Endpoint Protection

 View Only

  • 1.  SEP client not showing up the latest virus definition.

    Posted Apr 16, 2013 01:55 AM

    Hi Everybody,

     

    Here is one of my client and its not able to install new anti virus definitions. The logs are attached below. 

     

    I have analyzed the log but couldn't reach to a conclusion. Other machines of same location/subnet are downloading/installing latest updates. Kindly analyse  it 

     

     

     

     

     
    Windows Version info:
     
    Operating System: Windows 7 (6.1.7601 Service Pack 1)
     
    Network  info:
     
     
    8118 4/8/2013 9:46:20 AM Information 12070202 Symantec Management Client has been started.
    8119 4/8/2013 9:46:24 AM Information 1207020E Location has been changed to Out Of Office.
    8120 4/8/2013 9:47:37 AM Information 12070211 The server enabled Host Integrity checking.
    8121 4/8/2013 9:50:32 AM Information 12070301 Connected to Symantec Endpoint Protection Manager ()
    8122 4/8/2013 9:50:33 AM Information 1207020E Location has been changed to In office.
    8123 4/8/2013 9:50:39 AM Information 12070301 Connected to Symantec Endpoint Protection Manager (cochocsep2)
    8124 4/8/2013 9:50:45 AM Information 12071051 SONAR has been enabled
    8125 4/8/2013 7:49:22 PM Information 1207021A Stopping Symantec Management Client....
    8126 4/8/2013 8:49:17 PM Information 12070218 Network Threat Protection's firewall is enabled
    8127 4/8/2013 8:49:18 PM Information 12070201 Symantec Endpoint Protection -- Engine version: 12.1.401
     
    Windows Version info:
     
    Operating System: Windows 7 (6.1.7601 Service Pack 1)
     
    Network  info:
     
     
    8128 4/8/2013 8:49:18 PM Information 12070202 Symantec Management Client has been started.
    8129 4/8/2013 8:49:21 PM Information 12071000 Network Intrusion Prevention enabled
    8130 4/8/2013 8:49:21 PM Information 12071000 Internet Explorer Browser Intrusion Prevention enabled
    8131 4/8/2013 8:49:21 PM Information 12071000 Firefox Browser Intrusion Prevention enabled
    8132 4/8/2013 8:49:22 PM Information 1207020E Location has been changed to Out Of Office.
    8133 4/8/2013 8:50:34 PM Information 12070211 The server enabled Host Integrity checking.
    8134 4/8/2013 8:56:03 PM Error 120B0001 Failed to contact server for more than 10 times.
    8135 4/8/2013 9:05:08 PM Information 12070800 A LiveUpdate session ran successfully.  4 update(s) were available. 4 update(s) installed successfully. 0 update(s) failed to install.
    8136 4/8/2013 9:05:08 PM Information 12070800 An update for Virus and Spyware Definitions Win32 from LiveUpdate was successfully installed.  The new sequence number is 130408003.
    8137 4/8/2013 9:05:08 PM Information 12070800 An update for Intrusion Prevention Signatures from LiveUpdate was successfully installed.  The new sequence number is 130405001.
    8138 4/8/2013 9:05:08 PM Information 12070800 An update for Revocation Data from LiveUpdate was successfully installed.  The new sequence number is 130408007.
    8139 4/8/2013 9:05:08 PM Information 12070800 An update for Symantec Whitelist from LiveUpdate was successfully installed.  The new sequence number is 130408002.
    8140 4/8/2013 9:20:08 PM Information 12070800 Virus and Spyware Definitions were updated recently, so the scheduled LiveUpdate was skipped.
    8141 4/8/2013 9:27:05 PM Information 1207021A Stopping Symantec Management Client....
    8142 4/8/2013 9:27:05 PM Information 12070204 Symantec Management Client is stopped.
    8143 4/9/2013 8:27:11 AM Information 12070218 Network Threat Protection's firewall is enabled
    8144 4/9/2013 8:27:11 AM Information 12070201 Symantec Endpoint Protection -- Engine version: 12.1.401
     
    Windows Version info:
     
    Operating System: Windows 7 (6.1.7601 Service Pack 1)
     
    Network  info:
     
     
    8145 4/9/2013 8:27:11 AM Information 12070202 Symantec Management Client has been started.
    8146 4/9/2013 8:27:13 AM Information 12071000 Network Intrusion Prevention enabled
    8147 4/9/2013 8:27:13 AM Information 12071000 Internet Explorer Browser Intrusion Prevention enabled
    8148 4/9/2013 8:27:13 AM Information 12071000 Firefox Browser Intrusion Prevention enabled
    8149 4/9/2013 8:28:23 AM Information 12070211 The server enabled Host Integrity checking.
    8150 4/9/2013 8:34:19 AM Error 120B0001 Failed to contact server for more than 10 times.
    8151 4/9/2013 8:48:25 AM Information 1207021A Stopping Symantec Management Client....
    8152 4/9/2013 8:48:26 AM Information 12070204 Symantec Management Client is stopped.
    8153 4/9/2013 9:33:18 AM Information 12070218 Network Threat Protection's firewall is enabled
    8154 4/9/2013 9:33:19 AM Information 12070201 Symantec Endpoint Protection -- Engine version: 12.1.401
     
    Windows Version info:
     
    Operating System: Windows 7 (6.1.7601 Service Pack 1)
     
    Network  info:
     
     
    8155 4/9/2013 9:33:19 AM Information 12070202 Symantec Management Client has been started.
    8156 4/9/2013 9:33:19 AM Information 12071000 Network Intrusion Prevention enabled
    8157 4/9/2013 9:33:19 AM Information 12071000 Internet Explorer Browser Intrusion Prevention enabled
    8158 4/9/2013 9:33:19 AM Information 12071000 Firefox Browser Intrusion Prevention enabled
    8159 4/9/2013 9:34:31 AM Information 12070211 The server enabled Host Integrity checking.
    8160 4/9/2013 9:36:31 AM Information 12070301 Connected to Symantec Endpoint Protection Manager (cochocsep2)
    8161 4/9/2013 9:36:35 AM Information 1207020E Location has been changed to In office.
    8162 4/9/2013 9:36:44 AM Information 12071051 SONAR has been enabled
    8163 4/9/2013 9:36:44 AM Information 12070204 Symantec Endpoint Protection services shutdown was successful.
    8164 4/9/2013 9:36:44 AM Information 12071051 SONAR has been enabled
    8165 4/9/2013 9:53:06 AM Information 12070800 An update for {55DE35DC-862A-44c9-8A2B-3EF451665D0A} was successfully installed.  The new sequence number is 130405011.
    8166 4/9/2013 9:53:06 AM Information 1207030C Downloaded new content update from the management server successfully. 
     
     
     
    8167 4/9/2013 1:27:36 PM Error 12071006 Could not scan 1 files inside F:\Master Software\MASTER SOFTWARE\ACRONIS\TrueImage2010_s_en.exe due to extraction errors encountered by the Decomposer Engines.
    8168 4/9/2013 1:36:36 PM Error 12071006 Could not scan 1 files inside F:\Master Software\MASTER SOFTWARE\SYMANTEC ANTIVIRUS 32 bit\Symantec MR6MP2\vdefhub.zip due to extraction errors encountered by the Decomposer Engines.
    8169 4/9/2013 1:37:06 PM Error 12071006 Could not scan 1 files inside F:\Master Software\MASTER SOFTWARE\SYMANTEC ANTIVIRUS 32 bit\Symantec MR7\vdefhub.zip due to extraction errors encountered by the Decomposer Engines.
    8170 4/9/2013 1:42:21 PM Error 12071006 Could not scan 1 files inside F:\Master Software\Operating System\Acer6495T\DRV\Wireless LAN_Broadcom_5.100.235.19_W7x86W7x64_A.zip due to extraction errors encountered by the Decomposer Engines.
    8171 4/9/2013 7:30:41 PM Information 1207021A Stopping Symantec Management Client....
    8172 4/11/2013 9:57:07 AM Information 12071000 Network Intrusion Prevention enabled
    8173 4/11/2013 9:57:07 AM Information 12071000 Internet Explorer Browser Intrusion Prevention enabled
    8174 4/11/2013 9:57:07 AM Information 12071000 Firefox Browser Intrusion Prevention enabled
    8175 4/11/2013 9:57:08 AM Information 12070218 Network Threat Protection's firewall is enabled
    8176 4/11/2013 9:57:08 AM Information 12070201 Symantec Endpoint Protection -- Engine version: 12.1.401
     
    Windows Version info:
     
    Operating System: Windows 7 (6.1.7601 Service Pack 1)
     
    Network  info:
     
     
    8177 4/11/2013 9:57:08 AM Information 12070202 Symantec Management Client has been started.
    8178 4/11/2013 9:57:12 AM Information 1207020E Location has been changed to Out Of Office.
    8179 4/11/2013 9:58:20 AM Information 12070301 Connected to Symantec Endpoint Protection Manager (10.72.15.187)
    8180 4/11/2013 9:58:22 AM Information 12071051 SONAR has been enabled
    8181 4/11/2013 9:58:24 AM Information 12070211 The server enabled Host Integrity checking.
    8182 4/11/2013 9:58:25 AM Information 1207020E Location has been changed to In office.
    8183 4/11/2013 9:58:37 AM Information 12070800 A LiveUpdate session ran successfully.  No new updates were available.
    8184 4/11/2013 11:00:04 AM Information 12070304 Disconnected from Symantec Endpoint Protection Manager (10.72.15.187)
    8185 4/11/2013 11:00:06 AM Information 1207020E Location has been changed to Out Of Office.
    8186 4/11/2013 11:00:31 AM Information 12070301 Connected to Symantec Endpoint Protection Manager (10.72.15.188)
    8187 4/11/2013 11:00:34 AM Information 1207020E Location has been changed to In office.
    8188 4/11/2013 6:22:09 PM Information 1207021A Stopping Symantec Management Client....
    8189 4/13/2013 10:02:09 AM Information 12070218 Network Threat Protection's firewall is enabled
    8190 4/13/2013 10:02:10 AM Information 12070201 Symantec Endpoint Protection -- Engine version: 12.1.401
     
    Windows Version info:
     
    Operating System: Windows 7 (6.1.7601 Service Pack 1)
     
    Network  info:
     
     
    8191 4/13/2013 10:02:10 AM Information 12070202 Symantec Management Client has been started.
    8192 4/13/2013 10:02:11 AM Information 12071000 Network Intrusion Prevention enabled
    8193 4/13/2013 10:02:11 AM Information 12071000 Internet Explorer Browser Intrusion Prevention enabled
    8194 4/13/2013 10:02:11 AM Information 12071000 Firefox Browser Intrusion Prevention enabled
    8195 4/13/2013 10:02:14 AM Information 1207020E Location has been changed to Out Of Office.
    8196 4/13/2013 10:03:26 AM Information 12070211 The server enabled Host Integrity checking.
    8197 4/13/2013 10:03:31 AM Information 1207020E Location has been changed to Out Of Office->Quarantine.
    8198 4/13/2013 10:04:48 AM Information 12070301 Connected to Symantec Endpoint Protection Manager (10.72.15.187)
    8199 4/13/2013 10:04:52 AM Information 1207020E Location has been changed to In office.
    8200 4/13/2013 10:04:53 AM Information 12071051 SONAR has been enabled
    8201 4/13/2013 10:05:09 AM Information 12070306 Received a new policy with serial number C36D-04/12/2013 07:54:45 338 from Symantec Endpoint Protection Manager.
    8202 4/13/2013 10:05:09 AM Information 12070307 Applied new policy with serial number C36D-04/12/2013 07:54:45 338 successfully.
    8203 4/13/2013 11:06:33 AM Information 12070304 Disconnected from Symantec Endpoint Protection Manager (10.72.15.187)
    8204 4/13/2013 11:06:34 AM Information 1207020E Location has been changed to Out Of Office.
    8205 4/13/2013 11:06:46 AM Information 1207020E Location has been changed to Out Of Office->Quarantine.
    8206 4/13/2013 11:06:59 AM Information 12070301 Connected to Symantec Endpoint Protection Manager (10.72.15.188)
    8207 4/13/2013 11:07:03 AM Information 1207020E Location has been changed to In office.
    8208 4/13/2013 1:25:19 PM Information 1207021A Stopping Symantec Management Client....
    8209 4/15/2013 10:19:23 AM Information 12070218 Network Threat Protection's firewall is enabled
    8210 4/15/2013 10:19:24 AM Information 12070201 Symantec Endpoint Protection -- Engine version: 12.1.401
     
    Windows Version info:
     
    Operating System: Windows 7 (6.1.7601 Service Pack 1)
     
    Network  info:
     
     
    8211 4/15/2013 10:19:24 AM Information 12070202 Symantec Management Client has been started.
    8212 4/15/2013 10:19:27 AM Information 12071000 Network Intrusion Prevention enabled
    8213 4/15/2013 10:19:27 AM Information 12071000 Internet Explorer Browser Intrusion Prevention enabled
    8214 4/15/2013 10:19:27 AM Information 12071000 Firefox Browser Intrusion Prevention enabled
    8215 4/15/2013 10:19:28 AM Information 1207020E Location has been changed to Out Of Office.
    8216 4/15/2013 10:20:40 AM Information 12070211 The server enabled Host Integrity checking.
    8217 4/15/2013 10:20:44 AM Information 1207020E Location has been changed to Out Of Office->Quarantine.
    8218 4/15/2013 10:24:48 AM Information 12070301 Connected to Symantec Endpoint Protection Manager ()
    8219 4/15/2013 10:24:50 AM Information 1207020E Location has been changed to In office.
    8220 4/15/2013 10:24:50 AM Error 12070302 The Symantec Endpoint Protection is unable to download the newest policy from the Symantec Endpoint Protection Manager.
    8221 4/15/2013 10:24:52 AM Information 12071051 SONAR has been enabled
    8222 4/15/2013 10:24:54 AM Information 12070301 Connected to Symantec Endpoint Protection Manager (10.72.15.187)
    8223 4/15/2013 11:16:39 AM Information 12070800 An update for {810D5A61-809F-49c2-BD75-177F0647D2BA} was successfully installed.  The new sequence number is 130414006.
    8224 4/15/2013 11:16:39 AM Information 1207030C Downloaded new content update from the management server successfully. 
     
     
     
    8225 4/15/2013 11:26:30 AM Information 12070304 Disconnected from Symantec Endpoint Protection Manager (10.72.15.187)
    8226 4/15/2013 11:26:53 AM Information 12070301 Connected to Symantec Endpoint Protection Manager (10.72.15.188)
    8227 4/15/2013 6:37:59 PM Information 1207021A Stopping Symantec Management Client....
    8228 4/16/2013 9:49:35 AM Information 12070218 Network Threat Protection's firewall is enabled
    8229 4/16/2013 9:49:36 AM Information 12070201 Symantec Endpoint Protection -- Engine version: 12.1.401
     
    Windows Version info:
     
    Operating System: Windows 7 (6.1.7601 Service Pack 1)
     
    Network  info:
     
     
    8230 4/16/2013 9:49:36 AM Information 12070202 Symantec Management Client has been started.
    8231 4/16/2013 9:49:39 AM Information 12071000 Network Intrusion Prevention enabled
    8232 4/16/2013 9:49:39 AM Information 12071000 Internet Explorer Browser Intrusion Prevention enabled
    8233 4/16/2013 9:49:39 AM Information 12071000 Firefox Browser Intrusion Prevention enabled
    8234 4/16/2013 9:49:40 AM Information 1207020E Location has been changed to Out Of Office.
    8235 4/16/2013 9:50:52 AM Information 12070211 The server enabled Host Integrity checking.
    8236 4/16/2013 9:50:52 AM Information 1207020E Location has been changed to Out Of Office->Quarantine.
    8237 4/16/2013 9:51:49 AM Information 12070301 Connected to Symantec Endpoint Protection Manager ()
    8238 4/16/2013 9:51:52 AM Information 12070304 Disconnected from Symantec Endpoint Protection Manager (cochocsep1)
    8239 4/16/2013 9:53:06 AM Information 12070301 Connected to Symantec Endpoint Protection Manager (10.72.15.187)
    8240 4/16/2013 9:53:09 AM Information 1207020E Location has been changed to In office.
    8241 4/16/2013 9:53:18 AM Information 12071051 SONAR has been enabled
     
    THE LATEST DEFINITION ON CLIENT IS OF 8th APRIL. Kindly advise.
     
     


  • 2.  RE: SEP client not showing up the latest virus definition.

    Posted Apr 16, 2013 02:00 AM

    Defs mayb be corrupt. Try clearing them out:

    How to clear out definitions for a Symantec Endpoint Protection 12.1 client manually

    Article:HOWTO59193  |  Created: 2011-09-08  |  Updated: 2012-09-25  |  Article URL http://www.symantec.com/docs/HOWTO59193

     



  • 3.  RE: SEP client not showing up the latest virus definition.

    Posted Apr 16, 2013 02:00 AM

    Hello,

    Do you have try to restart sep client

    How to clear out definitions for a Symantec Endpoint Protection 12.1 client manually

     

    Article:HOWTO59193 | Created: 2011-09-08 | Updated: 2012-09-25 | Article URL http://www.symantec.com/docs/HOWTO59193

     



  • 4.  RE: SEP client not showing up the latest virus definition.

    Posted Apr 16, 2013 02:05 AM

    Please remove the current definition that is coruppted, and pls update the system with latest antivirus definition.

    http://www.symantec.com/business/support/index?page=content&id=HOWTO59193



  • 5.  RE: SEP client not showing up the latest virus definition.

    Broadcom Employee
    Posted Apr 16, 2013 02:41 AM

    could not see AV definition request.

    however the content updated for

    8223 4/15/2013 11:16:39 AM Information 12070800 An update for {810D5A61-809F-49c2-BD75-177F0647D2BA} was successfully installed.  The new sequence number is 130414006.
    8224 4/15/2013 11:16:39 AM Information 1207030C Downloaded new content update from the management server successfully. 
     
     
     
     
    can you collect the sylink log for longer time and copy the entire content


  • 6.  RE: SEP client not showing up the latest virus definition.

    Posted Apr 16, 2013 02:49 AM

    Hello,

    Kindly check the space on local drives. This may also prevent sep to have latest defineftion.

    and then run the symantec tool (Rx4DefsSEP_1.70.exe) to delet corrupt definations.



  • 7.  RE: SEP client not showing up the latest virus definition.

    Broadcom Employee
    Posted Apr 16, 2013 03:18 AM

    Hi,

    As per the logs there is not any failure while receiving definitions.However could you attach Sylink log from the affeced machine.

    Also check this article:

    How to determine if virus definitions of Symantec Endpoint Protection client (SEP) 11 or 12 Small Business Edition, are corrupted

    http://www.symantec.com/docs/TECH97677

    If definitions are corrupted then refer the following article to clear corrupted definitions

    How to clear out definitions for a Symantec Endpoint Protection 12.1 client manually

    http://www.symantec.com/docs/HOWTO59193

     



  • 8.  RE: SEP client not showing up the latest virus definition.

    Trusted Advisor
    Posted Apr 16, 2013 12:37 PM

    Hello,

    Please TURN OFF the UAC on the Windows 7 client machine and then restart the client machine.

    Try running the Liveupdate again.

    If that does not help, please download the Intelligent updater and then run it on the client machine.

    How to update definitions for Symantec Endpoint Protection using the Intelligent Updater

    http://www.symantec.com/docs/TECH102606

    Hope that helps!!