Hi,

I've upgraded our Symantec Endpoint Protection Manager to version 12.1.5. Afterward I upgraded some clients. All went well except there a now showing Network Access Control Definitions. The Clients says it's waiting for updates for some days now.. Older Versions of SEP are working well.

The Host Integrity Policy is disabled. When I turn it on and activate the setting the clients will get their updates.

The problem ist I don't want to activate the setting for the productive clients because we had some problems with that in the past.

Can anybody help?

Did you withdraw the host integrity policy? Try that instead...

there is no definitons for Symantec network access control, its just rules

are you referringt o Network threat protection?

you may need to check your HI policy to see whats stopping from getting updates.

Doesn't seem to work either

Since I upgraded the SEPM to 12.1.5 there are. Or at least the client says there are NAC-Definitions.

Proactive Threat Protection works fine.

Have you rebooted your clients since the upgrade and verified they're on 12.1RU5?

I actually found that NAC was removed from the client interface on the move to 12.1RU5 on SEPM and clients, even when a HI policy is assigned and working,

Yes. I've rebooted the clients after the upgrade.

And they're on 12.1RU5.

Hi,

After doing an upgrade to RU5 Host Integrity policy will be added under default policies but it won't be assign to any group by default. Ground location count show '0'.

If you assign Host Integrity policy to any group you may have to reboot the client to take necessary updates.

Could you share the screenshot or error message?

Some screenshots

Policies in use

Client View                          Version Number

Hi,

Thanks for the screen shots.

If you don't want NAC feature listed, withdraw the policy through the SEPM console, let the clients receive new policy number. Reboot the system.

Reboot is mandatory to remove NAC feature from SEP client GUI.

Though you faced some problem in the past I would suggest to test it on few clients & then decide.

I wonder if that's a localisation issue (i.e. saying NAC but meaning NTP) combined with the issue described in the below article:

Network Threat Protection in SEP 12.1 client interface shows "waiting for updates" because Intrusion Prevention is not installed.

Does this client have IPS installed?  I can see you have the policy assigned, but might be worth checking on the client itself...

Hello,

I am finding the similar problem. Is it working as per the design because of the HI itegradtion with SEP in 12.1 RU5

Hi Draco,

what did you do to fix SNAC "waiting for update"?

i have the same issue. 

Hello Jeshrel,

i havn't fixed it bey now. I#ve been busy on other things.

But when I deactivate Network Access Control in General Policies SNAC doesn't show anymore in the client.

I know, this is not realy a solution. Maybe you find one?