Endpoint Protection

We use MRPMP1 and Active Directory to manage the groups.
There are several machines on the domain that at one time were managed by SEPM, but due to some compatability issues, were later moved to a different AV solution managed by a different server.
They are still in active directory and SEPM is looking for these machines and saying they are failing definition updates etc..
Is there any way to make SEPM ignore these as if they had never previously been managed by SEPM?
We cannot just delete them from active directory because the machines are still in use.

Have you tried setting the purge in SEPM?  It's under Admin, Servers, Right click on your Site, Properties and select the checkbox. I am not sure it works all that well since we have 235 machines being managed but if you look at the logs and the last check in time, it shows 399 with dates way farther back from 2008 timeframes.  I opened a ticket with Symantec on this a while back, they said I had to rebuild the DB but this is not an option.  The strange thing is that if you look at the main status page, it shows 235 machines with the bar graphs/dat versions, etc.  So I think the 30 day thing is purging them from this area/the clients area but not sure if they ever leave the DB for good.  Hope this helps, if you figure it out please post it as it would be nice to have a clean DB for reporting.

Just delete them on the clients page.

For me you should use STR for the reporting you can easily delete clients on the inventory whenever you want.

You cannot delete these computers while they still in Active Directory AFAIK. Even if you delete them manually they will return after next sync with AD. I guess there is nothing you can do with them right now.
You can try open case in support. Maybe in some future release they will do something about that.

I don't care if the machines are listed in SEPM on the Clients tab.  There are other machines showing there that were never managed by SEPM and it is not a problem to simply appear in the SEPM console.  Even though it sees the machines accounts, it only adds machines to status reports that had been managed by Endpoint.

The problem is with machines that were once managed by SEPM and are no longer managed.  I don't see any way to let SEPM know those machines are no longer managed other than to remove the machines from Active Directory.  This is not a solution, because sometimes Endpoint is uninstalled, but the same machines still need to remain in Active Directory and are using some other AV product. 
I need SEPM to ignore these and not add them to reports of definition failures.
Since AD is used for managing groups, there is no option to delete them in SEPM.

What I'd like to find is a way to tell SEPM this machine is not managed by you anymore, so ignore this machine (in the same way it ignores machines in AD that were never previously in a managed state).  There is probably something in the database that needs to be deleted manually, but it would be better if there if the console GUI had an option to do this.
It is very presumptuous for Symantec to assume that once a machine in an organizational unit that has been imported into Endpoint has been managed by SEPM once, it will continue to be managed by SEPM until the day that machine is deleted from the domain.

SEPM will remove machine data if it is inactive for 30 days (by default)

SEPM will remove machine data if it is inactive for 30 days (by default)


Unfortunately, it is not doing that.
Machines that have not been managed since November 2008 are still appearing in status reports as antivirus definition failures.

Yes After 30 Days it wont come.

Maybe it is "supposed to" purge machines after 30 days of not updating, but some refuse to go away.
We have a handful of machines that haven't used SEPM for AV since November of 2008 and they are still screwing up our status reports by being listed as definition failures.
This is really annoying.
Is this something that is fixed in MR4MP2?

We really need to do something about this.  Is there a way to clear out its "memory" of old clients and build a new database so only active machines using SEPM are listed?

We gave up on trying to get anything useful out of the reporting sections of SEP. Try getting the information you are looking to report on from Monitor > Logs. it seems to be fairly accurate.

As far as the computer accounts in AD/Managed in SEP issue. This seemed like a feature that was not thoroughly thought out from a day-to-day administration stand point. Drop the AD integration of SEP and figure out how to use the location based policies in SEPM. There are enough options you can do just about anything you want if you plan it out and set up the logic.

Maybe you could move the computers to a non-SEP synched OU...lots of work and planning up front for that too.

Is there not a command or procedure to reset the SEPM database record of managed machines and do a fresh redetection?

We have machines in AD that were never managed by SEPM and even though they are listed in the SEPM console under clients, that isn't a problem because they are not included in status reports.  The machines that we tried managed SEP and later changed to other AV management are the problems that will not go away.  They are phantom SEPM clients that are listed as failing to update AV.  We now have a red warning status about too many clients with out of date AV definitions when we log into SEPM.

It isn't AD, it's the SEPM database.  We will never have 100% of our machines in AD managed by SEPM and some may be managed by SEPM as a trial and later discontinued

If a clean and reset is not a feature now, it needs to be added.

Try the following SQL procedure to try and deleet the clients

(TEST FIRST, I DO NOT HOLD ANY RESPONSIBILITY IN CASE ANYTHING GOES WRONG IN YOUR PROD. ENV or elsewhere) :P

delete <Client_name_you_want_to_delete> from <table_name>

then try to execute the statement.

Works for me, but may need some tweaking at your end.