Endpoint Protection

Hello

I have recently setup Symantec Endpoint Protection 11.x and admittedly I did not have the amount of time I would have liked to get to know the application prior to the install and implementation. In fact it was set up in a very big hurry in order to avoid a possible outbreak on April 1st 2009 as our AV Solution was in disarray.

However I have all of our Clients configured to communicate with the server and the Policies and AV Definitions  seem to be replicating just fine to the clients but the Symantec Endpoint Manager Console is reporting a failure under the section called Antivirus Definition Failures and Scan Failures. My workstation for instance is in this list as having Definitions from 2009-04-03 rev. 004 but the Client Software Package running on my worksation says I have virus definitions dating April 15, 2009.

Also I noticed that during the "rushed" install of the Symantec Endpoint Protection software that some clients did not show up under the Default Domain and were not visable until I Added Domains that corrisponded to my AD Domain. Which is a pain as I have to switch between domains in order to see them all. I only have one AD Domain.

Any help would be greatly appreciated. Thx

Hi,

Try to do telnet from client to server on port 80.

Also copy/paste the below link in IE and press Enter. It must show OK.

If it doesn't dispaly, it means there is some communication issue between your client and server.

Rgrds,
SAM

Also try to run SEp_SupportTool to check if there is any issue with SEP installed at your end.

Run this tool and check the report.

Also i hope you are using the latest version i.e. SEP 11.0 MR4MP1a

Rgrds,
SAM

HI,

Same issue at our envoirement.

Any Idea to resolve?

Regards,

Tamboli

Hi

Just see that to which management server its pointing

This will solve the issue.

SAMEER

Hello

Thanks for the pointers I have made some progress. I ran the SEp_SupportTool and it pointed out that in my haist I did not build the VM with enough RAM and Dick Space on the C Drive. I also installed everything using MR2 in which it suggested I upgrade. So what I have done so far is I added RAM, added a second HD to the VM and reconfigured the Server Database ( Embedded ) using the Management Server Configuration Wizard so as to move the DB ( Embedded ) to the second HD. I have also  set the Security Status preferences from the default 10 days to just 1 day, which is likely what did it :) but I supose its not a bad idea to have the database on a seperate drive than that of the system. I am planning a upgrade of the Symantec Endpoint Protection software for both the client and server very shortly.

However I am noticing that the reports are not visable from the Symantec Endpoint Protection Manager Console unless you are local to the server. Not sure how to resolve that. Ideas?

Jason

Hi

Telnet returned with the following. Which is what I believe to be what is should do.

HTTP/1.1 400 Bad Request
Content-Type: text/html
Date: Fri, 17 Apr 2009 16:46:05 GMT
Connection: close
Content-Length: 35

<h1>Bad Request (Invalid Verb)</h1>

Connection to host lost.

Try to  run unmanaged detector

Try LUall.exe once.

hi,
check your liveupdate settings and also check the clients are in push or pull mode