Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

outdated virus definitions warning configuration

Created: 21 Nov 2012 • Updated: 21 Nov 2012 | 15 comments

In SEPM 12.1 there is configuration of policy for Outdated Virus Definitions Warning. When this warning pops up on the client computer the end user can click in a check box to inform the application "don't warn me until after next update". However, this check box only seems to appear when the user logged on is a local administrator. For regular users the check box does not appear, and the popup continues to pop up every minute or so. Is there a way to get the check box to appear, giving the regular user the option to place a check mark in the box indicating to the application that it should not warn until after the next update has downloaded and installed?

Comments 15 CommentsJump to latest comment

Ajit Jha's picture

To display a warning about definitions

  1. On the Antivirus and Antispyware Policy page, under Windows Settings, click Miscellaneous.

  2. On the Notifications tab, under Notifications, select one or both of the following options:

    • Display a warning when definitions are outdated

    • Display a warning when Symantec Endpoint Protection is running without virus definitions

  3. For outdated virus and security risk definitions, set the number of days that definitions can be outdated before the warning appears.

  4. For missing virus and security risk definitions, set the number of remediation tries that Symantec Endpoint Protection must make before the warning appears.

  5. Click Warning for each option that you checked, and then customize the default message.

  6. In the warning dialog box, click OK.
  7. If you are finished with the configuration for this policy, click OK.

Regard's

Ajit Jha

Technical Consultant

ASC & STS

Lazarus's picture

You did not address the original question.

sidhartha did not ask how to have the message appear; he asked how he could get the check box about not displaying the alert until after the next update to show up for regular users (not administrators).

Can you address this question because I would like to know, too.

sidhartha's picture

Yeah, since there was no reply here I went through support and ended up just unchecking both boxes on the items mentioned above. The alternative was to extend the warning to 60 days, which doesn't get rid of the problem, but does reduce the incidence. Unchecking the boxes, and disabling the notifications completely, may not be the most desirable config, but it does get rid of the annoyance to the end user, and I'm still able to track out-dated defs in the console, and via email alerts to administrators.

Lazarus's picture

I opened a ticket with support who told me this was a bug and was being investigated. Not that they said when ort if it would be fixed, but one would hope they would make the program match not only the documentation but continue doing this as it has been done all along.

We just jumped from SAV 10 to SEP 12.1 a couple of months ago and SAV was providing that check box up until we decomissions the last SAV server.

One other thing I found that's sort of related: the message box is pretty limited in the number of characters you can use for your message. I don't know the exact number, but it's not much more than 150-200. I want to keep a pretty short suspense in place, but tell the users to give the machine time to catch up from offline before call the Help Desk.

JS@support's picture

Hi,

As per my understanding it's by design with SEP 12.1

However you might see improvement in the upcoming releaes if Symantec accepting it as a bug.

Lazarus's picture

The article at http://www.symantec.com/docs/TECH150078, tited "Endpoint Protection client warning: "Old Virus Definition File"" says "To avoid seeing this message more than once on the client, on the pop-up notification window, click Don't remind me again until after the next update, and then click Close."

This article applies to both 11.0 and 12.1. That says to me that by design, we SHOULD have that check box.

JS@support's picture

Hi,

It's by design from SEP 12.1 RU2 release. However this option can be brought back in the next release.

Answer to your question is there is not any settings where you can avoid this pop up,

sidhartha's picture

One thing to keep in mind, or at least we found in our environment, this check box selection is available for users who have local administrative credentials on their respective machines. It is only on boxes where the user doesn't have these rights where the check box selection is not available.
Second, As Ajit Jha indicated in comment submitted on 21 Nov 2012, you can simply deselect the notifications, for example, on "Dispaly a warning when defintions are outdated".
Third, as another option that doesn't remove the notification, but may delay it enough where the incidence of it is greatly reduced, is to "extend the warning to 60 days".

Lazarus's picture

I regard none of these as useful.  They are not solutions: they are, at best, rationalizations for a bad decision on Symantec's part.

When, if ever, was giving users local admin rights on their computers in a business setting a remotely good idea?

I want my users to get notified and I want them to get notified pretty promptly if the defintions are outdated but I don't want the notice to keep popping up every 60 seconds because then I will be foreced to kill them outright.

The documented way this alert was just fine and allowed not only all the options the now-crippled implemenation does, but also allowed additional options that it no longer has.

JS@support's picture

Hi,

In the next SEP release Symantec might bring back this option.

Best way is to create a case with Symantec and if they have open Etrack on this issue then they will add your case to that Etrack.

You will be notified when Etrack will be closed.

sidhartha's picture

Of course you are right, Lazarus. We should have a program that performs the way it has been designed, and when it doesn't it is disappointing and cumbersome. My comments were more reflective on the options we do have in dealing with the broken function, and clarifying these are the only options we have, short of waiting for Symantec developers fixing it. I would hope they've gotten the message with variuos submitted support questions, and via the monitored forum.
Presently, if you want to keep the notifications active and configured to appear every (default) 14 days, is it to get calls from people getting the pop-up warning and addressing it each time.
The only other option is to apply the settings as previously mentioned and monitor systems via the Enterprise Console.

Lazarus's picture

These articles are either irrelavent to the issue of this thread or confirm that there is indeed a problem. 

Nice to know Symantec is ignoring a lot folks and not just the ones in this thread but it would be nicer to know what it's going to do about the problem.