Manager Console doesn’t show virus definitions status correctly
Created: 30 Nov 2010 | 9 comments
Hello.
We use Symantec Endpoint Protection v11.0.6100.645.
Manager Console doesn’t show virus definitions status correctly. When I check the PC, I can see that it received the latest virus definitions.
I checked the ntfs permissions of the C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data folder, it is ok. Eveyone has full access right. (http://www.symantec.com/business/support/index?pag...)
I need your help.
Discussion Filed Under:
Comments
Several causes.
There are several causes.
1. Could be that 1 or some of the clients in SEPM might have a definition date 1/1/1970 by error.
Easy way of dong this is, click on the clients tab-
If you have too many clients, change the display filter to 1000 and sort by definition date.
look for clients without definition date or with 1/1/1970
delete these clients.
log off from sepm and login after two minutes.
2. It could be the System account proxy settings on the client that reports wrong definition date.
Make sure you have the correct proxy settings in the logged in user account and the System account proxy settings.
Follow the below lnk to check the proxy settings
http://www.symantec.com/business/support/index?pag...
refer the "Steps to edit the SYSTEM account proxy settings through using a Scheduled Task:"
section.
Your lucky if you get to access the system account using this method.
If this does not help you, you might have to download the pstools from Microsoft.
http://technet.microsoft.com/en-us/sysinternals/bb...
3. If you have a Domain, There could be a Group policy defined of Symantec Endpoint Protection service startup type, it might be set to 'Automatic'. The desired setting is 'Not Defined'
type rsop.msc in run and click ok.
Go to Computer > Windows Settings > Security Settings > System Services
On the right hand you would find system services.
Make sure Startup and Permission is set to Not Defined.
If it is not set to not defined, on the right hand you could find the Source GPO name.
Change the GPO in AD group policy.
Please let me know if either of the solution helpd you or no.
---------------------------------
Vikas
--
Don't forget to mark your thread as 'solved' with the answer that best helped you!
Hello, Are you using the
Hello,
Are you using the Symantec Embedded Database or MS SQL for the Symantec Endpoint Protection Manager?
Regards,
James
The Symantec Endpoint Protection Knowledgebase
Please remember to mark the post which resolved your issue as the solution!
Hi. First of all I want to
Hi.
First of all I want to thank to you.
This problem belongs to our customer, I wanted a pc for the test and they supplied a PC today.
1. There are a lot of PCs without definitions on Management Console. But I hesitate to delete these PCs. Can they be visible again If I delete these PCs from management console? I have to be sure.
2. I didn't see any problem related system account proxy.
3. I checked the group policy applied. Symantec Endpoint Protection service set as automatic. I'm going to offer to change this setting but I think we should try "1" first.
They are using Symantec Embedded Database.
Thanks again.
Hi Kadir, In the third
Hi Kadir,
In the third point in the above post you mentioned that the Symantec service is set to 'Automatic'. The service should be set to 'Not Defined'. Change the corresponding AD Security policy to 'Not Defined'. Once the AD Security policy is changed, update the AD Security policy on the client or just restart the client. This should fix the issue.
Just to cross check yourself, you would notice that this issue would be for all the clients which have the Group Policy. If a client reports correct information to the manager, it might not have the Group policy.
--Vikas
Please remember to mark the post which resolved your issue as the solution!
---------------------------------
Vikas
--
Don't forget to mark your thread as 'solved' with the answer that best helped you!
hi
delete the client from the console and update the policy on the client
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
Ok. I already tested, deleted
Ok.
I already tested, deleted pc became visible after the "smc -stop" and "smc -start" .
I'm going to delete all PCs without definitions.
I tried to delete all PCs
I tried to delete all PCs without definitions but I couldn't. Deleted PCs come again rapidly.
hi
you can use taskkill /s system name /f /im "smc.exe"
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
I'm going to try. I
I'm going to try.
I discovered new problem. I installed SEP to remote pc via management console. It installed succesfully but It can't updates itself. Client can reach server's 8014 and when I run netstat on command prompt I can see that connection was established. I checked SyLink.xml. Everything seems ok.
I confused.
Would you like to reply?
Login or Register to post your comment.