Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Disabled clients?

Created: 28 Jan 2014 • Updated: 03 Feb 2014 | 24 comments
This issue has been solved. See solution.

SEPM - 12.1.3001.165

So I'm looking at my Total Endpoints on the Home dashboard, and I see:

Total Endpoints: 731

Up-to-date: 512

Out-of-date: 2

Offline: 217

Disabled: 188

None of those 188 clients are coming up as actually being disabled.  How do I get them out of that category?

Operating Systems:

Comments 24 CommentsJump to latest comment

.Brian's picture

Disabled is misleading

It doesn't mean the SEP clientis disabled, it means a component of the SEP client is disabled.

So AV could be on but say tamper protection is not running

If you click on the Disabled hyperlink, it will open a new window which shows more detail about exactly which component is disabled.

From here, you can now troubleshoot it to get it working again.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION
jcritzer13's picture

Ah, ok, I see it now.

All of the clients are listing "Early Launch Antimalware Status" as Disabled or Not Installed.  How do you force enable this module?  I'm no expert, and maybe I'm just not observant, but I've been dealing with SEPM for a few years now and don't recall ever seeing it.

.Brian's picture

ELAM is only compatible with Windows 8, are these machines on Win8?

See here:

http://www.symantec.com/docs/HOWTO81107

Also, what's your SEPM version?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

jcritzer13's picture

I think all of these machines are Win7... SEPM version was listed in very first message - 12.1.

Can I take ELAM out of the polciies or do I leave it there as someone else stated?

.Brian's picture

It won't apply to Win7 machines so go into the AV policy and on the ELAM tab, verify that it is unchecked and the lock icon IS locked. It's important that it's locked as this should stop clients from showing that ELAM is disabled or not installed

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

jcritzer13's picture

Ah!  It was unchecked on each policy but it wasn't locked!

I went ahead and locked it.  I'll give it a little bit and hope everything updates.  Thanks for the help!

I'll check back in just a bit.

SOLUTION
.Brian's picture

That should hopefully do it than...

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

jcritzer13's picture

Just wanted to drop back by and say thanks for the help, I appreciate it.  I still have all of the same clients reflecting Disabled status but I guess I'll just have to ignore the category (and potential REAL issues) from now on.

Symantec really needs to rework this feature to exclude client attributes from being pegged as Disabled when there's no way to run them in the first place.  It's misleading and wastes quite a bit of time to have to go through the list looking for actual issues.

SOLUTION
.Brian's picture

I would say try 12.1.4 if you have the possibility to upgrade. Although it really needs to be determined if this is a defect or what the working behviour should be.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

jcritzer13's picture

No, which you'd think disqualifies them from being reported as disabled when it's impossible to enable them.

Rafeeq's picture

Uncheck that policy and Lock it , so that it does not show up.

jcritzer13's picture

I don't see an option to uncheck it.  Where is the option?

Rafeeq's picture

open

sepm

policies

antivirus and antispyware policy

right click edit

you will find early launch antivmalware driver

Uncheck and there is small lock pad. just click on that it will get locked

update the policy on clients

AjinBabu's picture

Hello, 

Please  keep the settings on centric mode, so client will not have any option to any changes.

Regards

Ajin

SameerU's picture

Hi

Can you check whether the Tamper Protection is disabled on the clients showing as disabled

Regards

James007's picture

Please check which feature are disabled ?

Ex.

Auto-protect Status Firewall Status SONAR Status Download Insight Status Network Intrusion Prevention Status Browser Intrusion Prevention IE Status Browser Intrusion Prevention Firefox Status Tamper Protection Status Early Launch Antimalware Status
Enabled Enabled Not installed Not installed Not installed Not installed Not installed Disabled Client not reporting status
.Brian's picture

It's the ELAM showing as disabled causing the issue. Assuming you have the lock icon closed, you may want to check with support on this

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Rafeeq's picture

If you dont close the lock , it will complain that its disbaled. Did you close the lock pad as I mentioned earlier?

jcritzer13's picture

I feel like I'm beating my head against a wall here, guys; I answered on the 28th that I had locked it.  The clients are not updating or removing themselves from displaying a Disabled notification under what should be an irrelevant feature since the feature is not supported under Win8.

I then stated "Symantec really needs to rework this feature to exclude client attributes from being pegged as Disabled when there's no way to run them in the first place.  It's misleading and wastes quite a bit of time to have to go through the list looking for actual issues."

Apparently nobody read the thread :)

.Brian's picture

I was aware of it, but, at this point, I think we've exhausted our options via the forum. My suggestion is to call support and let the backline experts handle it.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.