Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Intrusion Prevention Signature Failures

Created: 15 Jan 2012 | 10 comments

My company uses SEPM to manage clients,however in the SEPM Console its showing Intrusion Prevention Signature Out-of-Date for some computers that have already being updated via scheduled updates from SEPM.

Please solve 

Discussion Filed Under:

Comments 10 CommentsJump to latest comment

pete_4u2002's picture

What is the SEPM version ?

if the clients are already updated and is SEPM 12.1, check this link and let know if it resolves your issue

http://www.symantec.com/business/support/index?page=content&id=TECH164272

Kovera's picture

Hi Pete,

The message showing on the SEPM12.1 console says Intrusion Prevention Signature Failures;

Simpson Homer's picture

Try changing the date format, and see if that helps?

Avkash K's picture

Thums Up to Simpson's advice!!

Go through the following link:

http://www.symantec.com/business/support/index?page=content&id=TECH164272

May this help you!!

Regards,

Avkash K

AR Sharma's picture

Check this:

http://www.symantec.com/docs/TECH103087

IPS status and numbers are incorrect in reporting

Fix ID: 2240928/2376877
Symptom: In some areas of Symantec Endpoint Protection Manager reporting, IPS signature data is inconsistent or incorrect. Affected areas include:

  • Home > Security Status > More Details > Intrusion Prevention Signature Update Failures
  • Reports > Quick Reports, where Report type = "Computer Status" and Select a report = "Intrusion Prevention Signature Distribution"

Solution: The Symantec Endpoint Protection Manager queries were modified to show the correct IPS client data.

Let me know if this helps.

Thanks & Regards,

AR Sharma, CISSP

IBM Certified System Admin- Lotus Domino V7

ITIL V2 Certified

pete_4u2002's picture

Since the end user is using SEP 12.1, I would reiterate to try changing the date format and let know if it helps.

http://www.symantec.com/business/support/index?page=content&id=TECH164272

Mohankumar's picture

Hi Kovera,

check this it helps you,

  1. Log into the SEPM Console
  2. Click the Preferences link In the  Security Status section on the SEPM Home tab
  3. Select the Logs and Reports tab
  4. Select DDMMYY from the Date format combo box
  5. Click the OK button to close the Preferences page
  6. The changes to these settings may take a few minutes to take effect.
  7. Restart the SEPM console machine and check if issue is not resolved
  8. If you select DDMMYY change to MMDDYY and wait for few minutes take effect and
  9. Restart the console machine logon to console machine refresh the page and check it once.
Mithun Sanghavi's picture

Hello,

Is the client updated?

What is the date format selected?

See if this link helps

http://www.symantec.com/business/support/index?page=content&id=TECH164272

This is a reporting issue, we are aware of the problem.  Your clients are still updating.

The short term fix would be to either increase your Download Protection and IPS thresholds or to switch to using the US date format for reporting temporarily.

Again, Updating to 12.1 RU1 fixes the problem.

See the below link on how to upgrade 12.1 to RU1:

Upgrading or migrating to Symantec Endpoint Protection 12.1.1000 (RU1)

http://www.symantec.com/business/support/index?page=content&id=TECH174545

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Kovera's picture

Can somebody help.

Our company's SEPM 12.1 console is showing error message "Intrusion Prevention Signature Failures?Any solutions?

pete_4u2002's picture

did you change the date format?

what was teh date format and to what did you changed?