How can I trace verus definition updates on an SEP client?
Updated: 23 May 2010 | 7 comments
This issue has been solved. See solution.
Is there a log somewhere on the SEP Manager (or client, for that matter), that records the version number of a virus definition file when it is downloaded and applied?
With SEPM, it's easy to find the current version of virus definitions on any managed client; but sometimes it's helpful to when earlier versions were running on a client, and when they were replaced -- this info can help me deal with false positive alerts and missed detects, when they occur.
Under version 10, I could access a client's Event Log via Symantec System Center and find this information in the Definition File Loaded events. But I can't find anything equivalent in SEP. Is there a way to get that info?
discussion Filed Under:
Comments
On the Client- go to LOGS -
On the Client- go to LOGS - -Antivirus and Antispyware --View Logs --System Log
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Alternatively, you could can
Alternatively, you could can check the client's Event Log:
Source: Symantec AntiVirus
Type: Information
Event ID: 7
This will show you the date, time, and def. version that was loaded. You can filter the Event Log based on the above items and even use EventComb if you want to check multiple clients.
Clarification
Sorry, that would be the 'Application' log in the Event Viewer.
Thank you. I found the log
Thank you. I found the log with the information I needed.
(It would be nice however, if this would be uploaded to SEPM...)
Oh I'm pretty sure that the
Oh I'm pretty sure that the logs are in the SEPM too.
There is an online portal, save yourself the long hold times. Create ticket online, then call in with ticket # in hand :-) http://mysupport.symantec.com "We backup data to restore, we don't backup data just to back it up."
Lots of logs on SEPM, but not the info I want
The logs I can access in SEPM have lots of useful information; but if the version of the virus information file is there, I haven't been able to find it. I think I've looked at pretty much every log I can find through the SEPM console, and especially at the System/Client Activity and System/Client-Server Activity logs. The Client-Server log does show a "Client has downloaded the content package" event, but it doesn't provide any particulars.
Is there a way to configure the system so that the version information does appear in the SEPM logs?
Lots of logs on SEPM, but not the info I want
The logs I can access in SEPM have lots of useful information; but if the version of the virus information file is there, I haven't been able to find it. I think I've looked at pretty much every log I can find through the SEPM console, and especially at the System/Client Activity and System/Client-Server Activity logs. The Client-Server log does show a "Client has downloaded the content package" event, but it doesn't provide any particulars.
Is there a way to configure the system so that the version information does appear in the SEPM logs?
(sorry for the double-post...)
Would you like to reply?
Login or Register to post your comment.