Endpoint Protection

 View Only

  • 1.  False alarm in the email weekly reporting ?

    Posted Oct 01, 2012 09:01 PM

    Hi All,

    I wonder if this is a suspected bug or expected behaviour in the SEP Weekly email notification ?

    when I received my email notification Weekly Compliance and Threat Report (Symantec)_29-09-2012 1-02-47 AM.mht 

    I noticed that in the Protection Status Snapshot | Auto-Protect Off --> those servers in this list is already auto-protected (with green dot sign)

    how to prevent this false positives ?



  • 2.  RE: False alarm in the email weekly reporting ?

    Posted Oct 01, 2012 09:22 PM

    This might be old entries which was not cleared properly in SEPM database. Try to check the Logs on SEPM for these computers having false data in reports or not. 

    If Logs too showing the same data then check the agentinfo folder.

    Location: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\agentinfo

    Clients will send the dat files to the SEPM, Those DAT files will have the client information which should be processed by SEPM and purged within a minute.

    If you see .err & .tmp files. It indicates SEPM is not processing the client DAT files.

    Then you need to

    • Stop the SEPM services
    • Delete those .err & .tmp files manually
    • Start the SEPM services.

    Delete the client entry from SEPM  so it will connect and register again.

     

    Now Pull the report and check with the information......................



  • 3.  RE: False alarm in the email weekly reporting ?

    Broadcom Employee
    Posted Oct 01, 2012 10:38 PM

    have you checked the client logs? may be it was not functioning and may be after sometime it started working. Suggest to look into the client logs.