Endpoint Protection

 View Only

  • 1.  Exclude offline clients for reporting old virus definitions

    Posted Feb 16, 2015 02:57 AM

    Dear Community

    I am receiving daily alerts for any SEP client with outdated virus definition.

    As I have a number of client computers which are offline for extended periods (longer than 5-7 days), these machines appears on this list daily.

    Is it possible to exclude such offline machines from this notification?

    Regards,



  • 2.  RE: Exclude offline clients for reporting old virus definitions
    Best Answer

    Posted Feb 16, 2015 03:16 AM

    Is it possible to exclude such offline machines from this notification?

    Not possible exclude such machine. but you can try as per below screen shot

     

    If this machine available specify group you can exclude that group.

    You can choose "Include only clients that have checked in with the management server today"

     

    Notification_0.JPG



  • 3.  RE: Exclude offline clients for reporting old virus definitions

    Posted Feb 16, 2015 03:20 AM

    There is not be possibilty to remove the client notification which are shown on sepm server.

    Either you can change the old date definition time either removed the entry.



  • 4.  RE: Exclude offline clients for reporting old virus definitions

    Posted Feb 16, 2015 03:25 AM

    James

     

    Thanks alot for the feedback. That is indeed an option I will look in to.

     

    Regards,

    Thomas

     



  • 5.  RE: Exclude offline clients for reporting old virus definitions

    Posted Feb 16, 2015 05:59 AM

    Be aware that there is a bug in the current SEPM version which prevents the function to work properly:

    Cannot enable "Include only clients that have checked in with the management server today" in Virus definitions Out-of-date notification condition

    Article ID: TECH227916  |  Created: 2015-01-28  |  Updated: 2015-01-28
             

    In my environment (12.1.5), the "Include only clients ..." option cannot be switched on (SEPM forgets the change).



  • 6.  RE: Exclude offline clients for reporting old virus definitions

    Posted Feb 16, 2015 06:11 AM

    If you know which machines are offline extended periods, you could move them to a new group, create a new policy, and edit the setting to something like 14 days.

    Also, are these machines downloading from Symantec LiveUpdate when offline? This may also stop these machines from showing up.



  • 7.  RE: Exclude offline clients for reporting old virus definitions

    Posted Feb 16, 2015 07:56 PM

    Brian

    Thanks a lot for the suggestions. It is quite random which machines that are offline, so it is not really possible to manage them in such an active way.

    The machines are actually shut down, not just offline from the SEPM. People are traveling extensively for work and their machines in the office are then shut down.

    I also have a few "hot desks" and visitor desks with machines which might be shut down for longer periods.

     

    Greg

    Many thanks for highlighting this known bug. I am using 12.1.5 as well. I'll look into the workaround if this is something I want to test out.



  • 8.  RE: Exclude offline clients for reporting old virus definitions

    Posted Feb 16, 2015 08:09 PM

    You could also "up" the number of content revisions the SEPM keeps so clients aren't pulling full defs that have been off for awhile.



  • 9.  RE: Exclude offline clients for reporting old virus definitions

    Posted Feb 16, 2015 08:22 PM

    Good point Brian

    With SEPM 12.1.5 Symantec has redesigned how content revisions are managed by the server, using a new delta concept. These files will now take up significantly less space on the SEPM server. Hence, I believe the default number of revisions has been changed to 20.

    This should last me for about 7 days, I guess.



  • 10.  RE: Exclude offline clients for reporting old virus definitions

    Posted Feb 16, 2015 08:30 PM

    Depending on space, you could bump this up significantly.