Hi,

SEP client are updated virus defination ?

You could use the rapid release definitions.

http://www.symantec.com/security_response/definitions/download/detail.jsp?gid=rr

yes all Clients effected have current virus def dec-18-2012-r20

HI,

How many system having Problem ?

Please Provide error SNAP shot ?

What happens when you try Running a Repair of this SEP client from Add / Remove Programs

6 total systems having 'issues' with showing old signatures.  4 of them are on 12.1.1 and the 2 new ones that are showing "not available" are on 12.1.2015+

I ran LU yesterday and today on all the machines.

I have done a repair, no change to the problem.

HI

Try this,

How to clear out definitions for a Symantec Endpoint Protection 12.1 client manually

are the other module of SEP updated?

are these machines communicating with SEPM?

did you run symhelp tool? it will give you information if virus definition is corrupted.

Im currently completeing the manual clearing of definitions and its gathering the new defs via LU right now.

All other modules of SEP were fine, besides the Intrusion Prevention Signatures on the machines listed in the above post.

All machines are indeed communicating with SEPM

have not yet run symhelp.  Finishing this step 1st.

cleared all old defs, ran LU, everything updated.  Manager console still showing "not available" under Intrusion Protection signatures.

where specifically can I see the folder for those signatures?

nope. one of these machines (win7) worked fine on 12.0, it failed after 12.1 and now also on 12.1.2

checked c:\programdata\syamtec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\ipsdefs on this machine just now and it shows a 20121218.011 folder that was created 12/19 that it just got from LU.  SEP Manager still shows "not available" for this machine IPS

the other machine is a fresh install win8.

Cosmetic maybe, but the big red X showing daily on the console is sure making my boss look at me sideways.

Hello,

Could you delete the client enteries from the groups and let the clients re-register them in the SEPM.

OR

1. Ensure both IPS and Advanced Download Protection are uninstalled from the client to stop sending data on IPS definitions.
2. Force the client to generate a new hardware ID using the RepairClonedImage tool: http://www.symantec.com/docs/TECH163349
3. Delete the old client entry once the new entry appears.

Hope that helps!!

yup

Mithun.

I have deleted the client entry from the console and let it re-register twice now. no change. Again, the other PC is a brand new win8 machine with a fresh install exibiting the same behavior.  The :"not available" is a direct product of 12.1.2015 it seems.  The other issues with the 12.1 machines not showing (but being) updated is its own issue.

I do not follow on the "or" section #1.  not sure how to do that.  No need for #2, as I do not image our machines here, they are all standalone installs.

Anyone else??

clients are set to take the updates from Manager or from Liveupdate?

in the home tab, if you click on more details option ( top right) whats the level set for IPS defs failures?

Clients get info from Live Update

no such "more details" in the upper riht of the home tab screen on SEP SBE

the version on the server is still 12.0.1001.95 if that makes a difference.

well, 12.0 manager worked with the other 12.1 clients....and I havent read anything that said it wouldnt.  But ill go ahead and get around to upgrading the mgr then. Thanks