Endpoint Protection

I'm running v12.1 of SEP and have approx 30 clients.  3 of them are not receiving definition updates.  In the Client screen 1 client has a date of 5 days ago another of 2 days ago and another of 1 month ago.  All others have today's date.  

The one from one month ago has the fix button on its client software.  Clicking it doesn't resolve the issue.  Anythig else to check for?  This server and all clients were originally v11 but we updated.  The clients are a mix of v11 and v12.  The 3 with the issue are v12 and have updated successfully in the past post upgrade.

Is there a way to update manually from the client?

You can manually update the AV defs from http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce

Download 20111021-002-v5i32.exe | FTP and  run it on the client

You might have corrupt client installs or corrupt definitions on those clients.

To accomplish an MSI "Repair" on each affected SEP client:

Control Panel > Add or Remove Programs > Symantec Endpoint Protection > Change > Next > Repair > Next > Install

Hello,

Rather than just repairing the client, I suggest completely uninstalling it, rebooting, and then reinstalling it.

The act of uninstalling the client will also remove the virus definitions which is useful in case the problem is some sort of definition corruption.

Thus, by uninstalling, you kill two birds with one stone.

Regards,

James

You can also try the JDB file in the manager, so it will automatically giving the updates even to those clients who is out of date. Please see reference : How to update definitions for Symantec Endpoint Protection Manager using a JDB file - http://www.symantec.com/business/support/index?page=content&id=TECH102607&locale=en_US

k a t,

It is unlikely that this would resolve the issue, since the issue does not appear to lie with the SEPM.

The rest of the environment is updating just fine and only a few machines are affected.

Regards,

James

I have a similar problem.  Shortly after installing SEP 12.1 on a test server, this was an upgrade from 11.0.6300, a co-worker noticed that their client wasn't receiving updates.  Mine were and as it turned out  as long as the LU policy was set to use the "default management server" and use the default Symantec Liveupdate server the clients got updates.  However, if the policy was changed to using ONLY the default management server clients stopped getting updates.

Another co-worker who is having the same problem on his management server has taken to restarting the SEPM service on the server to solve this problem.  That doesn't seem like the right approach, however I did notice when I had to shut down the management server for maintenance and then restarted it the clients got updates, at least for a few days.  Now they went back to not updating.  All are showing the last defs as being from 11/30/2011.

The management server show that it has the latest updates from symantec, in this case 12/02/2011 r3.  Latest from Symantec and Latest on Manager are the same. All the clients have a green dot and checking their communications status show that they have recently communicated with the server.  This is confirmed when I check their status in the SEPM console, which also shows a "online' green dot for the client.

Updating policy from the client has no affect and trying to update it from the server has no affect.  The server communication setting is set to Pull mode with a 5 minute heartbeat.  The proxy setting were just changed to no proxy since using the system proxy wasn't working.  That has had no effect on the problem.

I recently updated the server to 12.1 RU1 hoping that would keep this issue at bay, however it came back.  The clients are running on Win Vista, Win7 and Win2008R2 OS and all but one SEP client is 12.1 RU1.

Would appreciate any suggestions on how to determine the cause of the problem or even better if someone could suggest a fix.  I am looking at updating my production servers but not until I can determine how to prevent this issue.

Thanks

All but a very tiny portion of our 4k+ clients show they have anything beyond 11/30 r2.  When looking at the Symantec Content Distribution Manager, it reports that the SEPM has 12/1 r38 and that the latest available is 12/2 r3.

This has happened to us twice over the past two months, each time it resolved by rebooting the server.  I've opened two support tickets for this, but because it works for awhile after a reboot, I've not had the problem actually occur when Symantec was looking.  We last rebooted this system for patches two weeks ago.

Just like OSU-SYSMgr, one of the last times this happened we noticed that clients with a policy allowing them to download from the Symantec LiveUpdate server all stayed current, it was only the ones that we force to use the SEPM for their updates that fell behind.

We are a very GUP heavy architecture, and we don't allow half of our systems to use the Internet for updates.  That makes this a big concern for us.

Hi,

First check the policy number and Last checkin status of effected machine in SEPM. if they are contact to SEPM for definition and not successfull in downloading latest definition.

then once manually updated those clients ,, i hope issue will be resolved.

The server was restarted Friday evening, at which time it began providing updates to the clients again.  Unfortunately it appears to have broken again within a day, as I came back into the office this morning and the clients were still at 12/1.

I opened a support ticket and the technician found that the server seems to be having some issues with database communication.  Creating a new client group did not create the appropriate new policy, so the problem does not appear to be specific to the definition update process.  Also, the home page of the SEPM was showing that the "Latest on Manager" definitions were newer than the "Latest from Symantec" defs.  The technician asked that I run the Management Server Configuration Wizard, which restarted the services and kicked everything into gear again.

Everything looks to be working for now.  We'll see how long it takes before it breaks again.

One group had to run the tool sylinkdrop. SEP off first service, then run the tool and finally activate the service. This group will continue to update for a week without problems. I hope this helps.
The group I mentioned has the following characteristics: they have limited access to internet and update from the SEPM not from liveupdate.