Endpoint Protection

Hi All,

I work in an organization where SEP 11 clients are getting policies from central server & updates from GUP server, where as in a project; users are connecting to cisco vpn & on disconnecting vpn. System are not getting reconnected to SEP server & showing Yellow dot.

Once the user logged off & if i logged in there is a popup stating virus defs out of date, if i select the option " do show update till next time " status changes to green dot & updates in less than 2 hours, if not the systems stays old dated,

Note:  If i update virusdefs manually - getting access blocked from SEP for EDPA.exe

I have downloaded the sep support tool & found the issue as below,

Title: Symantec Endpoint Protection drivers and services need attention
Product: Endpoint Protection Client

Status: Error
Overview: This collection of services is required for the proper operation of Symantec Endpoint Protection.

Symantec articles:

Are the Symantec Endpoint Protection drivers loaded and services running?
http://www.symantec.com/docs/TECH92415

Details:
Error Service "Symantec Endpoint Protection" is not configured and operating properly. Click for details.
 Error Service start mode is set to "BootStart", when it should be "AutoStart".
 Ok Service is installed.
 Ok Service is running.
 Ok Service last exited with code 0.
Error Service "Symantec Event Manager" is not configured and operating properly. Click for details.
 Error Service start mode is set to "BootStart", when it should be "AutoStart".
 Ok Service is installed.
 Ok Service is running.
 Ok Service last exited with code 0.
Error Service "Symantec Settings Manager" is not configured and operating properly. Click for details.
 Error Service start mode is set to "BootStart", when it should be "AutoStart".
 Ok Service is installed.
 Ok Service is running.
 Ok Service last exited with code 0.

Seems to be bug, have you tested with 12.1.3 version?

Hi Rafeeq,

we are yet to start the pilot test for 12.x.xx, presently we are with 11.x.xx..

You may ignore the result of the SymHelp tool, BootStart and AutoStart are the same but the tool does not know it.

Hmm you must be using location awareness policy, when disconnected from vpn, the location should change to local network? What have you set? seems like the location switching is slow

Hi

Please upgrade to SEP 12.1.3

Regards

Hi,

Thank you for posting in Symantec community.

I would be glad to answer your query.

I also think that there must be some configuration issue.

You should recheck location awareness settings.

SEP clients automatically switch from one location to another when certain pre-set conditions are met, such as Home, VPN, Office, etc.

Auto Location Switching is enabled by default, but can be disabled by the admin. This is controlled from the SEPM, in the group's General Settings ("Enable Location Awareness")

Has the default location for the client's group been configured correctly? Defaults are used in case of conflict. When conflicts arise, SEP clients use an algorithm to choose a location:

• Last Known: The client will use the last location if known
• Default : Location identified as default by the administrator

Default location used when:

• It is one of multiple locations that meet the criteria
• No location meets the criteria, and there is no blank location
• The location that matches the criteria is renamed or changed in the SEPM console
• The client reverts to the default location when it receives the new policy

For a flowchart on Location Awareness decision logic, refer to:  "Location Awareness Decision Logic" 

http://www.symantec.com/docs/TECH105250

Also can refer these articles:

Location Awareness Logic

http://www.symantec.com/docs/TECH97097

Best Practices for Symantec Endpoint Protection Location Awareness

http://www.symantec.com/business/support/index?page=content&id=TECH98211

Use the latest version of SEP (SEP 11 RU7 MP3), as several known issues about location awareness have been corrected in recent builds that have been released.