Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Auto-Protect Off, Tamper Protection Off on XP 32 bits clients - SEP 11.0.7101

Created: 29 Oct 2012 | 6 comments
Status Summary  Computers
Antivirus Engine Off 3
Auto-Protect Off 138
Tamper Protection Off 139
Restart Required 1
Host Integrity Failed 0
Not Reporting Status 4

Hi all,

We have problem with Status Summary and Reports with SEP 11.0.7101. Our Windows XP 32 bits clients report that Auto-Protect Off and Tamper Protection Off to SEPM. When checking on clients, everything is ON: AV & Spyware: ON, NTP: ON, PTP: ON, File System Auto-Protect: Enable.

We tried to uninstall and re-install SEP (version 11.0.7101.1056) on 8 test clients, in the first 2 days Auto-Protect and Tamper Protection go ON. But after 3 days all those clients become OFF as usual.

We have both Windows XP and Windows 7 clients, but the problem only happens with Windows XP (32 bits, SP3), Windows 7 clients are OK. All the clients are imported from AD. Our SEPM Server running on Windows Server 2003 Standard 32 bits with SQL Server 2008.

Has anyone experienced with this problem before?

Comments 6 CommentsJump to latest comment

Ashish-Sharma's picture

HI,

Check this comments

Title: 'Symantec Endpoint Protection Manager reports incorrectly clients with a Status Summary of AntiVirus Engine Off on the home page'
Document ID: 2007121311213848
> Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2007121311213848?Open&seg=ent

What database you are using ?

Try the 2 steps given below :

1.   Go to Program files/Symantec/Symantec EndpointProtection Manger/data/ inbox/agentinfo
    if there are any temp flies delete them , make the folder empty
    Restart the SEPM service

2. Delete the logs from the database:

Login to SEPM

Go to the Admin tab.

Click on Servers.

Select the "Local Site" from the list of Servers.

Under "Tasks," select Edit Site Properties.

Under the "General" tab, there is a check box that says "Delete clients that have not connected for X days." By default this is set to 30. Change the number of days as desired.

Click OK.

Check this thread

http://www.symantec.com/connect/forums/status-summary-autoprotect

http://www.symantec.com/connect/forums/autoprotect-status-false-positives

Thanks In Advance

Ashish Sharma

Nguyen Cao's picture

Thanks Sharma,

The Database using is SQL 2008 R2.

For the first link we use SEPM 11.07101 so that wouldn't be a problem.

I have deleted all temp files in Program files/Symantec/Symantec EndpointProtection Manger/data/ inbox/agentinfo/

Also changed Delete clients that have not connected for X days to 5 days. Just coming to check the report of Auto-Protect Off: Monitor -> Logs -> Advanced Settings -> Compliance options -> Auto-Protect Off and all the problem clients still the same.

I'm checking with the two thread you send below...

Ashish-Sharma's picture

HI,

Check this may be help.

This might be old entries which was not cleared properly in SEPM database. Try to check the Logs on SEPM for these computers having false data in reports or not. 

If Logs too showing the same data then check the agentinfo folder.

Location: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\agentinfo

Clients will send the dat files to the SEPM, Those DAT files will have the client information which should be processed by SEPM and purged within a minute.

If you see .err & .tmp files. It indicates SEPM is not processing the client DAT files.

Then you need to

  • Stop the SEPM services
  • Delete those .err & .tmp files manually
  • Start the SEPM services.

Delete the client entry from SEPM  so it will connect and register again.

Now Pull the report and check with the information

Thanks In Advance

Ashish Sharma

Nguyen Cao's picture

Hi Sharma,

I have gone through your 2 suggestion links. The firsrt is the same suggestion of your 2 guideline steps.

The second mention of "the virus definitions failing to load". I have checked on one problem client, try to start scanning but get this error: Error 536870915 occured running scan.

Re-install SEP client will help for 2 days but the problem will come back in not more than 3 days :(

Any solution for this?

Thanks.

Ashish-Sharma's picture

While running scan from Symantec EndPoint protection 11.0.7000 (RU7), receiving a Scan error "Error 536870915 occurred running scan

http://www.symantec.com/business/support/index?page=content&id=TECH166585

Thanks In Advance

Ashish Sharma

Nguyen Cao's picture

Hi Sharma,

I have checked the log again, it shows the same clients.

Previously I can not delete all dat file in agentinfo folder so I stopped SEPM service and delete all the file in that folder and follow your suggestion.

Anyway I tried once again for sure but nothing changed :(