Video Screencast Help

SEP 12.1 - SEPM Security Status Tests Disable

Created: 13 Oct 2011 | 15 comments

Hi to all,

Recantly we finished with our migratrion from Trend Micro to SEP 12.1 and SEPM.

Everything goes perfect until yesterday that we had some strange Alerts on SEPM and on security status details we show some test that they turn there status from enable to disable without any change from anyone.

As you can see on the screeshot the 3 tests that return there status to disable are:

1.Sonar Content Failure

2. Download Protection Content Failure

3. Unknwon Device Failure

Why these test change there status and from where we can change this?

All the clients have install the Full protection package with firewall and IPS enable, but servers have the basic protection installed.

Thanks in advance

Comments 15 CommentsJump to latest comment

pete_4u2002's picture

this is because of the fields are unchecked under security status.

To enable it, on the Home page of SEPM console, click on the Preferences--> security status tab---> there you need to check the values for the above three things and click on OK button.

AFratzoglou's picture

Hello,,

Thanks for the reply, but on Security Status -> Preferences -> Security Status Thresholds, all the options are marked and enable. All the options are checked, that's why i can't figure what is wrong.

Thanks again pete_4u2002  but everything is checked on these options!

4rth days and still error on tests!

Exept that all options are checked, we left the default values

AFratzoglou's picture

Nothing happens.... i even try to restart the server but nothing...

pete_4u2002's picture

strange, since I unchecked the option and when click on security status i see the same message you have attached. Again checking back those settings removes those messages.

AFratzoglou's picture

I try to uncheck everything, i show the status and all tests was off. I change them back on all but still nothing!!!

One question!! On the server that have SEPM i have the basic server package installation of SEP. This installation doesn't includes Frewall and IPS (When i try to install the full package the server was unreachable from clients)....

So i'm thinking if these tests turn off because of this kind of installation that i have on server?????!!!

I will try to uninstall SEP from server and see the tests!!

I really don't know what to do wih this!!!

pete_4u2002's picture

it should not be depending on the SEP client on the SEPM.

AFratzoglou's picture

Hello again,

I try to uninstall SEP from SEPM, but nothing....

I setup a new pc (vm) with SEPM and everything was fine! All tests was enable and running!

The only problem was LiveUpdate error code 4 but i'm working on this, i believe that i will fix it like the first time!

I'm waitting to see windows updates if cuse this problem (installing them from wsus 1 by 1 and looking the tests status)!

If i found somthing i will inform you!

Thanks for your help and for your time

pete_4u2002's picture

great, in case of SEP issue/question open a discussion in SEP forum instaed here :-)

AFratzoglou's picture

Hello,

Could you please tell me the right place to open this threat?

AFratzoglou's picture

I setup new vm with win 2008 r2 Std SP1!

I finished with the installation of the SEPM and the same again!!!!

The same tests turn disable 1 day after the installation!!

noangry

Thomas K's picture

Is this 12.1 Small Business or the Enterprise version?

Note these reports are disabled in 12.1 SBE.

The test for SONAR Content Failures has been disabled.
The test for Download Protection Content Failures has been disabled.
The test for Unknown Device Failures has been disabled.