Endpoint Protection

We've been a couple of weeks on 12.1.4, upgraded from SEP 11.0.6, and we have a couple hundred clients out of date.  (total of 13k)  We're running 2 SEPMs on win 2003 r2 boxes and from monitor>Logs I run a report on Computer Status filtering for clients online in the past 24 hours whose defs are more than 30 days old.  For those results that post I push content to all.  I do the same filtering on those clients online that have defs within 30 days pushing content to all those whose defs are over a week old.  By the end of the day we have maybe 10% rejection of the content and I anticipate that it will take time to see the numbers drop until all those clients check in.  However two days later the numbers are still about the same.  Am I missing something?  Has anyone had any issues with the push content feature?

are these clients suppose to take the update from SEPM or gup?

Enable Sylink log and post them in here

http://www.symantec.com/business/support/index?page=content&id=TECH104758

How are these clients getting their updates? Are they in the same group as other clients that are updating?

As mentioned, sylink debugging will give us the full picture on what's happening.

Hi,

Thank you for posting in Symantec community.

Will it be possible for you to restart those affected machines prior to send updated definitions?

It is not feasable to restart these machines which are scattered about NYC including servers.  Attached is the sylink monitor from the SEPM while pushing out content to machines online with definitions out of date by more than 30 days.  All have accept content enabled and are scattered over various groups by location, by purpose, by workstation or server.  All are set to take updates from SEPM. 

Attachment(s)

Sylink_Monitor_SDCSSAVAPPPDW01.txt   56 KB 1 version

Well the Sylink ran for more than 1 hour, but I do not see any Error messages, 

Can you run it bit longer? 

All I could see was request was sent by SEP, was trying to download but no timout or error messages.

Can you try to update the policy on client and try to capture that log , rather than cmd sent from SEPM?

Can you use/push intelligent updater file on those machine?

How to Update Definitions for Symantec Endpoint Protection using the Intelligent Updater

http://www.symantec.com/docs/TECH102606

Hi

Can you please run Management Wizard and check

Regards

My intention is to push these updates so that we don't have to go to each one individually.  Trying to find one in the list that I can get access to so that I can run the sylink.  I know in advance that there are some that are going to need repairs but I seem to only be getting 20 of them at a shot when I push to them all.  As I've been trying to push to the ones that are out of date but within 30 days but only getting 10 - 20 at a clip there are clients rolling out of the 30 day window.

Is there any restriction on the bandwidth for the clients?

there was a simillar case where client was not getting updated.

Do you use any GuP in your network?

If clients are outdated more than XX days ( when sepm does not have enough defs to create delta) it would send out the full packages

I understand that these clients would require a full update and that is going to take a while.  I am going by the command status complete to determine when I should check on the clients out of date.  Is it not really complete when the montior says it is?

With the exception of one off site (a small doctor's office) all clients get their updates directly from the SEPMs.

By sending out the command it will instruct the clients to update the content.

The clients are getting the update command ( command status) but not able to download the content, Sylink log will help to figure that out.

Going to finish pushing 12.1.4 before returning to this as we also have an issue with duplicate hardware IDs in our environment that may be causing the issue.