Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Endpoint Status monitor.

Created: 07 Feb 2013 | 8 comments

In the SEPM Endpoint Status monitor, it is showing that I have 75 disabled clients, I have not verified all but some of them work perfectly fine. Why are there clients listed here when they are working fine and are up to date?

SEP 12

OS Windows 7 64 bit clients and Windows 2003 32 bit servers and Windows 2008 server 64 bit

Comments 8 CommentsJump to latest comment

.Brian's picture

This is a little misleading. Disabled doesn't necessarily mean SEP is OFF completely. It could mean one of the components is disabled.

If you click on Disabled, a new window will open with more details. From here, you can see exactly what is disabled. It may just be tamper protection or Insight.

If you scroll over, it will give you all the details.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

The Conquistador's picture

Tamper protection is off for ALL clients, how do I get that to not be logged into the disabled?

.Brian's picture

You can't. This is by design.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

The Conquistador's picture

OK, I have Tamper protection off all across the board. Why is it only picking up 75 clients when there are over 500? None of which has tamper protection enabled.

.Brian's picture

Not sure, maybe a bug. Or maybe tamper protection is actually on for them cheeky

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

The Conquistador's picture

I can't even remember why I disabled Tamper protection across the board. Can you think of reasons?

Do I want to turn it back on?

.Brian's picture

In the past, I've seen minor issues such as print drivers not installing...but nothing major.

Personally I would recommend it. It stops threats from disabling SEP. But sometimes legitimate programs may try to tinker with it as well...it's really up to you. I would turn it on and if something comes up than deal with.

Just leave the lock open in case someone is troubleshooting and needs to turn it off quickly. That's how I have it.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Chetan Savade's picture

Hi,

I would recommend to enable tamper protection if you are not sure why you have disabled it.

Follow these steps to enable it.

1. Double-click shield icon to bring up SEP client UI.

2. Click Change Settings > Client management > Configure Settings

3. Switch to the Tamper Protection tab, and either change the action to Log the event only or uncheck the option Protect Symantec security software from being tampered with or shut down.

4. Click OK.

5. After completing task requiring tamper protection to be disabled, restore tamper protection to the previous setting.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<