Endpoint Protection

 View Only

  • 1.  Previous virus definition file loaded.

    Posted Mar 01, 2010 07:41 PM

    I've been noticing that a number of clients are receiving updates but are rolling back to the previous definitions.

    The logs indicate they are receiving the signatures from the parent server but the clients are loading the previous definitions.  Any ideas how i can resolve this issue?


    Note: Parent server and clients are running 10.1.8.8000.
     



  • 2.  RE: Previous virus definition file loaded.

    Posted Mar 01, 2010 07:50 PM

    what you mean about rolling back? during installation?



  • 3.  RE: Previous virus definition file loaded.

    Posted Mar 01, 2010 08:16 PM
      |   view attached
    see sample log from a known client.

    let me know if it makes any sense to you.

    Attachment(s)

    xlsx
    03012010.Log_.xlsx   11 KB 1 version


  • 4.  RE: Previous virus definition file loaded.

    Posted Mar 01, 2010 08:36 PM

    Have you check the certificate of the problematic client?
    We already encountered that scenario of rolling back of installation of AV. find out that the Certificate is incomplete. To check

    1. Open Internet Explorer
    2. Tools > Internet Option
    3. Content > Certificates
    4. Trusted Root Certificates
    I dunno what certificate is but, if your certificate is less than 20 maybe your policy keeps on blocking on the certificate that your Antivirus might need to proceed installation.


  • 5.  RE: Previous virus definition file loaded.

    Posted Mar 01, 2010 08:46 PM

     Ensureing the LiveUpdate Content Policy is right in LiveUpdate Policy in Policy panel



  • 6.  RE: Previous virus definition file loaded.

    Posted Mar 01, 2010 09:48 PM
     Domain policy  might be the cause of reconfiguration and allowing the third party certificates


  • 7.  RE: Previous virus definition file loaded.

    Posted Mar 01, 2010 09:54 PM
    "certificate is less than 20" - what do you mean less than 20?

    where do i find this liveupdate content policy?

    domain policies as in GPO?  domain policies have not changed.


  • 8.  RE: Previous virus definition file loaded.

    Posted Mar 01, 2010 11:19 PM
    not liveupdate content policy. Enabling Certificates needed by  third-party can be configured via GPO.
    Microsoft Certificate can solve the issue of rollback installation


  • 9.  RE: Previous virus definition file loaded.

    Posted Mar 01, 2010 11:22 PM

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2003031711002148
    from symantec solution.
    Topic: "How to enable and configure continues LiveUpdate"


  • 10.  RE: Previous virus definition file loaded.

    Posted Mar 02, 2010 11:55 AM
    that's a major problem when you have a large volume of managed systems whose AV signatures are outdated 5 days.  these are the systems that received daily updates from the parent server are constantly rolling back to this particular date.  Using the continuous liveupdate have already slowed our network connection (internet).

    The continous liveupdate settings are the default config.