Endpoint Protection

Hi

is the behaviour in question with Symantec Endpoint Protection 11.0.4 the correct one? Or should the client directly boot into the destination group. I'm unsure here. Please clarify.

regards

It moves to the destination group automatically?

One more question - are they user mode or computer mode clients?

the client should report to the registered group.

it should report to the correct group, if you are installing this for the first time, install th latest version rU6.

Install packages created by limited administrator install clients register into the default group rather than specified group
Fix ID: 2031339
Symptom: Install packages created by limited administrator install clients register into the default group rather than specified group.
Solution: Symantec Endpoint Protection Manager was updated so that exported packages contain the preferred group information.

http://service1.symantec.com/SUPPORT/ent-security.nsf/ppfdocs/2007121216360648?Open&dtype=corp&src=&seg=&om=1&om_out=prod

they are computer mode clients and the moving takes place automatically, but what i want to know is, if the bootup should register in the destination (non-default group) in the first place or if the "first into default then 20 secs later to destination" is the correct behaviour

regards

Please check the article below and see if it looks similar to your issue

Wbe URL: http://www.symantec.com/business/support/index?page=content&id=TECH97371&locale=en_US

thanks for clarification. But that takes several hours until it happens. I have logs here which are telling me:

5:50 am Default Policy

10:20 am receiving ... (correct policy)

so, whats driving me nuts is, if the computer is 5 hours in the wrong group and if its "Full scan" day for these group, the wrong PCs (VDI sessions in this case) are scanned and the performance of these clients drops dramatically.

The update to RU6 isn't that easy, cause this would be a whole own project which needs to be funded.

Our AV guy is fingerpointing about installing the AV package with the correct group information on an image where some information from the already installed but removed AV client remains and our VDI guy told me that he has deleted everything included registry and files.

So the interessting thing is if this error (according to RU6 fixes it is one) went away if we install on a image without AV preinstall but deleted afterwards.

If we cant solve this with RU4 then this information is also very important for me. Perhaps then the funding takes place quicker.....

We're even suspecting that the clients gets scanned when no one is logged into the client. Is this even possible?

regards

Is the SEPM aligned with the AD on your network?

If so, do you have any non-AD groups created under My company?

The clients will do a scan if the PC is switched on and in a Log off state, but it will not do so if the clients are into sleep/hibernation mode on the PC.

The clients should report straight to the destination group as soon as they report to SEPM. This is the way, sylink.xml points them to when the clients report to SEPM.