Endpoint Protection

 View Only

  • 1.  Installed Features & Distributed Definitions

    Posted Nov 23, 2015 04:36 AM

    Hi

    I have a question about a point I do not properly understand.
    We have experienced various issues on Citrix servers caused by the latest few IPS definitions that have been released. IE just stops working without notice. But the issue can be solved by backdating the IPS definitions.

    So far so good.
    What's not so good is the fact that IPS is not even installed on these servers.

    Why do clients without corresponding features get definitions and updates for these features installed?
    And even if, why does this affect the SEP-client at all if it is just not installed?

    Greetings



  • 2.  RE: Installed Features & Distributed Definitions

    Posted Nov 23, 2015 05:30 PM

    Is the component installed but no policy applied? If so, defs still get updated on the client. Although if no policy is applied I don't see why IPS would cause an issue.

    What is the exact version you're on?



  • 3.  RE: Installed Features & Distributed Definitions

    Posted Nov 24, 2015 07:18 AM

    Hi there

    Thanks for the answer!
    Only the "Virus, Spyware and Basic Download Protection" and "Advanced Download Protection" are installed as features on the Servers.

    The Version of the Client is 12.1.4013.4013 and the SEPM is 12.1 RU6 MP1.



  • 4.  RE: Installed Features & Distributed Definitions

    Posted Nov 24, 2015 08:16 AM

    Looking through release notes there were fixes for the IPS component but I don't see anything specific to your issue. I just can't see how having no IPS policy applied would cause a problwm unless it's a bug of course. I would suggest you open a case with support to find out what's going on. If you can try upgrading to 12.1.6 MP3 to see if that fixes it if first. It may be as simple as that.



  • 5.  RE: Installed Features & Distributed Definitions

    Posted Nov 26, 2015 07:47 AM

    Unlike "Basic Download Protection", the "Advanced Download Protection" install a plugin in the IE (and firefox) called "Symantec Vulnerability Protection", which is part of the "Browser Intrusion Prevention" of SEP client. Hence installing "Advanced Download Protection" will require the client to download Client Intrusion Detection System (CIDS) signatures.

    If you do not need "Browser Intrusion Prevention" on your computers, you can uninstall it by modifying the SEP client and removing the "Advanced Download Protection" feature. This will help you avoid the issue that you mentioned in your post.

    Please mark Solved, if your question has been answered.



  • 6.  RE: Installed Features & Distributed Definitions

    Posted Dec 02, 2015 06:41 AM

    Did you get a chance to uninstall "Advanced Download Protection" and confirm that the IDS definition are not downloaded anymore?