Endpoint Protection

 View Only

  • 1.  Antivirus signatures are updating, but not proactive or network threat. What's going on?

    Posted Jun 18, 2010 04:53 PM
    As an early step in our upgrade to Windows 7, we have set up an isolated LAN, with no Internet access, consisting of some Windows Server 2008 boxes and several Windows 7 workstations.  I have installed SEPM 11.0.6 on one of the servers (which is running a domain controller -- i don't know if that fact contrubutes to our problem), and SEP client on the workstations.  Since I can't run LiveUpdate to download updates from the Symantec LiveUpdate server, I have been downloading the latest .jdb files and applying the updates to SEPM by hand.

    When I apply these updates to SEPM, the Antivirus and Antispyware definitions propagate to the clients pretty quickly, but I can't get  Proactive Threat Protection or  Network Threat Protection to update at all.  Right now, the Network Threat Protection definitions are dated March, 11 2010 (which is what they were, I think, when we first installed SEP).  Proactive Threat Protection  is currently disabled, and it shows a definition status of Waiting for updates.

    Can anyone help me unravel this situation?  The network connection between client and server is evidently working, since the Antivirus definitions are updating.  I can't find anything in the policy that would explain the problem, and there's nothing in the logs that seems to explain what's going on (though perhaps I'm looking in the wrong place).

    Does anybody have suggestions?


  • 2.  RE: Antivirus signatures are updating, but not proactive or network threat. What's going on?

    Posted Jun 18, 2010 05:24 PM
    JDB files only update Antivirus/Antispyware definitions. The only ways to update PTP and NTP defs is to connect to a SEPM, a Symantec LiveUpdate server or a LiveUpdate Administrator server. The clients have (old) PTP and NTP defs that get installed when SEP is installed, but they show "Waiting For Updates" if those defs are over 30 days old.

    Proactive Threat Protection will always show "Off" on server-class operating systems, even if it gets updates.


  • 3.  RE: Antivirus signatures are updating, but not proactive or network threat. What's going on?

    Posted Jun 18, 2010 06:35 PM

    The clients connect to the SEPM on the test LAN, but both clients and manager are isolated from the internet.  Is there any way to sneakernet current (or relatively current) PTP and NTP updates to this SEPM, so they can download to the clients?



  • 4.  RE: Antivirus signatures are updating, but not proactive or network threat. What's going on?

    Posted Jun 18, 2010 07:00 PM
    Hey buddy, you cant manually update the IPS signature, Its available only in our server and only live update can download it and apply it.

    If you need to Update IPS then you need to First update the LU in your manager or Setup a Live update Administrator and Have it download the updates and distribute it to SEPM and SEP.

    There is no way you can do it manually

    regards,
    Haresh Rudrakodi
    Sr. Technical Support Engineer
    Symantec Enterprise Support


  • 5.  RE: Antivirus signatures are updating, but not proactive or network threat. What's going on?

    Posted Jun 19, 2010 12:44 AM
    For this you can take the help of Internal Live update server.Refer this KB and article
    Installation and configuration of LUA
    Updating downloads in an internal Live Update Administrator Server using the downloads from an external Live Update Server