Hello, everybody,
I have a weired situation with SEP12.1EE notifications.
After migrating my clients successfully to SEP12.1EE from SEP11RU6MP3, I got notfications about outdated IPS- and SONAR-signatures on all migrated clients.
During migration I followed the Symantec whitepapers, as well as the instructions learned in a small course, held here in Hamburg.
This problem is not limited to a specific Windows version (We have a mix of Windows 7 64-BIT and XP).
My notfications are configured to be triggered from1 PC with signatures older than 7 days.
The dates in the notification E-Mails are reflecting exactly the migration day (I pushed the clients with full content & resetting communication).
When you investigate this "issue", you will see, that the mentioned clients "shows green" with no problems and fully communication, the Home Tab in SEPM shows "everything o.k.!", the client´s propertys in the client group in SEPM shows the most recent updates, good communication and all reports shows the most recent content and no communication problem.
I veryfied the LU content in SEPM also; it´s o.k.!
On the other hand, by using the SEP Support tool on these clients, they show the IPS and SONAR content with the wrong date and with the remark "last checked: 01/01/1680". (It´s not a fault, it´s really 1680!)
During investigating this issue, I tested what´s happening, if you make a clean install (removeing SEP11, before pushing the new client) or on new machines with a first time installation of SEP12.1 and I learned, that my issue is limited only to migrated clients!
I tested the workaround for the "Date-/Time-Format" issue; my problem seems not to be related to that issue.
Last but not least, I looked in the registry on the affected clients and found something, similar to this:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\SharedDefs\SymcData-cndcipsdefs]
"cndcIps"="C:\\PROGRA~3\\Symantec\\DEFINI~1\\SymcData\\CNDCIP~1\\20110921.001"
"SepCache3"="C:\\PROGRA~3\\Symantec\\DEFINI~1\\SymcData\\CNDCIP~1\\20110917.001"
"SepCache2"="C:\\PROGRA~3\\Symantec\\DEFINI~1\\SymcData\\CNDCIP~1\\20110920.001"
"SepCache1"="C:\\PROGRA~3\\Symantec\\DEFINI~1\\SymcData\\CNDCIP~1\\20110921.001"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\SharedDefs\SymcData-cndcipsdefs\MicroDefs]
"LastBinUpdate"=hex:01,00,00,00
***************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\Content\IPS]
"CurrentPath"="C:\\PROGRA~3\\Symantec\\DEFINI~1\\SymcData\\CNDCIP~1\\20110921.001"
"CurrentSequence"="110921001"
These paths are the old ones for SEP11 and they are empty, as expected. Shouldn´t they have been deletd during migration?
All clients have the correct paths for the recent content also in the registry!
My questions: Is this my mistake or a bug in the product? Is there a chance for correcting this, without uninstalling all migrated SEP-Clients? Does anyone else here have similar issues? If it is my mistake, what did I miss or made wrong?
Kind regards from Germany,
Rolf