SEP Virus Definition Updates Causing Network Issues
Hey Guys, we have about 850 SEP Endpoints in our customer base. Everything is running MR6 MP3. I have had 2 customers report some really unusual issues in the past couple weeks. One customer has indicated that outlook connectivity has broken a couple of times randomly during the day. In the event log on the client machines I can see the Outlook Application (Event 26) indicating that Connectivity to Exchange was lost. The next event in the log is Symantec Endpoint updating the definitions. I was able to look at several different machines and see a similar trend.
At another customer they run Counterpoint for Point of Sale. They have had some issues in the last 2 weeks where the POS registers are loosing connectivity to the Pervasive Server / Database. Same issue - There are events in the Application log indicating a loss of connectivity and directly following that is a SEP Update. Below is an example of what I am seeing. Is anyone else seeing some wierd stuff like this?
| 9/29/2011 3:24:19 PM | Application | Application Error | 1005 | Error |
| 9/29/2011 3:23:26 PM | Application | Symantec AntiVirus | 7 | Information |
Comments
Event Id 7 is related to
Event Id 7 is related to system update for Symantec.
DId you check for the event ID 1005 on Microsoft site? I got few hits however not sure of the version your customer using.
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Hey Guys, this is definetly
Hey Guys, this is definetly becoming more wide spread. We are getting tickets from various customers about Quickbooks getting disconnected from the server. The applicaiton errors in the event logs all folllow a SEP Def Update.
hi
How you have configured your clients get updates from SEPM or from Liveudpate?
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
Hi, It would be good if you
Hi,
It would be good if you open a support case with Symantec Endpoint Tech team.
I am on the phone with
I am on the phone with support now. We get our defs from the SEPM and I use a GUP at each customers site.
Working with support we are
Working with support we are trying to simulate a NTP def update. NTP Updates only happen every couple days (there was one yesterday) this would explain why this problem is so sporadic and difficult to figure out. I am trying to revert one client running MR6 MP3 to older NTP defs and then get it to update. With a constant ping going to a network resource we should see a break in connectivity.
Have you been able to resolve this issue?
Have you been able to resolve this issue? We've been experiencing the same issue with NTP.
We are still seeing the same
We are still seeing the same behavior. I am going to reopen the case with symantec. I wonder how wide spread this is.
BTW Can you tell me what
BTW Can you tell me what versions that you are seeing this on? We have yet to see it on MR7 all are machines are running MR6. Nothing later than that. Basically traffic is dropped for about 3-5 ping requests. I have continuous pings going at one customer to all of the affected machines.
I pushed MR7 to all of our
I pushed MR7 to all of our the workstations in the fleet last night and not a single problem today. Not even a single Outlook disconnect warning. I am happy to see some signs of light on this however I am concerned that not many people are talking about it.
If you think this could be the issue related to the virus defini
If you think this could be the issue related to the virus definition updates to the clients, can you configure the clients to get the defintion at night, I would recommand to turn on debugging in verbose mode to collect the log, the log should should provide you some information or at least give you a direction to focus on.
If I continue to see the
If I continue to see the issue I will move towards the reconfigure of the policy and the debugging. So far so good.
Would you like to reply?
Login or Register to post your comment.