Endpoint Protection

I'm not sure if SEP is the culprit, but i thought best to check if anyone else has come across this.

Since yesterday's updates (12Jul09) two laptops have had the following symptoms:
1. Windows firewall disabled (was previously enabled)

2. Windows Security Center reports, in the Malware Protection tab:
"Symantec Endpoint Protection is on but is reporting its status to Windows Security Center in a format that is no longer supported.  Use the program's automatic updating feature, or contact the program manufacturer for an updated version."

The attached screenshot shows the full error message (but with firewall re-enabled)

If I can establish this really is an issue with SEP then I will raise a bug report with Symantec.

Kind regards
Paul 

Hi,

regarding your questions:

1) If you are installing SEP with the Network Threat Protection, you are installing a firewall and the Windows one is disabled because it is not recommended to have two firewalls in the same machine.

2) What is the version of your SEP? And the O.S.?

Regards,

I, too am having the same issue. I am using version 11.0.2010.25. The OS is Vista. Any information concerning this would be helpful.  Thanks.

Steve

I too am having exactly the same issue - I am using SEP 11.0.2000.1567 The OS is Vista Business - any help greatly appreciated!!!

I, too am having the same issue.  I am using SEP Client Version 11.0.4202.75 as of last night.  I installed this latest version over top of 11.0.2010 hoping that it would fix the problem.  It did not.  Like the author my issue arose after the update on 7/12.

Please help,

Curt

In my opinion it is not a serious issue but it needs further investigation that has to be done via the official Technical Support.
For your convenience I just created an empty Internal KB 2009071417581548. Ask to the Symantec engineer to link your case to this KB to avoid duplication of articles and synchronize their job around one only place. If they are not able to find it, specify them that it is under the "New Entries".

Regards,

Running 10.2.2.2000 on Vista Home.

Thank you

Best regards
Paul

I have the same problem
version 11.0.2020.56 running Vista Home Premium

When do we expect an update? Thanks James

Vista Home Premium
Version 11.0.3001.2224
Symantec itself shows no problems detected however windows vista security center shows that it is "reporting in a format that is no longer supported".

Has anyone found a solution for this issue?  A quick google search returns this issue with a handful of other antivirus applications and an article about the way AV software needs to report to Security Center changing. 

http://windowsteamblog.com/blogs/windowssecurity/archive/2009/05/06/upcoming-action-center-changes-for-security-vendor-software.aspx

From the Article:

"The grace period begins at the time Vista SP1 is installed on a Windows Vista system. As a result, the grace period will begin expiring in September 2009, 18 months after Windows Vista SP1 was released on the Microsoft Download Center in March 2008."

If memory serves, the beta for SP1 came about about 18 months ago...

Vista Business 64-bit
11.0.400.2295

I too am having this problem after the latest updates today.  Windows OS:  Vista SP1 64-bit.

Seems like MS expired the API a little earlier than they promised - "As a result, the grace period will begin expiring in September 2009, 18 months after Windows Vista SP1 was released on the Microsoft Download Center in March 2008."

Not quite September yet!  I first noticed this on an early build of Windows 7 and our SEP client.

We plan on fixing it in our MR5 client, which will RTM in September (I believe its actually fixed in the code now, I just need to get a later build to test)

Installing Vista Service Pack 2 seems to alleviate this issue, at least for now.

I'm having the same issue, as well (happened as of this morning). 

Paul - thanks for the update, but I'm not sure I follow.  If you don't mind explaining - what exactly do you mean by the following: "We plan on fixing it in our MR5 client, which will RTM in September (I believe its actually fixed in the code now, I just need to get a later build to test)"

Are you saying that there won't be a fix to this issue until September?  Or am I just not understanding correctly?  Or when you say it is fixed in the code now, do you mean there is a fix that will be released soon?  Also, is this a serious issue (meaning is the computer not being protected) or is Windows just not reading it correctly but my computer is still being protected?  Sorry for all of the questions, I am just confused.

KB961371 came out today from Microsoft, as well as KB890830 and KB973346. I'm having the same message as the rest of you and will install these updates and see if it makes any difference. BTW I have Vista SP1 32-bit.

From what I understand you are still fully protected, it is just not reporting to the windows security center. My thoughts on this are backed up in the article posted above. The key line I am referring to is this:

"Although you may receive this "non-compatible" message from your security software, it should continue to work and help protect your system even though it is not able to report its status through the Action Center UI."

Also not to put words in Paul's mouth but I don't think he is suggesting that it won't be fixed until september. It is just that Windows wasn't suppose to release their new API's until September, so that is when it was going to be fixed. This is also around the time (not confirmed) that MR5 is tentively going to be released so that is when this problem was going to be taken care of. But since they jumped the gun on releasing their new API, I would think there is going to be a release out to fix this very soon. But again don't worry about not being protected because you are, it is just windows security center reporting incorrectly. And Paul feel free to edit any of this if you wish, you know much more than I do about upcoming releases. : )

Thanks,
Grant

Thanks Grant.

Same issue started in my network at most computers at logon July 14th. Very annoying to have all users calling.

Hope you have a solution soon.

txs

Although the error mesage is an annoyance, with no virus risk, there is still the issue that MS security Centre shows a red shield on the user's system tray.  If it is permanently red, users may just get used to it and not notice if a real issue appears.

Also, I am concerned as to why the windows firewall was disabled (now on 3 systems).  We only have the antivirus product on our user machines; no symantec firewall.
This could of course be a separate issue, and nothing to do with symantec.  If I find out I will report back to this thread.

Kind regards
Paul Fretter

Would like to share an update on this issue...

It is found  on some cases that this issue does gets resolved by upgrading the vista machines to SP2...

Let us know if that helps while we are waiting for MR5 client, which will RTM in September ...


Thanks :-)

Yea yea i have this problem too i just can't solve it and no matter how many time i Liveupdate it, the Red icon still appear. What should i do now actually?? Thanks. 

Hi,

you can set the Windows Security Center to don't check the AV status till September.

Regards,

So there is no problem with my AV at all? Should i continue to Liveupdate? thanks

The problem is that Symantec Endpoint Protection cannot say to Windows that anything is good because Microsoft changed the relative API earlier than expected.
Double click on the Symantec Enpoint Protection shield and you can see if there is any problem. Of course you have to continue to update your AV, why not?

Regards,

No problem everything is ok when i look at it. So i should just leave it like this until Sep? Then what next? 

Will it still continue to protect the PC like this?

Yes, you have to wait SEP MR5 and your PC is protected.

Regards,

What a relief... thanks. So by Sep this thing will be fix automatically or??

Yes, it will be fixed just with a migration to MR5.

I can confirm that the installation of Vista SP2 does resolve the problem.

grts.

What is migration to MR5? I do it or...? 

Do you have other malware protection on that machine?

No.. With a good Anti Virus, you can turn off everything else including Window Firewall. 

The migration to MR5 is the process of upgrading you current version of SEP to the version MR5, when it will be released.

I got so many problems with this
at first it seems everything was working very well
but suddenly....i updated the SEP and turn off my firewall n let my pc unprotected

i dont know what to do.....change to another antivirus or what...???

plz...HELPPPPPPPPPPPPPPPPPP

Hi,

I don't see the relation between what you are saying and the topic of this discussion, could you be more precise?

Regards,

"Giuseppe.Axia
1 day 3 hours ago
The migration to MR5 is the

The migration to MR5 is the process of upgrading you current version of SEP to the version MR5, when it will be released."

So when the time comes, i just need to LIVE UPDATE  that thing or i just leave it there? Thanks

When the time comes you have to apply a procedure like this one:
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008121712452848

The official one for the MR5 will be published close to the release of the MR5.

Regards,

MY SEP does not has a serial number because someone install it for me. Will i be able to solve this problem when the time comes? 

To download the latest releases of our products you have to know your serial number, it is required in the download page. It is written in your contract as well.

Regards,

How do i find out about my Serial Number?

If i simply leave it like that forever will there be any problem just curious? 

If you lost the contract you should contact Symantec to obtain a new copy of it with the required serial number. Without the contract you cannot demostrate to the authorities that you have the license to use our product and you could face a legal issue.

contract? I am not sure about that. When i took my  Laptop for repairing, they installed this SEP for me months ago.... Where can i check the Serial number by the way?

An installation of SEP without a contract (or a license) is illegal. Check it with the guy that installed SEP on your machine. You can't check the serial number in the product itself.

Regards,

I have come accross this issue, but for SAV 10.1.8.8000, Spanish in a Windows Vista machine:
MESSAGE (EN): "Symantec Antivirus is on but is reporting its status to Windows Security Center in a format that is 
no longer supported. Use the program's automatic updating feature, or contact the program manufacturer for an updated 
version."

That would be a problem. I can't find that guy who install my SEP... If i continue to use this will it create any problem after sep? 

Gbras, did you pay for SEP or not? If not, good luck.

By the way which country is this in? 

Thank you, Soledad, I hope a product manager read your post as well, to be sure, escalate the case internally as usual,

Regards,

Hi Gbras,

Our forum support is not centralized, all employees across the world are given access to the forum to assist our customers.

BOTTOM LINE is that Microsoft BROKE this for you, not Symantec. MS broke their "word" - originally stating September. Once again they (MS) made unexpected changes or changes sooner than expected and 3rd party vendors must scramble to keep up.
IMO, Symantec is doing the best they can and is blameless in this one.
It's something that has, however, become HABIT for Microsoft, IMO.
Even "RCs" change before the CDs actually get burned in my experience. Just because they say "this is it, RTM, final code" does NOT mean that's what you get to install on your computer. I've tested enough things to know - "never believe what MS promises or say - as not all their employees follow directions"

Luckily, we have skipped Vista here, totally hate it, so only see the issue on a couple of IT machines, and we don't care.......

No more MR, then what does RU stand for? Normally when I see RU in a string, it stands for the Russian version, for example, a URL with RU means Russian, or Russian language.
Does this mean the PROGRAMMING AND DEVELOPMENT of SEP is being moved to Russia like Cisco does much of their development in Israel?  ;-)

Hi,

RU stands for Release Update,

Cheers,

Thank you Giuseppe!
That makes sense - it's a VERSION, then you UPDATE the RELEASE of that version.
Version 11 but Release Update 5. Will patches still be Patches (please) ?

Thanks.

Unfortunately I don't know the whole logic behind this conventions... I hope a colleague of mine will add some other details...

Regards,

I have posted this here too https://www-secure.symantec.com/connect/forums/no-firewall-turned
Might work......



***********************************************************************************
1) Verify permissions on HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\Monitoring
2) It can also be an issue with the WSC, Good chances.......Repair

http://grandstreamdreams.blogspot.com/2007/04/how-to-repair-windows-security-center.html

Stop the Windows management instrumentation service (WMI).

You'll probably get the message that Security Center and WF and ICS will stop functioning also.

That's OK, allow those services to be stopped.

Now go to C:\windows\system32\wbem\ and remove the Repository folder.

Reboot, and the information in Windows Security Center will be rebuilt.

You may also remove the C:\windows\system32\wbem\AutoRecover folder, just to prevent old data to be used again. But normally this is not needed
***********************************************************************************

Hi Giuseppe,

Do I need to uninstall the SEP MR4 or previous version first. Then install the SEP MR5.
I have tried to upgrade to SEP 11.0.4202 from SER 11.0.2... and the process indicate that I already have the SEP installed and need to remove the old version first.

Best regards,

Jason

According to http://windowsteamblog.com/blogs/windowssecurity/archive/2009/05/06/upcoming-action-center-changes-for-security-vendor-software.aspx

1- "we jointly stablished with the security ISVs an 18 month grace period where they could use both the old and the new interfaces"
2- "The grace period begins at the time Vista SP1 is installed on a Windows Vista system. As a result, the grace period will begin expiring in September 2009, 18 months after Windows Vista SP1 was released on the Microsoft Download Center in March 2008"

So the new interfaces were available from the beginning of SP1 and the expiration date depends on the installation date. Many enterprises installed SP1 before its availability on Download Center.
The new interfaces should have been implemented long ago.

John

And IMO, as a network and security administrator for many years, those who live on the bleeding edge shall themselves now and then bleed.
Meaning you install something so new it's not even on official sites yet and before anyone else does, you'll be taking risks more sane are less likely to take.
What I'm trying to say is when anyone installs something that new, that fast, they know and willingly take risks.
I don't place bets until I see how fast my horse can run or how healthy he is.

Vista SP1 was RTM and downloadable from *official* MS sites Feb 14, 2008.

Do we have a date for SEP 11 MR5?  On the licensing portal I only see MR4 release.

Thanks!

Alan

Hi guys, so how should i solve this problem now? I am still at lost. 

 MR5/RU5.  Get it from Fileconnect.

Fileconnect?? Where?

Teiva-boy thanks for the info. Is there any link or guide for this update? I am totally new to stuff like this you see. All i can do with my SEP now is Live Update...