I'm curious to see if there are other customers experiencing the same results we are with SEP 11. We're running MR3 and have about 50k endpoints deployed. We're finding that a significant portion of our endpoint population (thousands) is either experiencing issues with updating AV and IPS defs (at least these two update types if not others) and/or issues with reporting those pieces of information back to the SEPM. What we're finding are clients which are connected to the SEPMs, e.g. online on my network, and which seem to be healthy otherwise, can resolve my LU servers, etc, but have outdated AV or IPS defs reported to the SEPM. For some systems it's both AV and IPS, some just IPS or AV, etc. Since there aren't really easy indicatators via the SEPM reporting, e.g. show me all clients where they have a recent check-in timestamp but have outdated AV or IPS defs, querying the database to quickly identify clients in this state is almost a must. It appears that there may be at least a couple scenarios at play :
1) Somehow the client sends information to SEPM which is blank or an incorrect value for the def date/version value
2) The client is downloading updates but can't apply them.
One problem is that the endpoint agent only seems to complain about outdated AV defs, while it runs along silently with outdated IPS defs. This makes it unlikely end users will notice and raise it as an issue for helpdesk or desktop support to investigate or repair.
It seems all fixes need to be made manually for these issues, e.g. the agent doesn't acknowledge any of the symptoms and try to self heal. Anyhow, I can't imagine we're alone and I suspect this exists in similar numbers for other customers, but is harder to detect and the SEPM doesn't alert you to these scenarios and they may be going undetected. I believe the client needs to be fixed so it can detect these health issues and repair itself, but unless there are enough customers who recognize they too have the issue I'm not sure it's going to get the attention it deserves for a rapid fix.