Video Screencast Help
Search Video Help Close Back
to help

Intrusion Prevention Signature Failures

Created: 15 Jan 2012 | 10 comments
Kovera's picture
Kovera
0 0 Votes
Login to vote

My company uses SEPM to manage clients,however in the SEPM Console its showing Intrusion Prevention Signature Out-of-Date for some computers that have already being updated via scheduled updates from SEPM.

Please solve 

Discussion Filed Under:
,

Comments 10 CommentsJump to latest comment

pete_4u2002's picture
pete_4u2002 Symantec Employee
Intrusion Prevention Signature Failures - Comment:15 Jan 2012 : Link

What is the SEPM version ?

if the clients are already updated and is SEPM 12.1, check this link and let know if it resolves your issue

http://www.symantec.com/business/support/index?page=content&id=TECH164272

Cheers!
Pete

Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619

0
Login to vote
  • Actions
Kovera's picture
Kovera
Intrusion Prevention Signature Failures - Comment:15 Jan 2012 : Link

Hi Pete,

The message showing on the SEPM12.1 console says Intrusion Prevention Signature Failures;

0
Login to vote
  • Actions
Simpson Homer's picture
Simpson Homer Symantec Employee
Intrusion Prevention Signature Failures - Comment:15 Jan 2012 : Link

Try changing the date format, and see if that helps?

+3
Login to vote
  • Actions
Avkash K's picture
Avkash K
Intrusion Prevention Signature Failures - Comment:15 Jan 2012 : Link

Thums Up to Simpson's advice!!

 

Go through the following link:

http://www.symantec.com/business/support/index?page=content&id=TECH164272

 

May this help you!!

Regards,

Avkash K

+1
Login to vote
  • Actions
AR Sharma's picture
AR Sharma
Intrusion Prevention Signature Failures - Comment:15 Jan 2012 : Link

Check this:

http://www.symantec.com/docs/TECH103087

IPS status and numbers are incorrect in reporting

Fix ID: 2240928/2376877
Symptom: In some areas of Symantec Endpoint Protection Manager reporting, IPS signature data is inconsistent or incorrect. Affected areas include:

  • Home > Security Status > More Details > Intrusion Prevention Signature Update Failures
  • Reports > Quick Reports, where Report type = "Computer Status" and Select a report = "Intrusion Prevention Signature Distribution"

Solution: The Symantec Endpoint Protection Manager queries were modified to show the correct IPS client data.

Let me know if this helps.

Thanks & Regards,

AR Sharma, CISSP

IBM Certified System Admin- Lotus Domino V7

ITIL V2 Certified

+1
Login to vote
  • Actions
pete_4u2002's picture
pete_4u2002 Symantec Employee
Intrusion Prevention Signature Failures - Comment:15 Jan 2012 : Link

Since the end user is using SEP 12.1, I would reiterate to try changing the date format and let know if it helps.

http://www.symantec.com/business/support/index?page=content&id=TECH164272

Cheers!
Pete

Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619

0
Login to vote
  • Actions
Mohankumar's picture
Mohankumar Partner Accredited
Intrusion Prevention Signature Failures - Comment:15 Jan 2012 : Link

Hi Kovera,

check this it helps you,

  1. Log into the SEPM Console
  2. Click the Preferences link In the  Security Status section on the SEPM Home tab
  3. Select the Logs and Reports tab
  4. Select DDMMYY from the Date format combo box
  5. Click the OK button to close the Preferences page
  6. The changes to these settings may take a few minutes to take effect.
  7. Restart the SEPM console machine and check if issue is not resolved
  8. If you select DDMMYY change to MMDDYY and wait for few minutes take effect and
  9. Restart the console machine logon to console machine refresh the page and check it once.
0
Login to vote
  • Actions
Mithun Sanghavi's picture
Mithun Sanghavi Symantec Employee Technical Support Accredited
Intrusion Prevention Signature Failures - Comment:16 Jan 2012 : Link

Hello,

Is the client updated?

What is the date format selected?

See if this link helps

http://www.symantec.com/business/support/index?page=content&id=TECH164272

This is a reporting issue, we are aware of the problem.  Your clients are still updating.

The short term fix would be to either increase your Download Protection and IPS thresholds or to switch to using the US date format for reporting temporarily.

Again, Updating to 12.1 RU1 fixes the problem.

See the below link on how to upgrade 12.1 to RU1:

Upgrading or migrating to Symantec Endpoint Protection 12.1.1000 (RU1)

http://www.symantec.com/business/support/index?page=content&id=TECH174545

Hope that helps!!

Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3

Twitter: @mithun_sanghavi

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a

0
Login to vote
  • Actions
Kovera's picture
Kovera
Intrusion Prevention Signature Failures - Comment:17 Jan 2012 : Link

Can somebody help.

Our company's SEPM 12.1 console is showing error message "Intrusion Prevention Signature Failures?Any solutions?

0
Login to vote
  • Actions
pete_4u2002's picture
pete_4u2002 Symantec Employee
Intrusion Prevention Signature Failures - Comment:17 Jan 2012 : Link

did you change the date format?

what was teh date format and to what did you changed?

Cheers!
Pete

Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619

0
Login to vote
  • Actions