Video Screencast Help

"Search for applications" missing a lot of common applications

Created: 10 Oct 2012 • Updated: 05 Dec 2012 | 6 comments
This issue has been solved. See solution.

Application learning is a favorite feature of mine, but it doesn't seem to be working properly:

 

*Application learning is enabled under Clients/Communications Settings/"Upload" and Admin/Site Properties/General/"Keep track of every application..."

*If I search for .exe's and .dll's common to c:\windows\system32\ on a Windows 7 machine I get no hits

*Yet if I search for notepad.exe, I get results

 

SEP Managers are 12.1.1101.401

Most clients are 11.0.7101.1056

 

I'm not finding anything about a known incompatibility between the two versions... any other ideas or troubleshooting steps?  This feature has worked really well in the past to find infections on multiple machines...

Comments 6 CommentsJump to latest comment

.Brian's picture

Have you seen the same issue when the client is at 12.1.1101.401 as well?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

P_K_'s picture

Upgrade a few clients to 12.1.1101.401 to see if that help

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

Bill_K's picture

I've got a few clients on 12.1.671.4971 and common system files still do not appear.

Bill_K's picture

To elaborate further:

*The SEPM seems to learn of some applications, but not all of them.  For example notepad.exe produced plenty of results, but write.exe does not.

 

I do have a support case going on this (an on the phone waiting right now in fact) but figured I'd throw this out there... One thing I'm wondering is, does SEP only "learn" about processes that actually run, or anything that lives in the machine?

.Brian's picture

Should be for processes that actually run.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION
Bill_K's picture

Ahh - that was one question I had (which the support engineer couldn't answer).  I'll make sure I run write and then check the database...

Thanks!