Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Security Status - Attention Needed - Scan Failures

Created: 22 Feb 2013 | 9 comments

SEPM 12.1 RU2

I am getting a lot of Scan failures - computers not recently scanned, in the SEPM.  I know under Preferences - Security Status - there are settings for percentage of computers and number of days to configure this, however It is my understanding that SEPM is supposed to remove clients that have not connected for either 30 or 90 days? apparantly there used to be a setting for this specifically in version 11.x but it no longer exists? 

I have decomissioned several machines and placed the clients in the SEPM into a specific folder so that i could see them being removed however after 4 months this has not happened, which is why i believe my scan failures have breached the percentage for scan failures, i.e. old clients that have been decomissioned but are still populating the SEPM.

Any suggestions as to why old clients are not being removed please?

thanks

 

 

Operating Systems:

Comments 9 CommentsJump to latest comment

Ashish-Sharma's picture

In version 12.1 of the SEPM, the location for adjusting the setting to delete clients which have not connected for X number of days has moved:

  1. In the SEPM, go to the Admin page.
  2. Select Domains.
  3. Under Tasks, select Edit Domain Properties.
  4. In the Edit Domain Properties window, on the default General tab, note the option to "Delete clients that have not connected for specified time."

Configuring a low value for this setting would clear up the duplicates more quickly

Thanks In Advance

Ashish Sharma

 

 

SebastianZ's picture

For reference:

Location of client purge setting in Symantec Endpoint Protection Manager 12.1 RU1
http://www.symantec.com/docs/TECH176400

Rafeeq's picture

In SEP 12.1 its been moved.

 

Option to "Delete clients that have not connected for X days" has been moved.

http://www.symantec.com/business/support/index?page=content&id=TECH176635
Mithun Sanghavi's picture

Hello,

In version 12.1 of the SEPM, the location for adjusting the setting to delete clients which have not connected for X number of days has moved:

  1. In the SEPM, go to the Admin page.
  2. Select Domains.
  3. Under Tasks, select Edit Domain Properties
  4. In the Edit Domain Properties window, on the default General tab, note the option to "Delete clients that have not connected for specified time."

Configuring a low value for this setting would clear up the duplicates more quickly. 

It is important to consider clients that are offline over the weekend. Setting this value to 1 or 2 will likely cause all your clients to be removed after a weekend.

A recommended value for large enterprise environments would be 7 to 14 days.

Also, check this Article:

Purging obsolete clients from the database

http://www.symantec.com/docs/HOWTO55346

VIDEO: 

https://www-secure.symantec.com/connect/videos/sep-121-purging-obsolete-clients-database

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

ITBiff's picture

thanks for you advice.

 

i have now set this setting which was indeed unchecked, however do you have to somehow initiate it or instigate a purge somehow?  clients that have not logged on since september are still here, or does this setting take effect in 90 days from now?

thanks again

Mithun Sanghavi's picture

 

Hello,

Configuring a low value for this setting would clear up the duplicates more quickly. 

It is important to consider clients that are offline over the weekend. Setting this value to 1 or 2 will likely cause all your clients to be removed after a weekend.

A recommended value for large enterprise environments would be 7 to 14 days.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

ITBiff's picture

could you please explain what non persistant vdi clients are?

thanks

 

Mithun Sanghavi's picture

Hello,

For offline non-persistent VDI clients over time, obsolete clients can accumulate in the Symantec Endpoint Protection Manager database. Obsolete clients are those clients that have not connected to Symantec Endpoint Protection Manager for 30 days. Symantec Endpoint Protection Manager purges obsolete clients every 30 days by default.

If you do not want to wait the same number of days to purge obsolete non-persistent clients, you can configure a separate interval for them. If you do not configure a separate interval, then offline non-persistent VDI clients are purged at the same interval that non-virtual obsolete clients are purged.

Note: Online non-persistent clients count toward the number of deployed licenses; offline non-persistent clients do not.

Check these Articles:

Configuring a separate purge interval for offline non-persistent VDI clients

http://www.symantec.com/docs/HOWTO81115

Using Symantec Endpoint Protection in non-persistent virtual desktop infrastructures

http://www.symantec.com/docs/HOWTO81133

Symantec Endpoint Protection 12.1 - Non-persistent Virtualization Best Practices

http://www.symantec.com/docs/TECH191897

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Rafeeq's picture

VDI - virtual desktop infrastructure.  If you have changed that setting to 1 now, just wait for 24 hours, things should be fine.