Endpoint Protection

 View Only

  • 1.  Client logs show 'Last Time Status Changed' time-stamp older than 'Last Scan'

    Posted Oct 29, 2013 12:37 PM

    I'm in the SEP Manager console on the Monitors tab.  I'm running the 'Computer Status' log over the past 24 hours.

    I'm looking at the column labeled 'Last Time Status Changed'; from my understanding this time-stamp is basically the last time the client checked in with the SEP manager.

    Knowing this, is it possible to have a time-stamp for 'Last Time Status Changed' that is older than say...'Last Time Scanned'?

    SEP last time status changed post.JPG

     

    If the last time my agent checked in was on the 28th, how do I know the last scan was ran today?

    Any insight into this report would be greatly appreciated, thank you.

     



  • 2.  RE: Client logs show 'Last Time Status Changed' time-stamp older than 'Last Scan'

    Posted Oct 29, 2013 01:23 PM

    • The Last Time Status Changed column displays the time that the client last communicated with the management server. this could be from offline to online or a location change. It does not mean that it did not connect to sepm after that.

    • again is your sepm in pull mode or push mode? whats the communication interval you have set.. can you check that?



  • 3.  RE: Client logs show 'Last Time Status Changed' time-stamp older than 'Last Scan'

    Posted Oct 29, 2013 01:58 PM

    So the column 'Last Time Status Changed' isn't just "when the client last communicated with the SEP manager"...it literally is the Agent status changing?    

    This is interesting because none of my agents should be switching from online to offline or changing locations, however my clients update this timestamp regularly.  What exactly causes a status change for an agent?

    This client is neither push or pull mode; it's a SAVFL agent (version 1.0.14 build 13) running on a server (Oracle Enterpise Linux 5.9).  It's configured to send logs to the SEP Manager using the SAVFL reporter tool.



  • 4.  RE: Client logs show 'Last Time Status Changed' time-stamp older than 'Last Scan'

    Posted Oct 29, 2013 02:19 PM

    SAV cannot talk to SEPM, so its not the last time It contacted the manger in this scenario.

    I need to check how SAV logs are interpreted in SEPM.



  • 5.  RE: Client logs show 'Last Time Status Changed' time-stamp older than 'Last Scan'

    Posted Oct 29, 2013 02:38 PM

    Can you check the report with time range as last week,

    AFAIK it should be the last time it fwded the logs to sepm.

    so on 26th it should have sent something and on 28th It ran scan.

     



  • 6.  RE: Client logs show 'Last Time Status Changed' time-stamp older than 'Last Scan'

    Posted Oct 29, 2013 03:15 PM

    That is where the confusion is for me, if that time-stamp is the last time the SAVFL agent forwarded the logs to the SEPM, how does the SEPM know that the last scan occured one day later?

     

     



  • 7.  RE: Client logs show 'Last Time Status Changed' time-stamp older than 'Last Scan'
    Best Answer

    Posted Oct 30, 2013 03:01 PM

    Last time it  connected to SEPM on 28th ( Still connected )

    So it sent the logs on 29th.

    You can easliy test this by stopping the smc service and restarting it and setting a small test after few hours.

     



  • 8.  RE: Client logs show 'Last Time Status Changed' time-stamp older than 'Last Scan'

    Posted Nov 04, 2013 10:32 AM

    I see, thank you Rafeeq for clearing up my confusions.  I have a better understanding of now of what this means.