Endpoint Protection

How will i know that the appliance works correctly?

At the moment i have:

- deployed the appliance

- Protected W7 x64 endpoint using default policy

- Changed the policy to use vShield Shared Inside Cache

In Clients --> Group --> MyW7x64 -- Security Virtual Appliance status is as: Unknown

What does it mean? What should i do to make sure that Status will be as.. Active (?) and in general that its doing its thing.

Inthe meantime i set email notification policy, to let me know when the appliance will go offline.

So i powered it down - and no email so far, and its abeen at least 20 minutes since i powered it off.

Yesterday i deployed the appliance to a different host, when i powered it down - i go the email. But at that time i didnt check the status of the appliance,  so it could be Unknown as weel.

Can someone please help me out?

Hi,

Check same thread

https://www-secure.symantec.com/connect/forums/endpoint-1212-and-vshield-plug

https://www-secure.symantec.com/connect/forums/vshield-agent-less-sep

Does Symantec Endpoint Protection 12.1 support VMWare vShield?

http://www.symantec.com/docs/TECH175568

Those links are unrelated to my issue/question.

I just got email:

Security Virtual Appliance symantec-sva2 is currently offline. This Security Virtual Appliance has not communicated with the server for 2 or more heartbeats

My appliance is up and running. I can ping stuff etc. ..sva2 is the latest appliance that i have deployed. Never shut it down.

HI,

Check this thread may be help.

I would suggest you to check the Topic 29 from the Symantec™ Endpoint Protection and Symantec Network Access Control 12.1.2 Installation and Administration Guide

http://www.symantec.com/business/support/index?page=content&id=DOC6153

https://www-secure.symantec.com/connect/forums/sep-1212-security-virtual-appliance-vshield-shared-insight-cache

I also get information about offline appliance, which i uninstalled using the procedure:

java -jar Symantec_SVA_Install.jar -s pathname/SVA_InstallSettings.xml -uninstall

So why do i get that:

Security Virtual Appliance symantec-sva is currently offline. This Security Virtual Appliance has not communicated with the server for 2 or more heartbeats.

Thank you,

I did read it before i posted here.

Also, just in case, i have run search in that document for: unknown

"Unknown" word is always next to the "threads" - there is no explanation for "unknown" status of the SVA in the console.

If you have read this document after you can't received any answer

Kindly contact Support and have a case created to get further help.

How to create a new case in MySupport

http://www.symantec.com/business/support/index?page=content&id=TECH58873

Phone numbers to contact Tech Support:-

Regional Support Telephone Numbers:
United States: https://support.broadcom.com (407-357-7600 from outside the United States)
Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
United Kingdom: +44 (0) 870 606 6000

India: Toll-Free 000 800 4401 456 directly

IDD call: +61 2 8220 7111

Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp

Good Luck Antakar - you are getting the same repost and repeat of the same basic "about' links I have been finding. Seems no one knows about these but keep posting the same "about" articles.

So far I'm having trouble finding the point of these thigns we spent 2 days installing - and in the process nearly killing one of the hosts as we had to install vShield to use the SVA appliances.

They don't show up in the SEPM or console, I see "unknown" in the status, and I don't see that they actually do anything. Nothing seems to communicate with them, and since we had to export a communicatins file to install them - does that mean that we are hosed with all the other groups in SEP?

What about the other client and server groups - do the SVA appliances pick a group based on the one file export you did and ignore all the other groups? We have multiple groups - how are those handled?

Where can you find these in the SEPM console - other than in the status column (unknown) that is..?

I had the same unknown status problem up until yesterday. I realized that you need an SVA on each host so I created them. I then also found that the time on my vShield Manager was off by 4 hours. After changing the time via command line and rebooting the SVAs, the unknowns started to change to the SVA name that the devices were assigned to.

Not sure if this will help anyone else but I thought I would post my findings

ESXi 5.1.0

vShield Manager version 5.1.1

SVA version 12.1.2015.2015

SEPM Version 12.1.2100.2093

We installed, uninstalled, reinstalled, uninstalled, reinstalled at least 3 times and each host has an SVA, there is an SVA on each host (2 hosts, each has a SVA on it)

Time on everything here is within seconds. We hardly ever see more than a few seconds difference, and these are no exceptions. Been that route as it's a first thing we check when there are communication or rights issues due to Kerberos and other things requiring near perfect time match-up.

Thanks - but we've got all that covered. Time is right, installs are by the book perfect, followed directions to the letter and each host has an SVA and so on.

Still not only unknown status but worse, the console for the SVA states no incrementing stats!
It is as if nothing is "communicating". We have test VMs, we have run virtual servers for several years now (VMWare). These things just sit there and do nothing.

Not that they ever even when working do much at all - sort of a joke in a sense - the virtual computers still have to scan - they scan files daily as each time defs update the process starts over building a cache, but at least that is a tiny bit of help in the virtual world. Now, if these off-loaded the loads of scans and such, THAT would be worth something. But it doesn't matter - they do nothing at all here for us. Can't make them show incrementing numbers in files and such.