Endpoint Protection

Every day I receive an emailed Administrator Daily Summary Report from Symantec Endpoint Protection Manager.  And everyday the section on Virus Definition Distribution says there are more PCs out of date than there really are.  It will say there are 4 PCs out of date by 7 days, but will only list 1 PC.  (see attachment)  The same report is also in the program when I open it.  Why is this?  Thanks in advance!

What is SEPM version ?

Have you check manualy Out of date System ?

SEPM version is 12.1.1000.157

I'm not sure what you mean by the second question though.

Thanks!

Remove...

Edit...

Are you having unmanged client ?

are you using image OS ?

No, we don't use imaged OSs, and to my knowledge there should not be any unmanaged clients.

have you any SEP 11 Client ?

Please check Manually in sepm Console how many system are out of 7 days ?

I am new to the position and to SEPM and I don't know how to find out if there are any SEP 11 Clients or how to manually check which systems are out of date.  Sorry.

How many system difference daily reports?

Currently Report saying 3 systems different.

Correct, there is a "4" noted there but only 1 is listed.  It seems like there is a discrepancy every day.

Yes rest of three system are yet not reporting your sepm console.

So it's SEPM server showing out of date.

please check manually in sep console how many system are not update in 7 days?

do you have access SEPM console ?

OK, I figured out how to check manually the Virus Definitions Distribution in the SEPM console.  It appears that only 1 is out of date for the past 7 days.  So should I not worry about the discrepancy in the numbers that are being reported in the daily emailed report? 

Yes, you can export all SEP Client and Sorting by defination Date.

How to Export SEP client

https://www-secure.symantec.com/connect/forums/how-print-out-all-sep-client

Hi,

It was an upgrade or a fresh install?

I would like to suggest to check with the latest version i.e SEP 12.1 RU1 MP1 (12.1.1101.401)

Hi,

As per your converstation, i would suggest you that you can create the daily notification for the same.

It help you to find the old defintion systems with hostanme/ip address.

Steps are below

Open and login to the SEPM
 
Click Monitors

Click Notifications

Click Notification Conditions
 
Click Add
 
Select "Virus definitions out-of-date"

Enter the notification name(eg- old defintion)

Select condition (eg- 3 computers with virus definitions older than 2 and so on days )

Add your email id here.

Then Ok.

Hi,

Have you looked at upgrading the OS?
Update your OS and also take a look at the system clock maa look at the clock in bios
After upgrading the system to update your solution and run a scan in safe mode
Then check reports

hugs

I did not get a "Search Clients pop-up" as stated in the instructions.

This was installed a while back before I worked here.  SEPM version is 12.1.1000.157

Sorry, I can't quite understand your instructions.  Particularly this part:  "Select condition (eg- 3 computers with virus definitions older than 2 and so on days)"

HI,

Are you login SEPM console on admin account ?

There is an easy way to copy sep client

you can open the required group to export its clients and select all clients "Ctrl+A" and then copy "Ctrl+C" then past it in Notepad or Excel.

Unfortunately upgrading the OS is not something we can do right now.  

What is "system clock maa?"

That didn't work for me.  Thanks though.

Hi,

Sometimes the system clock also changes its forms.

How do I know if that has happened?  Thanks!

If your operating system is windows?
If you let me know and I will continue to help you

hugs

Yes, it is Windows.

Hi,

Try the following steps:

Delete daily summary report, before deleting check the settings.

Repair SEPM through add/remove programs.

Again create same daily summary reports & check.

A weekly summary report is showing correct information?

What's the size of sem5.db? It will be under C: or installed drive \Program Files or (x86)\Symantec\Symantec Endpoint Protection Manager\db

Hi Chetan, 

Thanks for the info.  I delete the report and re-created it, repaired SEPM, and the new report shows the same thing.  I couldn't find sem5.db.

Hi,

Try following steps:

1) SEPM --> Admin --> Servers --> Local Site --> Edit Site properties --> Chnage management server log settings expires after 1 day.

Note: It will wipe out entire database entries, you have a limited number of clients so I think you can go ahead with this setting.

Wait for a one day

2) On day 2, Stop the Symantec Endpoint Protection Manager Service

Go to C:or Installed drive \Program Files or (x86)\Symantec\Symantec Endpoint Protection Manager\Tools

Run updatedbtime.bat

3) Go to Admin --> Servers --> localhost --> Select Rebuild indexs now & Truncate transactions log now

4) Monitor new report.

I don't get the option for log settings.  Attached is what I get:

Hi,

My apologies, screenshot were taken from SEP version 11.

In SEP version 12.1 it's under localhost properties.

SEPM --> Servers --> Local host ---> Edit database properties.

The screenshot is attached to the reference.

I did this:

2) On day 2, Stop the Symantec Endpoint Protection Manager Service

Go to C:or Installed drive \Program Files or (x86)\Symantec\Symantec Endpoint Protection Manager\Tools

Run updatedbtime.bat

And got this error:  (see attachment)

Hi,

Check symantec Database services are running or not ?

Hi,

Go to services.msc, check Symanec Endpoint Protection Manager and Symantec Embedded database services are running or not?

They are both running (but I had stopped SEPM earlier as directed in the instructions).

Hi,

If possible reboot the server & try to run updatedbtime.bat

If above steps didn't help, you have following choices left.

1) Upgrade to the latest SEP version i.e SEP 12.1 RU1 MP1

2)  Log a web case with Support.

How to create a new case in MySupport

http://www.symantec.com/docs/TECH58873

How to Create and Validate a SymAccount for using Symantec's MySupport

http://www.symantec.com/docs/HOWTO31127

3)  SEP next release SEP 12.1 RU2 is on road map, you can test with beta version

https://symbeta.symantec.com/login.html

Rebooting didn't help.  :(

How do I know what version I have and how do I upgrade?

(BTW, the link above for creating a new case provides outdated information.  I can figure it out, just FYI)

Thanks again!

Hi,

To check current version, login to the SEPM console. On the right hand top corner you will see Help option, Select that  & click on about.

It will tell you the SEPM version details.

Check till date SEP releases: http://bit.ly/m0vOJp

Let me know SEPM version I will tell you the possible upgrade path.

Hi Chetan,

Thanks for the info.  I have version 12.1.1000.157

BTW, I tried several times to create a case via Symantec's website.  I keep getting this error (attached).  This has happened to me before which is why I never use the website.

Hi,

SEPM version 12.1.1000.157 i.e SEP 12.1 RU1.

The latest version is 12.1.1101.401 i.e. SEP 12.1 RU1 MP1

You can directly upgrade from SEP 12.1 RU1 to SEP 12.1 RU1 MP1.

You need to download setup files from https://fileconnect.symantec.com, you would require a serial number which starts with 'M'. Eg. M1122334455

If facing problem to log a web-case then Please contact Symantec Technical Support via the support phone numbers listed below

Regional Support Telephone Numbers:
United States: https://support.broadcom.com (407-357-7600 from outside the United States)
Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
United Kingdom: +44 (0) 870 606 6000
Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp   India: Toll-Free 000 800 4401 456                                                                                            

IDD call: +61 2 8220 7111

Contact Symantec Customer Care on 

http://www.symantec.com/support/assistance_care.jsp

Which of these do I download?  Thanks!

Hi,

Download Symantec_Endpoint _Proection_12.1.1_MP1_SEPM_EN.exe.

After download extract it & run setup.exe, it will start the SEPM upgrade.

Prior to upgrade always take a database backup.

Hello,

Check this Article:

Understanding the Downloads of Symantec Endpoint Protection (SEP) 12.1 available on Symantec FileConnect website.

In your case, you would have to download the Symantec_Endpoint_Protection_12.1.1_MP1_Part1_Installation_EN

which includes all the Installation of

SEPM 12.1RU1 MP1 , SEP 12.1 RU1 MP1 (32 bit) , SEP 12.1 RU1 MP1 (64 bit), SEP MAC 12.1 RU1 MP1

Hope that helps!!

I am not able to extract any SEPM files that I download.

This is as far as I get and it hangs up (see below).  Do you know what I am doing wrong?

Hi, good afternoon, how are you?

 Make an easier way to remove the PCs on the network each you upgrade the operating system and version of your security solution separately in each
 Do it one by one and then put in the network again

 will work

 hugs

OK sorry, not quite sure I understand, could you rephrase?  Or write it in Portuguese or Spanish - Entendo  :)

Oi,

Que bom que você entende o português !! (risos)

Vamos lá, eu quis dizer que poderi fazer o seguinte;

Retirar as máquinas da rede e atualizar uma a uma fora da rede, atualizando o sistema operacional e a solução de segurança utilizada por você.
O problema pode estar na conformidade e é de se imaginar que como as nossas soluções procuram conformidade, uma delas não entrando a outra recusa.
Então, poderíamos tentar reaver isso pelo modo de separar as máquinas, atualizar sistema operacional e solução de segurança e retornar as mesmas para rede e aí sim atualizar todas juntas.
Já tentou isso ?

Grande abraço

oi,

Se você tiver baixado apenas arquivos de instalação do SEPM de FileConnect como eu havia dirigido, então, provavelmente, não vai ser um arquivo zip.

Nesse caso, não há necessidade de extraí-lo, ir diretamente para a pasta de download.

Execute o setup.exe e atualização será iniciado.

Muito obrigada Chetan e Fabiano!  :)  

Tudo esta funcionando agora!!

Well, the upgrade seemed to keep the Virus Definition Distribution report straight for a couple of days, but now my problem is back again.  There is a 2 listed but only one computer reported.

Hi,

I would suggest you to test with SEP 12.1 RU2 beta version.

Let me know if you faced the same issue.

https://symbeta.symantec.com/login.html

HI,

I Think this is something bug.

You can try test with beta version

or you can will be be wait for release date. 

I logged in to get the Beta version but this is all I see.  Where do I go?  Thanks!

Hi,

Go to beta agreement, accept the agreement.

You have to download SEPM beta setup.

There is no way to accept the beta agreement.  It just lists the agreement, that's all.  :(

Wondering if BETA testing is closed...

Hi,

Go to the Home tab, select download beta build

Screenshot is attached to the reference.

Now select Download SEP 12.1.2 SEPM beta build.

Yes, maybe it is closed.  I don't have those options (see below):

Hi,

It's not closed.

Beta2 is now open for testing.

Just got the email about Beta2 being available.

Oh well, I can't access it.  Guess I'm forever doomed.....at least during Beta.....

You've registered and created an account?

Yes

Okey dokey, Beta is installed and everything seems to be fine so far - Virus Distribution Definitions have been correct for the past couple of days.  Thanks for everyone's help!  :)

I am still receiving a Virus Definition Distribution report that has (2) listed but only shows one PC.  Any more ideas?

Hmm... I  think this is SEPM bug....

Hi,

Are you using OS image while deploying SEP?

Check this article

http://www.symantec.com/business/support/index?page=content&id=TECH163349

Actually no, we don't do imaging here, it's a small agency.

Hi,

It's not working after an upgrade to SEP 12.1 RU1 MP1 nor with SEP 12.1 RU2 beta version.

I hope SPEM and SEP clients both are on the same version.

With reference to this thread it seems that you have less number of clients in the network.

Is it possible to recreate the new database? Replace Sylink.xml to restore clients communication?

If not possible we will try to follow some other troubleshooting steps.

I have never recreated the database so I'm not sure if I can do it or not.  Any links to directions for this?  Thanks!

How do I tell what SEP version the client is using?

Hi,

After logon to the SEPM console, click on help tab & select about option.

Screenshot is attached to the reference.

For SEP clients, GO to Computers tab & select client status view.

Database reinstall is nothing but SEPM reinstall.

You will have to uninstall SEPM through add/remove programs and do a fresh install :)

SEPM 12.1 Fresh install with Embedded database - graphical overview

http://bit.ly/KUWxaS

Is there any update on this?

Same errors as before.  I give up  ;)

Hi,

You should call now support to find out root cause of an issue.

Please contact Symantec Technical Support via the support phone numbers listed below

Regional Support Telephone Numbers:
United States: https://support.broadcom.com (407-357-7600 from outside the United States)
Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
United Kingdom: +44 (0) 870 606 6000
Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp                                                                                                         

Contact Symantec Customer Care on 

http://www.symantec.com/support/assistance_care.jsp

Hi,

I haven't give up

According to the fix notes of latest SEP version i.e. SEP 12.1 RU2, issue is resolved in this release.

Well I am running SEP 12.1 RU2 and the administrator daily summary report still has frequent errors in the virus definitions section. It seems to have more errors on "< 24 hours" and " > 1 day". For instance the report I generated from the management console a few moments ago says there are 222 that are > 1 day old, but when I expand the list there are 763. This is only one example. Is anyone else having issues with the Administrator Daily Summary report on 12.1 RU2?