Having Problem on Proactive Threat Protection update !!
Updated: 21 May 2010 | 15 comments
This issue has been solved. See solution.
Hi,
I am having Problem on Client Live update. After a fresh installation of Endpoint client there are no update from the Endpoint server for Proactive Threat Protection still now. I am using Win XP for my all clients.
Problem: Proactive Threat Protection is showing Waiting for update.
I have already checked my server to client communication & no problem found. Antivirus & antispyware is uptodate. Any alternative suggestions would greatly be appreciated. Thanks
discussion Filed Under:
Comments
Check the server's SEP if it
Check the server's SEP if it is updated.
Then check the policies.
You could also try manually updating by pushing the updates from SEPM
“Your most unhappy customers are your greatest source of learning.”
This is a known issue and
This is a known issue and supposedly fixed in the latest version.
From the release notes:
Proactive Threat Protection displays the status "Waiting for Update" after a client migration
Fix ID: 1456698
Symptom: Proactive Threat Protection displays the status "Waiting for Update" after a client migration.
Solution: After migration, Proactive Threat Protection should be "on" and should display the latest version.
Also, running "LUALL" from the run line has fixed this in the past.
Looking at the picture, it looks like all your definitions are not current.
you can fix like this
i fix this problem like this;
1 export comminication settings in sepm (which in group) (it is a little xml file)
2 copy sylinkdrop.exe and this xml file in client computer.
3 use SylinkDrop.exe in client and import your comminication xml file
4 when import is success restart the symantec services and click "Update Policy"
PS: you must be have administrator's rigth for stop & start services
Have a nice day
Everything works better when everything works together.
Hi Fatih It didn't worked
Hi Fatih
It didn't worked for. I was fighting with the same issue even today for a solution. I will Post the solution the moment i rectify it for my cstomer.
Ajit
Regards'
Ajit Jha
Technical Consultant
STS
yes this is well known.
yes this is well known. couple KB's that might help...
http://service1.symantec.com/support/ent-security....
http://service1.symantec.com/support/ent-security....
When migrating from SEP 11
When migrating from SEP 11 with the AV/AS only feature set to a newer SEP 11 version with the AV/AS and TruScan feature sets, the SyKnApps definition folder structure does not get created correctly which causes the PTP to maintain a "Waiting for Updates" definitions status in the UI. The PTP definitions will not update.
> Symptoms:
Proactive Threat Protection definitions display as 'Waiting for Updates' and does not get updates.
No error messages are displayed in the logs.
The \Documents and Settings\All Users\Application Data\Symantec\SyKnApps\ folder is incomplete or empty. A correctly set folder would include 3 folders (Freezer, LiveUpdate, and Updates) and 2 dll files (SyKnApps.dll and Patch25.dll) before content updates are received.
The issue is not isolated to an MR2-MP2 to MR3 migration.
This problem is fixed in Symantec Endpoint Protection 11 Maintenance Release 4 Maintenance Patch 2. For information on how to obtain the latest build of Symantec Endpoint Protection, read Obtaining an upgrade or update for Symantec Endpoint Protection 11.x or Symantec Network Access Control 11.x. http://service1.symantec.com/SUPPORT/ent-security....
Other workaround options:
Uninstall and reinstall the SEP client.
Perform the migration first while maintaining the feature set, then adding Proactive Threat Protection feature afterwards
Hope this will work
Ajit
Regards'
Ajit Jha
Technical Consultant
STS
This is the solution which i
This is the solution which i recieved from Symantec Support Team.
FIX FOR PTP DEFS
http://www.ncsu.edu/antivirus/troubleshooting/sep1...
Symantec Endpoint Protection 11 (SEP 11) includes a feature called Proactive Threat Protection, which seeks out suspicious behavior on your computer, and isolates it. Since brand new viruses may not always be immediately detected by antivirus software, Proactive Threat Protection is a good barrier against the unknown.
Unfortunately, some users of SEP 11 at NCSU have noticed that their Proactive Threat Protection defitions are stuck at Wednesday, July 30, 2008 r1. Symantec Corporation claims that this issue is cosmetic, and actual threat protection services remain current.
However, NCSU OIT understands that many SEP 11 users are concerned about this issue, and so we have created a small repair utility, which corrects this issue.
To obtain and use our repair utility, follow these steps:
1. Make sure you are connected to the Internet.
2. Open your Web browser.
3. Download PTPRegFix.exe (http://www.ncsu.edu/antivirus/files/PTPRegFix.exe), and save it to your Desktop. You may need to log in with your Unity ID and password.
#
# When the download completes, close your Web browser and any other programs that are running.
# Open the PTPRegFix.exe utility:
* Windows Vista users: right-click on the PTPRegFix.exe icon. When the menu appears, select Run as administrator.
* Windows XP, 2000, Server 2003 users: double-click on the PTPRegFix.exe icon.
# If you get a Security Warning message, select the Run button.
* Windows Vista users only: If you are asked to give permission to install the program, click Allow.
# When the Self-extracting Archive window opens, read the information in the window, then click OK.
# The utility will perform the necessary repair functions on SEP 11. During this process, you will notice Windows report security errors on your computer, and Symantec Endpoint Protection 11 will be temporarily disabled. This is normal behavior, and should not be interrupted. The errors will correct themselves after a few moments.
running SEP 11 repair utility
# When the utility completes, it will automatically close.
PTPRegFix.exe
Is there a way I can either gain access to this file or know what comprises it to maybe assit in the same issues I have. I need a better solution than reinstalling on 12,000 + clients.
What is the version of your SEP?
What is the version of your SEP?
Regards,
Giuseppe
Run LUALL from the CMD line.
Run LUALL from the CMD line. This should fix the issue.
the MR4 MP2 release notes
the MR4 MP2 release notes said as below
Proactive Threat Protection displays the status "Waiting for Update" after a client migration
Fix ID: 1456698
Symptom: Proactive Threat Protection displays the status "Waiting for Update" after a client migration.
Solution: After migration, Proactive Threat Protection should be "on" and should display the latest version.
-Donny
guys Stop commenting on this
guys Stop commenting on this post, its alredy solved.
Regards'
Ajit Jha
Technical Consultant
STS
This has not been solved,
This has not been solved, even after upgrading to RU5. It is quite aggravating having features available that cannot be used because they will not update and Symantec support has not resolved the issues after a year or so of them lingering.
*Edit*
I'd like to add that I finally got PTP updated.
I changed the LiveUpdate content policy to "Select a revision" for "TruScan proactive threat scan commercial application list" which lists the latest revision as 12-04-2009 rev. 018 and set the primary LiveUpdate policy to pull updates from the Symantec internet site instead of a GUP. Now PTP is showing the latest defs. I reset the option in the content policy to "Use latest available" to see if starts pulling updates correctly in the future...I'll be keeping my eye on it.
It would be nice if it would just work the way it's supposed to without having to modify the content policy to use a specific revision versus the default of use the latest revision.
Odd...it's got defs from
Odd...it's got defs from 12/8/2009 r16 but it's still saying the defs are too for PTP.
Would you like to reply?
Login or Register to post your comment.