Endpoint Protection

 View Only

  • 1.  Intrusion Prevention Signature Failures/SweepLogs

    Posted Dec 08, 2011 05:31 PM

    I have Intrusion Prevention Signature Failures which is putting my SEPM in red. I have read many articles about SweepingLogs and I have seen the following

    link as the way to clean the logs to reset them back and clear them.

    https://localhost:8443/servlet/ConsoleServlet?ActionType=ConfigServer&action=SweepLogs

    But everytime I run the link, I get a Certificate Error. I have installed the certificate when asked but still can't get past this error to sweep the logs. Any suggestions or solutions would be greatly appreciated.

     

    Thank you

    Debra



  • 2.  RE: Intrusion Prevention Signature Failures/SweepLogs

    Broadcom Employee
    Posted Dec 08, 2011 10:52 PM

    basically the sweep logs happen automatically dialy at midnight. Is this not happening on the SEPM?



  • 3.  RE: Intrusion Prevention Signature Failures/SweepLogs

    Posted Dec 09, 2011 01:01 AM

    SweepingLogs is a SEPM back-end task that executes automatically at mid-night. IPS failures are not caused because of the Sweeping logs.

    I think the problem you are facing is because SEPM is identifying that IPS content is not up-to-date on multiple SEP clients. There might be a failure in downloading the IPS content. Please run LiveUpdate manually from Admin -> Servers -> <<Select the site>> -> Download LiveUpdate content. And then check the status of IPS content. Please verify the same for the SEP agents that are out-of-date.



  • 4.  RE: Intrusion Prevention Signature Failures/SweepLogs

    Trusted Advisor
    Posted Dec 09, 2011 08:27 AM

    Hello,

    What version of SEP 11.x are you carrying??

    Did you check the Client machines if the issue is really existing on the client machines or not??

    There was a issue which was resolved in the SEP 11.0.RU7 MP1

    Check this:

    http://www.symantec.com/docs/TECH103087

    IPS status and numbers are incorrect in reporting

    Fix ID: 2240928/2376877
    Symptom: In some areas of Symantec Endpoint Protection Manager reporting, IPS signature data is inconsistent or incorrect. Affected areas include:

    • Home > Security Status > More Details > Intrusion Prevention Signature Update Failures
    • Reports > Quick Reports, where Report type = "Computer Status" and Select a report = "Intrusion Prevention Signature Distribution"

    Solution: The Symantec Endpoint Protection Manager queries were modified to show the correct IPS client data.

     

    Hope that helps!!