Endpoint Protection

I am using Symantec Endpoint Protection 12.1.1000.  The console says that all endpoints are up to date.  The time stamp also is in agreement with the "Green Ball".  However, all my clients are telling me that "...Protection is out of date".  I have tried corporately and individually running a command to the endpoints to "Update Content".  All of this is to no avail.  Is there a solution for this problem?

It sounds like two things may be happening here:

1- Clients are unable to report an accurate status back to the SEPM, or the SEPM is not processing new logs received by the clients (look for a lot of .err or .tmp files within the [SEPM]\data\inbox\* folders). You didn't mention whether or not there a "green ball" on the shield on the client side. If the clients do have a green dot, then it sounds like the SEPM is incorrectly telling the clients (via the heartbeat process) that they're already updated and don't need to download new definitions. Sylink debug logging would reveal what's happening 'behind the scenes' during the heartbeat process.

How to enable Sylink Debugging for Symantec Endpoint Protection in the registry
http://www.symantec.com/docs/TECH104758

-  Update Content launches LiveUpdate on the client. The log.lue file ("log" if file extensions are hidden; location will vary depending on OS) would indicate why that communication is failing. If you have not implemented a LUA (internal LiveUpdate) server and your clients don't have direct internet access, then you'll know why it failed already.

Hope this helps,

sandra

Console is clients are updated

Clients are also updated but still you are getting that pop-up ?

The pop up " Protection is out of date" is it from SEP client or Windows Security Center

Can you tell me clients are online connecting to SEPM server.

How many SEPM servers do you have in your environment?

PTP and NTP are not updating everyday. Verify which content is not update. Also review th liveupdate policies. If you have more than 1 SEPM better to use LUA