files/Symantec/Symantec Endpoint  protection maanger/Data/Inbox/Agentinfo, and delete all its  contents......

    Start the  service.


  • 5.  RE: SEPM Not Displaying Correct Infomation about Client Status

    Posted Aug 26, 2010 09:58 AM

    No, issue follow the next step

     Navigate to Symantec/Symantec Endpoint Protection Manger/data/inbox/agentinfo folder and delete .tmp files if present and the restart the SEPM service


  • 6.  RE: SEPM Not Displaying Correct Infomation about Client Status

    Posted Aug 26, 2010 11:42 AM
    We have 3 SEPMs.  There are no files in the Agentinfo Directory.


  • 7.  RE: SEPM Not Displaying Correct Infomation about Client Status

    Posted Aug 26, 2010 01:45 PM

    It does sound like client logs are not properly being uploaded during the heartbeat cycle.  You may want to enable sylink debugging on one of the clients that's having this issue (Is it always the same clients? Do they have anything in common?):

    Title: 'How to enable Sylink Debugging for Symantec Endpoint Protection in the registry'
    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008041812561948

    sandra


  • 8.  RE: SEPM Not Displaying Correct Infomation about Client Status

    Posted Aug 27, 2010 03:48 PM
    I have seen this issue.  The SEPM console reports the client have AV's and PTP's older than 7 days but when you remote into the client it shows the correct current date for them.  From the client, you can issue an Update Policy and see that it checkes in with the SEPM because the last check-in date in the SEPM changes but the AV and PTP dates do not update.  Most of the time I can run LiveUpdate on the client and let it finish.  I then Update Content and then check the SEPM.  After the last check-in date updates, most of the time the AV and PTP's update in the SEPM as well. 

    I don't know why running LiveupDate causes the SEPM to start updating, but it does at least one time. 

    Sincerely
    Bruce Singer