Endpoint Protection

Hi everyone,

recently I've set up a central quarantine server for our enviroment and I was able to get it to collect virus samples, but I can't get it to communicate with the gateway server (gateways.dis.symantec.com), or so it seems.

I've collected some samples last week, but if I look at the sample state it still says "submitting: this sample is being submitted to the gateway". Not even one sample was submitted/analyzed. Auto-submission is activated in the properties of CQ, we have no firewall in our enviroment and I tested the connectivity via following support document:

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2003091010413848  

both worked.

I have to add that following error is displayed in the error column, it says "missing content-length" but I couldn't find a support document that refers to that error, does anyone know what it means?

Used versions:

Symantec Central Quarantine 3.5
Symantec Endpoint Protection 11.


thanks for the help,

Markus G.

addition:

this is the error shown in the properties of the symantec central quarantine:

Attention:
submit: QServer cannot connect to the gateway to submit samples.

Last Alert:  Tue, 25 May 2010 10:17:28 GMT
Event Name:  Unable to connect to the Gateway
submit: QServer cannot connect to the gateway to submit samples.
Ensure QServer has access to an adequate Internet connection

Hi Markus,

Here is an article that you can refer to

Title: 'Error: ". . . Central Quarantine. Error Connecting to Gateway . . . Unable to Download Definitions"'
Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2001011611203948?Open&seg=ent

Hi again,

I solved the connection issues to the symantec gateway (at least it seems so) as the central quarantine server is downloading a definition policy. the problem I have now is that the definition that gets downloaded manually is very old (from 2/24/2010, seq number: 107837).

I found a document that explains how to manually ( http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2005010709235148?Open&docid=2004062313041348&nsf=ent-security.nsf&view=febc48e5db73822a882573410063331b )

insert a recent definition into the CQS, but I would like to avoid that path because the server has to get the most recent definition automatically, we don't have time to implement the definitions each time manually. So is there any way to specify which version the QSC downloads?

Now to the problems with the submissions:

out of 100 samples maybe 2 have the status "submitted: this sample has been submitted to symantec security response. wait for new definitions to be automatically returned."

all the others have the status "released" but nothing happens to them, eventually they report the following error:

Last Alert:  Sat, 05 Jun 2010 09:50:10 GMT
Event Name:  Sample: too long with Released status
released: This sample will be submitted to the analysis center.
Sample has had the "Released" status for too long.


what does this mean? how can I avoid that? The only idea I have right now is that the submission queue is very long (atm 150 samples) and therefore the submission takes a very long  time as the CQS has to submit sample after sample...but in fact this doesn't happen, the samples appear, and get straight into the queue (auto submission is activated) and then nothing happens.

I already noticed that QSC is a product that doesn't get the full attention from symantec, but getting this server to work is my trainee task and I would be very glad if I get this thing to work, so a big "thanks!" to everyone who takes the time to read that and maybe even post a solution.

Markus G.