Hi all. I have a customer who has a SEPM on a Win 7 Pro machine. All clients are either Win 7 or Win 8. These clients were all pointing to a previous SEPM that was on a computer that died. We elected not to bother trying to restore data from the failed drive. Therefore we got a new PC, put a new SEPM on it, and I was hoping that since I have Administrator access to all systems in this workgroup, I could simply push Communications Package updates from the new SEPM.
Instead what I'm finding is that, and this may not be related, every time my SEPM browses for systems via the Add Client feature in SEPM, it ends up triggering the SEP client on my SEPM to do the IPS active response thing for 600 seconds, thereby blocking traffic. This happens for most of the systems on the network.
When I view the logs under Monitors > Network T P, it shows that these systems all did a "port scan" to about 5 ports, all UDP, all high range like 61000 or so.
I get similar problems when I try to simply use Windows 7's Computer Management mmc, and connect it to another computer.
I am nearly 100% sure this is not a virus on the other systems. Some of those systems were brand new purchases, with Unmanaged client installed first before onsite deployment, to which I then simply send a Comm package update from SEPM and this brings the unit into Managed state. But in some situations, the clients that had been set to tlak to the previous dead SEPM also do this. I have no idea what ot make of it.
Anyway, sorry for the digression, but my issue is that after an hour or more of having updated the IPS policy (by disabling it completely), my SEPM's IPS still blocks traffic from the other computers. Why is it taking so long I wonder? I thought policy updates occur every heartbeat (5 mins) ?