Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Intrusion Prevention Signature Failures

Created: 16 Jan 2013 • Updated: 16 Jan 2013 | 10 comments
This issue has been solved. See solution.

This morning my SEPM 12.1.2015.2015 is reporting a Failure Ratio of 47.7%

Status Details show most clients are reporting "Not Available" and the rest show signatures 14/7/2011 r1

Liveupdate shows no updates found. 

Symantec shows current sifgnatures as Definitions Released: 1/16/2013

Extended Version: 1/15/2013 rev. 11

Comments 10 CommentsJump to latest comment

.Brian's picture

Check the LiveUpdate.log on the SEPM for errors.

What does an up to date client show?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Ashish-Sharma's picture

HI,

Just wait some time,It's update automatic

Network-Based Protection (IPS): It's showing Latest

Extended Version: 1/15/2013 rev. 11
 

Thanks In Advance

Ashish Sharma

SebastianZ's picture

What version do you see available in the SEPM console -> Admin -> Servers -> Local Site -> Show Available Downloads? If it is the same - you should be with the current revision.

thedominion's picture

Now 74.69%

Liveupdate downloads shows,

Intrusion Prevention signatures Win32 11.0 01/15/2013 r1 January 16, 2013 12:07:26 AM EST

Client displaying IPS Defs as "not available" in SEPM show Sequence 130115011 DTD 1/16/2013 in the client.

In SEPM under LUP Policies>Content Revision shows IPS Win32 11.0 Rev 01/15/2013 r1

My next step is to bounce the server.

SOLUTION
.Brian's picture

Your failure rate now shows 74.69% ?

What happens if you try to update a client by running liveupdate just as a test? Does it update?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Ashish-Sharma's picture

HI,

You can wait some time It's automatic Update when System are online ...

Thanks In Advance

Ashish Sharma

thedominion's picture
The following Symantec products and components are installed on your computer:
 
> Symantec Endpoint Protection Client
> SONAR Definitions
> AP Portal List
> Extended File Attributes and Signatures
> Centralized Reputation Settings
> Intrusion Prevention Signatures
> Submission Control Thresholds
> Virus and Spyware Definitions Win64
> Symantec Whitelist
> Virus and Spyware Definitions Win64 (hub)
> Revocation Data
 
Initializing...
Connecting to liveupdate.symantecliveupdate.com...
Connected to LiveUpdate server successfully.
 
There are 11 update(s) to be downloaded.
Downloading catalog file (1 of 11) finished.
Downloading catalog file (2 of 11) finished.
Downloading catalog file (3 of 11) finished.
Downloading catalog file (4 of 11) finished.
Downloading catalog file (5 of 11) finished.
Downloading catalog file (6 of 11) finished.
Downloading catalog file (7 of 11) finished.
Downloading catalog file (8 of 11) finished.
Downloading catalog file (9 of 11) finished.
Downloading catalog file (10 of 11) finished.
Downloading catalog file (11 of 11) finished.
 
Session summary: 0 update(s) available, 0 update(s) installed.
LiveUpdate session is complete.
 
.Brian's picture

I would do a restart to see what happens.

You can also run a repair on the SEPM

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

thedominion's picture

Reboot appears to have cleared this up as all clients now show an IPS def date in this year.

Thanks to all those that chimed in with recommendations.