Endpoint Protection

 View Only
  • 1.  Security Status - Attention Needed - Scan Failures

    Posted Feb 22, 2013 04:48 AM

    SEPM 12.1 RU2

    I am getting a lot of Scan failures - computers not recently scanned, in the SEPM.  I know under Preferences - Security Status - there are settings for percentage of computers and number of days to configure this, however It is my understanding that SEPM is supposed to remove clients that have not connected for either 30 or 90 days? apparantly there used to be a setting for this specifically in version 11.x but it no longer exists? 

    I have decomissioned several machines and placed the clients in the SEPM into a specific folder so that i could see them being removed however after 4 months this has not happened, which is why i believe my scan failures have breached the percentage for scan failures, i.e. old clients that have been decomissioned but are still populating the SEPM.

    Any suggestions as to why old clients are not being removed please?

    thanks

     

     



  • 2.  RE: Security Status - Attention Needed - Scan Failures

    Posted Feb 22, 2013 04:52 AM

    In version 12.1 of the SEPM, the location for adjusting the setting to delete clients which have not connected for X number of days has moved:

    1. In the SEPM, go to the Admin page.
    2. Select Domains.
    3. Under Tasks, select Edit Domain Properties.
    4. In the Edit Domain Properties window, on the default General tab, note the option to "Delete clients that have not connected for specified time."

    Configuring a low value for this setting would clear up the duplicates more quickly



  • 3.  RE: Security Status - Attention Needed - Scan Failures

    Posted Feb 22, 2013 04:59 AM

    In SEP 12.1 its been moved.

     

    Option to "Delete clients that have not connected for X days" has been moved.

    http://www.symantec.com/business/support/index?page=content&id=TECH176635


  • 4.  RE: Security Status - Attention Needed - Scan Failures

    Posted Feb 22, 2013 04:59 AM

    For reference:

    Location of client purge setting in Symantec Endpoint Protection Manager 12.1 RU1
    http://www.symantec.com/docs/TECH176400



  • 5.  RE: Security Status - Attention Needed - Scan Failures

    Trusted Advisor
    Posted Feb 22, 2013 05:04 AM

    Hello,

    In version 12.1 of the SEPM, the location for adjusting the setting to delete clients which have not connected for X number of days has moved:

    1. In the SEPM, go to the Admin page.
    2. Select Domains.
    3. Under Tasks, select Edit Domain Properties
    4. In the Edit Domain Properties window, on the default General tab, note the option to "Delete clients that have not connected for specified time."

    Configuring a low value for this setting would clear up the duplicates more quickly. 

    It is important to consider clients that are offline over the weekend. Setting this value to 1 or 2 will likely cause all your clients to be removed after a weekend.

    A recommended value for large enterprise environments would be 7 to 14 days.

    Also, check this Article:

    Purging obsolete clients from the database

    http://www.symantec.com/docs/HOWTO55346

    VIDEO: 

    https://www-secure.symantec.com/connect/videos/sep-121-purging-obsolete-clients-database

    Hope that helps!!



  • 6.  RE: Security Status - Attention Needed - Scan Failures

    Posted Feb 22, 2013 08:22 AM

    thanks for you advice.

     

    i have now set this setting which was indeed unchecked, however do you have to somehow initiate it or instigate a purge somehow?  clients that have not logged on since september are still here, or does this setting take effect in 90 days from now?

    thanks again



  • 7.  RE: Security Status - Attention Needed - Scan Failures

    Posted Feb 22, 2013 08:25 AM

    could you please explain what non persistant vdi clients are?

    thanks

     



  • 8.  RE: Security Status - Attention Needed - Scan Failures

    Posted Feb 22, 2013 08:34 AM

    VDI - virtual desktop infrastructure.  If you have changed that setting to 1 now, just wait for 24 hours, things should be fine.



  • 9.  RE: Security Status - Attention Needed - Scan Failures

    Trusted Advisor
    Posted Feb 22, 2013 08:36 AM

     

    Hello,

    Configuring a low value for this setting would clear up the duplicates more quickly. 

    It is important to consider clients that are offline over the weekend. Setting this value to 1 or 2 will likely cause all your clients to be removed after a weekend.

    A recommended value for large enterprise environments would be 7 to 14 days.

    Hope that helps!!



  • 10.  RE: Security Status - Attention Needed - Scan Failures

    Trusted Advisor
    Posted Feb 22, 2013 08:40 AM

    Hello,

    For offline non-persistent VDI clients over time, obsolete clients can accumulate in the Symantec Endpoint Protection Manager database. Obsolete clients are those clients that have not connected to Symantec Endpoint Protection Manager for 30 days. Symantec Endpoint Protection Manager purges obsolete clients every 30 days by default.

    If you do not want to wait the same number of days to purge obsolete non-persistent clients, you can configure a separate interval for them. If you do not configure a separate interval, then offline non-persistent VDI clients are purged at the same interval that non-virtual obsolete clients are purged.

    Note: Online non-persistent clients count toward the number of deployed licenses; offline non-persistent clients do not.

    Check these Articles:

    Configuring a separate purge interval for offline non-persistent VDI clients

    http://www.symantec.com/docs/HOWTO81115

    Using Symantec Endpoint Protection in non-persistent virtual desktop infrastructures

    http://www.symantec.com/docs/HOWTO81133

    Symantec Endpoint Protection 12.1 - Non-persistent Virtualization Best Practices

    http://www.symantec.com/docs/TECH191897

    Hope that helps!!