Antivirus Engine Off and Virus Definitions out-of-date
I'm running MR2MP2, but I seem to be experiencing a recurrence of an issue that was supposed to be fixed in MR2:
On Symantec Endpoint Protection Manager Home Page, status of Symantec Endpoint Protection client shows AntiVirus Engine is off
Fix ID: 1183055
Symptom: From Symantec Endpoint Protection Manager, multiple Symantec Endpoint Protection clients show that the Antivirus Engine is off from the Home Page > Status Summary. A local check shows that the antivirus engine is on, the definitions are current, and there are no other problems.
Solution: Fixed to present correct state of Symantec Endpoint Protection clients in Symantec Endpoint Protection Manager.
As the description above says, the clients report that everything is fine but the console reports that around half the clients are out of date and have the antivirus engine off.
I'm apparently not alone in this:
It was also experienced by the people in the second half of this message
And here
And here
And here by ch1221
Has anyone seen a fix for this? I didn't see a fix posted in the release notes for MR3 posted here:
Comments
Hi
Yes it is true that you are not maiden who is facing this problem there are lots of user who has the same issue.
For this you need to check wether the windows firewall is off, if it is on please turn off, check the ping between server and cleirnst and then update the policies to the clients .
If this doesn't work upgrade the version of Symantec Endpoint Server and Clients.
Ajit jha
Regards'
Ajit Jha
Technical Consultant
STS
The firewall was off, the ping communication was fine, and the policies have been updated. The clients are still showing as out of date on the server but not the client.
Since there is nothing documented in MR3 that fixes this problem, and the reception of MR3 has not been stellar, I'm not planning on upgrading to MR3 yet.
Anyone else have any input?
Hi
Please confirm me that are u talking about Out-of-date and up-to-date computers on Home page? If yes then your server is perfect.
You can check the clients status of updates in Clients>> Your group>>Select clients>> right click it and check the version. If the version of updates is same as it is in client machine then you need not to worry.
Regards'
Ajit Jha
Technical Consultant
STS
Virus Definitions show as out of date on the server, but clients show current definitions. Server shows clients with antivirus engine off, but the clients show that they're still running scans and downloading definitions.
Clients/right click screen on the server shows the same thing as Home screen. I'm not worried because I can see that the clients are current on the clients themselves, but what's the point of having a management server if it has no idea what's going on with its clients?
Hi
You have an alternative way i.e uninstall the SEP manager and reinstall it. Before uninstallation please take the backup of it and restore the backup after installing it.
To take the backup go to Start>> SEP Manager>> Backup and Restore.
Hope this will resolve your issue.
Regards'
Ajit Jha
Technical Consultant
STS
We are experiencing this problem as well and have an open ticket on it. We've sent debug files galore and now it's at "second level support". We made the leap to MR3 with no improvement, so I wouldn't recommend you try to fix it that way.
Too late :). I had a call in and they recommended upgrading and all it's done is introduce more issues. I even installed in "console" mode since that's their default answer to everything.
Sorry about that JTP... welcome to the club...
Thats Good
So you finally uninstalled the manager and reinstalled it.
Regards'
Ajit Jha
Technical Consultant
STS
I'd be willing to do the manager uninstall/reinstall if there's a written procedure for it. I don't want to "just wing it" as I really have enough problems with SEP without destroying my SEP manager installation.
Yeah, upgrade didn't help so I did a full uninstall and reinstall in console mode *with Symantec support walking me through it*. Ended up (you guessed it) even worse off. I'm collecting logs and such for them now.
Just got word back from Symantec Support on some trace files I had sent them on an offending PC. They reported back that a GPO was restricting access to the Symantec Services... sure enough I used GPMC to pull the effective policy on a client and I had (much to my surprise) changed permissions on the SEP services. I presume to prevent some of my "Power Users" from killing SEP with proc explorer, or the like. I removed the GPO and on my test system it appears as though it may have resolved the issue. Now the new issue... how do I keep users from killing SEP when it bogs down their PC?
Hi Marc, I'm having the same
Hi Marc, I'm having the same issue. What specific policy/policies in GPO was restricting access to Symantec Services? Thanks.
A note from a reliable source regarding locking services using GPOs...
Unsupported - Untested - TRY AT OWN RISK!!
There are ways that you can harden the SEP install so users cannot change anything. It is not supported however, so if anything acts strange or doesn't work properly, we can't help fix it. Here are the permissions that 100% need to be in place.
Authenticated Users: Read
SYSTEM: Read; Start, stop, and pause
Compared to the defaults:
Administrators: Full Control
Authenticated Users: Read
SYSTEM: Read; Start, stop, and pause
Power Users: Read; Start, stop, and pause
So if you would like to test it, you can, but again do at your own risk.
GPO
Hi, anyone knows the GPO that fixed this?
Thanks
Michael
Would you like to reply?
Login or Register to post your comment.