Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEPM Intrusion Prevention Distribution

Created: 11 Feb 2014 | 16 comments
azrulikhwan's picture

hi guys,

I got 2 main SEPM in 2 different site. one of the SEPM the summary of Intrusion Prevention Distribution is like this:

Site A

intrusion_110214.png

And another site look like this:

Site B

intrusion_110214_0.png

 

Why SEPM in site A have a huge number in "all others"?

Thanks

 

 

Comments 16 CommentsJump to latest comment

.Brian's picture

Those clients have not yet been updated to the latest revision.

You can run a computer status report to check what version they're on.

How do your clients get updates, from a GUP?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

azrulikhwan's picture

hi Brian,

Im aware of that, but its there any cause that make this to happen?

.Brian's picture

Are the clients connecting to the SEPM?

How are your clients configured to get updates? SEPM? GUPs? Some other method?

What happens if you run LiveUpdate manually on one affected client? Does the IPS content update?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

azrulikhwan's picture

all the client connected to SEPM

some of our site we set a GUP server for each region

.Brian's picture

And you've confirmed those GUPs are online and supplying content to the clients?

How to confirm if SEP Clients are receiving LiveUpdate content from Group Update Providers (GUPs)

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

azrulikhwan's picture

yeap. all GUPs are up and running

Rafeeq's picture

Is there a replication between Site A and site B? If tyes then , check the replication frequency, it should show up  correct status after some time

azrulikhwan's picture

Yes, both site is replicate. 

how to check the replication frequency?

consoleadmin's picture

All the GUP clients are updated?

port 2967 is open between clients and GUP bidirection?

Thanks.

azrulikhwan's picture

Hi,

what do u mean all the GUP clients are updated?

all port are open for SEPM services

Rafeeq's picture

Can you check the replication-0.log:  to see if replication was successful between site a and site b

 

azrulikhwan's picture

Hi,

where to find the log?

btw, why is replication frequncy affected intrusion distribution to clients?

SameerU's picture

Hi

If replication is set can you change the frequency to Auto and check

Regards

 

azrulikhwan's picture

Hi

why is replication frequency affected intrusion distribution to clients?

.Brian's picture

It likely won't.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

azrulikhwan's picture

meaning the frequency doesnt affect the Intrusion distribution?

what is the cause of this issue?