Endpoint Protection

 View Only

  • 1.  Disappearing Client on Server. Client with error

    Posted Jun 23, 2010 10:39 AM

    Version = 11.0.6
    Client PC says the following message appeared yesterday:

    'Virus definitions are missing on this computer. This computer will remain unprotected until definitions are downloaded from the network....'
    The definitions field on the client was blank. TruScan's field had a revision date.

    I went into: C:\Program Files\Common Files\Symantec Shared\VirusDefs after stopping the Symantec services and removed the only dated folder contained in this directory. I restarted the services and then rebooted the computer.

    I then realized that the SEPM server was down. Rebooted the server. Ran command from server to 'update content' on the client PC. After a few minutes, the issue was resolved.

    PC was turned off for the evening. This morning, the client PC booted up with the same 'Virus definitions are missing on this computer. This computer will remain unprotected until definitions are downloaded from the network....' issue. I looked on the SEPM and the Client PC name was nowhere to be found. Not even a blue PC icon as though the software had been uninstalled. I ran from the client PC 'Update Policy'. I checked the SEPM listing again, and suddenly the client was in the listing with a green light....

    Is this a known glitch? Should I be re-installing the client if this issue re-occurs, or is there another resolve? 

    If clients have the definitions screw up during installation, is there a manual fix guide to getting it back up and running like the 8.x version had?
     



  • 2.  RE: Disappearing Client on Server. Client with error

    Posted Jun 23, 2010 10:48 AM
    Usually it takes 30 days before the system will automatically remove the client.
    Another possibility is:
    - Duplicate SID if the system was ghosted.
    - Deleted group of the original install package.

    You can try to use the "Sylink.XML" from a working machine in a known good group and than move the client back over.  That should resolve the communication problem.
    Alternatively, you can use the find "unmanaged client wizard" and re-push the package to it.


  • 3.  RE: Disappearing Client on Server. Client with error

    Posted Jun 23, 2010 11:09 AM
    Jason - I might give the Sylink.XML idea a shot... although if it was corrupt...it wouldn't be working right now... client timeout for server removal was already modified to well above the 30 day default setting.




    In the Event Viewer of the client, upon bootup this morning, the following Application Errors were noted:

    This was at 36 seconds on the minute

    Source:Symantec AntiVirus
    Category: 2
    Event ID:34050
    No new virus defintions handlers found.


    This was at 47 seconds on the minute (just a few seconds after the initial error)


    Source:Symantec AntiVirus
    Category: none
    Event ID:14
    Symantec Endpoint Protection services startup was successful.


    I tried googling "No new virus defintions handlers found." and did not come up with anything relevent or helpful in explaining the error. I'll look up the error on eventid.net.... but if anyone has a suggestion that can explain what happened to this client, excellent.

    Eventid.net says --> http://eventid.net/display.asp?eventid=2&eventno=7373&source=Symantec AntiVirus&phase=1

    It's saying something about this message coming from a scan... but what does No new virus defintions handlers found mean??


  • 4.  RE: Disappearing Client on Server. Client with error

    Posted Jun 23, 2010 03:40 PM
    where are the pros today?


  • 5.  RE: Disappearing Client on Server. Client with error

    Posted Jun 23, 2010 03:56 PM
    if the compute was off for a day and when u turn it on next day ; its obvious that it would say virus defs out of date :


  • 6.  RE: Disappearing Client on Server. Client with error

    Posted Jun 23, 2010 04:04 PM
    What is the operating system of the machine that's missing definitions?  Was disk imaging involved in setting this computer up?  How long was it working correctly before this started / what else changed?  Are you using software like Deep Freeze that resets the system state every night?  Are there any messages in the event view itself pertaining to missing definitions? 

    (BTW, the "update content" command in the SEPM tells it to run LiveUpdate.)

    sandra


  • 7.  RE: Disappearing Client on Server. Client with error

    Posted Jun 23, 2010 04:05 PM

    It didn't say 'out of date', it said 'missing'.  And the default for SEP to tell you definitions are outdated is something like 14 days, not 1.

    sandra


  • 8.  RE: Disappearing Client on Server. Client with error

    Posted Jun 24, 2010 10:56 AM
    It is scary that a Trusted Advisor with full ratings does not know how to read text before commenting; it's obvious.

    Thank-you for responding Sandra!

    What is the operating system of the machine that's missing definitions? 
    Win XP Pro SP3

    Was disk imaging involved in setting this computer up?
    Yes. A very long time ago. The SID was reset.

    How long was it working correctly before this started / what else changed?
    A good 2 weeks. / Only the server going down temporarily that one day as stated in the OP.

    Are you using software like Deep Freeze that resets the system state every night?
    No

    Are there any messages in the event view itself pertaining to missing definitions? 
    No

    (BTW, the "update content" command in the SEPM tells it to run LiveUpdate.)
    I created a policy for this group that only allows it to use the server... LiveUpdate is not a possibility for the client... please explain to me or point me in the direction of a link of what the Update Content feature does exactly.

    I would like to know the engineered meaning of this:
    Source:Symantec AntiVirus
    Category: 2
    Event ID:34050
    No new virus defintions handlers found.







  • 9.  RE: Disappearing Client on Server. Client with error

    Posted Jun 24, 2010 11:22 AM

    You're welcome... and thanks for the additional info.  If the definitions were truly missing I would expect to see entries in the event log.

    The "No new virus defintions handlers found" message is honestly not one I have seen before, and there is nothing in our KB covering this message or that event ID.  This is the only client that is having this issue?

    The Admin Guide says this about "Update Content" (p. 76, in the Documentation folder in the RU6a installation media):

    "Updates content on clients by initiating a LiveUpdate session on the clients. The clients receive the latest content from Symantec LiveUpdate."

    The best I can suggest at the moment is to enable sylink debugging, let it run for a couple of heartbeats, then upload the log.  That should show some more information as to what's happening during the communication process with the SEPM.

    Title: 'How to enable Sylink Debugging for Symantec Endpoint Protection in the registry'
    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008041812561948

    sandra


  • 10.  RE: Disappearing Client on Server. Client with error

    Posted Jul 02, 2010 11:44 AM
    Got this same error on my SEPM box after getting help for LU not working.

    Try re-installing your SEP install package from the server. If necessary remove, reboot, re-install.

    Most likely what's happened is either your definitions folder has gotten fouled (maybe even with a bad update) or the registry key that tells SEP where to look is bad.