Endpoint Protection

I am currently managing some SEP 12.1.1 MP1 and 11 RU5 clients with a SEPM 12.1.1 MP1.

In the Endpoint Status section (from Home tab), in the Out-of-date report, I can see some SEP 11 RU5 machines that have IPS definitions out of date.

In the C:\ProgramData\Symantec\Definitions\SymncData\cndcipsdefs folder, I do not have any definition folder for the IPS signature in the report.

In the definfo.dat and usage.dat I have no definition entry with the date shown in the report.

In the registry entry HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\Content\IPS, the CurrentSequence value is not the one from the reports, but the one from the cndcipsdefs folder. the CurrentPath is correct too.

Could anyone tell me what could be the source of the information from the report?

Hello,

Could you please provide us the Screenshot of "Show LiveUpdate Downloads"

SEPM > Admin > Servers > Highlight Local Site > Click on "Show LiveUpdate Downloads"

Secondly, I would recommend you to Update the SEP 11.0.5000 clients to SEP 12.1 RU1 MP1.

Also, Check this Thread:

https://www-secure.symantec.com/connect/forums/confused-about-dates-ips-defintions

Hope that helps!!

Thank you for the links. They are useful, but not in my case.

The client receives updates from an Internal LiveUpdate Server and not from SEPM, so the SEPM information is not really relevant. Anyway, the IPS signatures Win32 11.0 and Win 64 11.0 in the SEPM console are the latest ones, while the client seems to have IPS signatures from last year in the reports that I have mentioned.

Other clients that are getting updates from the same server do not have this problem.

Any other ideas?

Hello,

What OS is installed on the SEP 11.x client machines?

What Version of LUA are you running?

Is the LUA configured properly to distribute the downloads to these clients?

Is this issue occurying on 1 machine or a number of machines and are these machines in the same group?

1. Windows 7 Enterprise x64

2. LUA 2.3.1

3. Yes, LUA is configured properly

4. The issue is occurying on a few machines, all from the same SEPM group, but they are not all receiving updates from the same Internal LiveUpdate server. Please note that this is an issue on 3-4 machines out of almost 2000.

I don't know if I was completely clear, so I will repeat the issue: the SEP 11 RU5 client is downloading and installing IPS correctly (at least this is how it looks from files, folders and registry values), but the SEP client looks out of date from the IPS definitions point of view in SEPM 12.1.1 MP1 Out-of_Date report.

Hello,

Since this issue is on 3-4 machine, would it be possible for you to Migrate these machines to the Latest Version of SEP 12.1 and check if that helps!!

Unfortunately this is not possible yet and it will not be possible for another 2 or 3 weeks at least.

We are currently in the process of testing the new client and it will not be deployed into production until the test are over. These machines are not available for testing purposes.

Could you at least tell me if I have checked the correct files, folders and registry entries?

Hello,

You have checked the correct Files and registry enteries. However, this seems to be like a cosmetic issue and should go off once the clients are updated with the Latest version of SEP 12.1.

Hope that helps!!

Thank you for your help. I will keep this topic opened until I am able to update those clients to see if upgrading them solves the problem.

I have upgraded some of the clients to the SEP 12.1.1 MP1 version and this has fixed the issue. Thank you for your support.