Endpoint Protection Small Business Edition

 View Only

  • 1.  Network Threat Definitions no current

    Posted Dec 14, 2010 03:47 PM

    Does anyone have any idea why the Network Threat Protection definitions are always behind at the clients when relying on SEPM to push the LU content?

    I have the clients pulling updates from the SEPM.  The AV and PTP definitions are about 1 day off, but never more than that.  The NTP defs always seem to be 4+ days off.

    If LU is run from the client manually (to LiveUpdate Symantec Servers), all portions of Endpoint Protection suddenly have current definitions.



  • 2.  RE: Network Threat Definitions no current

    Posted Dec 14, 2010 04:20 PM

    NTP definitions are not released daily like the AV definitions. They will not always match the date of your virus definitions.



  • 3.  RE: Network Threat Definitions no current

    Posted Dec 14, 2010 04:46 PM

    Moreover, usually "one day off" means that you are up-to-date. Well, it depends on your time zone. You can check current definitons deployed by Symantec (look also for revision number after the date as AV/AS definitions are deployed up to 3 times a day) in your console on Home screen and here:

    http://www.symantec.com/business/security_response/definitions.jsp



  • 4.  RE: Network Threat Definitions no current

    Posted Dec 15, 2010 08:07 AM

    Why, then do the NTP definitions update to a newer version upon doing a 'manual LU' at the client whereas it was an earlier version from the SEPM.  Does the SEPM pull a 'list' first upon a live update or does it just pull 'live' content and distribute?

    My SEPM is timed to retrieve LU cont every 4 hours.  The clients are set to 'push mode'.

    I do understand that NTP and (sometimes) PTP defintions do not always match AV definitions.  The NTP has seemed as 'iffy' sometimes, so I am trying to troubleshoot every angle of it.

    Thanks for your help.



  • 5.  RE: Network Threat Definitions no current

    Posted Dec 15, 2010 11:16 AM

    I am not seeing the same behavior in my lab. Yesterday my AV definitions were dated 12/14, while NTP was dated 12/10. I ran a manual liveupdate from the client and the NTP date stayed the same. Note that NTP only updates definitions 1 - 2 times per month.

    What date is your NTP definitions showing today?

     



  • 6.  RE: Network Threat Definitions no current

    Posted Dec 15, 2010 11:27 AM

    I will have to investigate further then...

    Maybe the clients behave slightly different on different platforms; XP vs. 7 vs. server OS, x64 vs. 32 bit.

    I will dig deeper.  Maybe I can get more specifics.  For the most part, complaints have been coming from XP machines.  The Servers seem fine and my Windows 7 machines seem alright.

    Thanks for educating on the update schedule of NTP defs.

    I will note anything I see further.