Endpoint Protection

I keep receiving a notification from SEPM saying that one of my clients virus definitions are not up-to-date. The definitions on all of the other clients are fine. SEPM has the most up-to-date definitions installed and I guess it is dispensing updates to its clients. When I log onto client not receiving updates and open SEP I see that the last updates were 8-30. I've tried manually updating but the date for virus definitions never changes. How can I go about updating from the manager, or at least allow manual updates from the client?

Check the following article

Title: 'Symantec Endpoint Protection: LiveUpdate Troubleshooting Flowchart'
Web URL: http://www.symantec.com/business/support/index?page=content&id=TECH95790&locale=en_US

Try that before running the liveupdate again.

http://www.symantec.com/business/support/index?page=content&id=TECH103176&locale=en_US

JB

I've checked several of the clients and they all seemt o have different policy numbers.

Try repairing the SEP client once..or else try running Intelligent updater on the client once

http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce

Download and run the 1st exe

Virus definitions are now up to date after downloading and running the Intelligent updater. The client is still not detecting the server when I go to help>troubleshooting. Any thoughts on a fix for this?

Try this from the client (from http://www.symantec.com/docs/TECH102682):

To test connectivity from a client to the Symantec Endpoint Protection Manager (SEPM), type the following URL In a web browser:

http://[SEPM_Server_IP_or_Machine_Name:Port]/secars?hello,secars

Example: http://10.0.2.2:8014/secars?hello,secars

A successful connection returns a web page that displays "OK."
Troubleshoot any other message appropriately.

Secars test has passed.

OK... I would suggest capturing sylink debugging, which will show exactly what's happening when the client is trying to heartbeat in.

How to enable Sylink Debugging for Symantec Endpoint Protection in the registry
http://www.symantec.com/docs/TECH104758

Feel free to upload the results.

sandra

Try replacing the latest Sylink.xml file

Good idea, easy to do and if it works then you're fixed.

sandra

How long does it normally take before the Sylink.log is created? I made the registry changes that the document stated and it should be saving on the desktop.

Take the sylink.xml of any working client

then on this client go to

start - run -smc -stop

go to Program files\Symantec endpoint protection\

delete Sylink.bak

then replace the sylink.xml

then

start--run--smc -start

It should start writing when you re-enable the smc service (Start > Run > smc -start), because doing so triggers the heartbeat process.  You may want to verify the log file registry value is in the right place:HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink (two "sylink"s at the end)

Did you try to repair the installation via Add or Remove Programs?

sandra

I've replaced the sylink.xml file from a working client on all the rest. All of the PCs seem to be reporting statuses now but I'm still having a couple of weird issues.

All of the clients are showing in the "Clients" tab but only two are reporting statuses and are showing uptodate virus definitions.

In the "Home" tab Scan failures, Antivirus definition update failures, Intrusion prevention signature update failure, Are all showing 30 clients when there should be only 16.

I think SEPM is still looking for the 14 that I replaced the Sylink on. Is there something I can do to remove the 14 with the old sylink out of the system so those errors are not shown anymore?

clients will be deleted automatically after 30 days if they are offline. to change the default value.

open sepm

Go to admin

select server

right click on local site

in the general tab select the day as 1 

next day whoever is not connected will be deleted from data base.

I fixed my sylink issues by using Sylinkdrop.exe.  You can run this manually on a client to see if it work before depoloying it.   The Sylinkdrop should be located in your standard SEPM download under Symantec_Endpoint_Protection_XXXXX\Tools\NoSupport\SylinkDrop

These are the steps I took that worked for me.  Export the communication settings from your server into a new Sylink.xml file.  Place the Sylink file and the SylinkDrop.exe in an accessible network location on you can use a portable device.  Go to one of your workstations that is not communicating with the server.  Run the Sylinkdrop.exe and select the new Sylink.xml file you exported from the server.  This should replace the file on the workstation for you and it should start communicating with the server shortly after that.  If this does work, you can deploy the Sylink using a GPO which will automatically update all the workstations on the domain/workgroup with the new Sylink files using the Sylinkdrop.

Hope this helps,

Rob

I will suggest you to delete the new Domain you have added..and Create new install package using "reset client-server communication" setting and deploy it to the clients.

http://www.symantec.com/business/support/index?page=content&id=TECH93617&locale=en_US