To modify the Antivirus and Antispyware policy's notification settings:

1. Log into the SEPM console and select the Policies tab
2. Select the Antivirus and Antispyware Policies link from the View Policies pane
3. Select the policy used by the affected clients from the Antivirus and Antispyware Policies pane
4. Click the Edit the Policy link in the Tasks pane
5. Expand Windows Settings and select the Miscellaneous tab
6. Select the Notifications tab in the Miscellaneous pane
7. Set the Days before a warning appears in Symantec Endpoint Protection value to the number of days calculated as "safe" for the affected clients.
8. Click the OK button to close the AV Policy window and save the changes to the policy

Reference

http://www.symantec.com/business/support/index?page=content&id=TECH150078

Hi,

This issue occurs when definitions provided by the Symantec Endpoint Protection Manager are older than the amount of days configured in the Antivirus and Antispyware policy before an outdated definitions notification will appear.

If the definitions on the SEP client and SEPM server are less than 24 hours old, the Antivirus and Antispyware policy is likely configured to warn after definitions are 1 day out of date. This is against best practices as definitions new definitions are not made available immediately at midnight.

Miscellaneous tab is available in Enterprise Edition only, it's not available in Small Business Edition.

Select your AV policy

Miscellaneous >> Miscellaneous tab >> Adjust Display a Windows Security Center message when definitions are outdated

Thanks everyone for your replies.

I have already set the appropriate settings under the miscellaneous policy, however this isn't the problem.  We have some clients that have not accessed the network for more than 30 days, but I don't want to chnage the notification to alert for out of date definitions longer than that.

The problem we have is that when a client does receive the notification they only have the option to click 'close' and when they do they get another prompt about 30 seconds later, even though the client is in the process of updating.  This is causing great annoyance to some of our users which is why I want to modify the frequency of this alert so they will only get the prompt again if the client hasn't updated within a specified amount of time (eg 1 hour).

Hi,

I think this option are not available in SEPM you can Set Specify Amount of time.

The original post is experiencing and issue where pressing OK on the "out of date" message doesn't actually make the message go away. It keeps popping up immediately after pressing OK.

I experience this issue too on 12.1 MP1 RU1. I didn't experience it before upgrading to this latest release. I'm hoping this issue is resolved in 12.2.

We have also had the same problem when running 12.1 RU1 MP1.  The notification does not suppress for 24 hours like previously in SEP 11.  I had a case with support who told me to change my out of date notifications to 28 days, that does not work in my enviroment.

SEP 11 used to have the option to "not remind me for another 24 hours" which was generally plent of time for the GUP or Live Update to push out the definitions.  Since support does not seem to remember this feature I have turned it off on the client end, and monitor it from the SEP Manager and vulnerability scanner.

Hello,

I would suggest you to edit the "Virus Definitions Out-of-Date" Notification and set the correct Damper Period and correct settings.

Damper Period:

Specifies the length of the damper period, in minutes or hours, that you want to use for this notification.

Some logs use a damper period for event aggregation. Events are held on the clients for the damper period before they are aggregated into a single event and then uploaded to the console. The damper period helps to reduce events to a manageable number.

The default damper setting is Auto (automatic). If a notification is triggered and the trigger condition continues to exist, the notification action that you configured is not performed again for 60 minutes. For example, suppose you configure a notification to alert you when a virus infects five computers within one hour. If a virus continues to infect your computers at or above this rate, you receive notifications every hour. The notifications continue until the rate slows to fewer than five computers per hour.

Hope that helps!!

Hi,

Could you please check the damper settings.

Navigation path:

SEPM --> Monitors --> Notifications --> View Notifications --> Notifications Conditions --> Edit Virus Definitions out of date --> Check damper setting time, I hope it's not set to Auto.

Thanks Chetan,

I have checked the above settings you have advised and the Damper setting time is 10 hours - (not set to auto).

However am I not correct in understanding that this setting relates to notifications on the server, not on the client itself?

Just out of curiousity, has anyone done a complete uninstall/reinstall? Did that fix it?

HI,

This setting not available in SEPM ,

You can raised Idea for this option 

What is that "Damper" means ?

Not even encountered in my present Administration of SEP. To avoid annoyance to client, disable all the pop-ups and refer to the logs for your reference.

Thanks everyone for your responses.  Your solution, Ch@gGynelL_12, is OK as a workaround, however we do want the clients to be notified if virus defs are older than 30 days, so will keep the alerts on.  This is in case anything is missed in the logs or a client drops out of SEPM without us realising (this has happened before with 2 pcs with the same hardware id).  The client side alert at least will prompt user to call if there is a problem.  It seems that we have to accept there is no way to configure this, which is a shame and seems to be an oversight in the design of SEP 12.1.  Maybe next release will include this feature as the lack of it will potentially cause a lot of calls to service desks when there are a lot of clients deployed in a SEP environment.

On a vaguely related note, have you considered using Location Awareness (http://www.symantec.com/docs/TECH97369) so that your SEP clients obtain the latest definitions directly from Symantec LiveUpdate when they are out of the office.

While this doesn't directly affect the notifications themselves, it would prevent the "Defs out of date" message from appearing, as the clients will be up-to-date.  Plus, you'll have the added security of ensuring your client machines are using the latest defs where ever they are (clearly this is only applicable if the out of office laptops have access to the Internet).

Hello,

It has been found that the option "Don't remind me again until after the next update" is visible only if the logged user has admin priviledges and UAC is disabled.

Quote: It has been found that the option "Don't remind me again until after the next update" is visible only if the logged user has admin priviledges and UAC is disabled.

Does anyone know if 12.1.2 or 12.1.2.1 has fixed this issue or is it still outstanding? Thanks-