Endpoint Protection

Hi all,

We have problem with Status Summary and Reports with SEP 11.0.7101. Our Windows XP 32 bits clients report that Auto-Protect Off and Tamper Protection Off to SEPM. When checking on clients, everything is ON: AV & Spyware: ON, NTP: ON, PTP: ON, File System Auto-Protect: Enable.

We tried to uninstall and re-install SEP (version 11.0.7101.1056) on 8 test clients, in the first 2 days Auto-Protect and Tamper Protection go ON. But after 3 days all those clients become OFF as usual.

We have both Windows XP and Windows 7 clients, but the problem only happens with Windows XP (32 bits, SP3), Windows 7 clients are OK. All the clients are imported from AD. Our SEPM Server running on Windows Server 2003 Standard 32 bits with SQL Server 2008.

Has anyone experienced with this problem before?

HI,

Check this comments

Title: 'Symantec Endpoint Protection Manager reports incorrectly clients with a Status Summary of AntiVirus Engine Off on the home page'
Document ID: 2007121311213848
> Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2007121311213848?Open&seg=ent

Thanks Sharma,

The Database using is SQL 2008 R2.

For the first link we use SEPM 11.07101 so that wouldn't be a problem.

I have deleted all temp files in Program files/Symantec/Symantec EndpointProtection Manger/data/ inbox/agentinfo/

Also changed Delete clients that have not connected for X days to 5 days. Just coming to check the report of Auto-Protect Off: Monitor -> Logs -> Advanced Settings -> Compliance options -> Auto-Protect Off and all the problem clients still the same.

I'm checking with the two thread you send below...

HI,

Check this may be help.

This might be old entries which was not cleared properly in SEPM database. Try to check the Logs on SEPM for these computers having false data in reports or not. 

If Logs too showing the same data then check the agentinfo folder.

Location: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\agentinfo

Clients will send the dat files to the SEPM, Those DAT files will have the client information which should be processed by SEPM and purged within a minute.

If you see .err & .tmp files. It indicates SEPM is not processing the client DAT files.

Then you need to

• Stop the SEPM services
• Delete those .err & .tmp files manually
• Start the SEPM services.

Delete the client entry from SEPM  so it will connect and register again.

Now Pull the report and check with the information

Hi Sharma,

I have gone through your 2 suggestion links. The firsrt is the same suggestion of your 2 guideline steps.

The second mention of "the virus definitions failing to load". I have checked on one problem client, try to start scanning but get this error: Error 536870915 occured running scan.

Re-install SEP client will help for 2 days but the problem will come back in not more than 3 days :(

Any solution for this?

Thanks.

While running scan from Symantec EndPoint protection 11.0.7000 (RU7), receiving a Scan error "Error 536870915 occurred running scan

http://www.symantec.com/business/support/index?page=content&id=TECH166585

Hi Sharma,

I have checked the log again, it shows the same clients.

Previously I can not delete all dat file in agentinfo folder so I stopped SEPM service and delete all the file in that folder and follow your suggestion.

Anyway I tried once again for sure but nothing changed :(