Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

The SEPM shows client virus definition as "Not available"

Created: 06 Mar 2013 | 29 comments

When I view the client status in SEPM, the virus definition shows the clients are "Not available" even though the clients have already received the latest virus definition and even the policy number.

I cannot even generate the report from SEPM because it is empty records found in SEPM.

Please help...

 

  

Operating Systems:

Comments 29 CommentsJump to latest comment

.Brian's picture

It should show up on next heartbeat in. Check again after the client checks back in.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

.Brian's picture

Whats the SEP version?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SebastianZ's picture

Are the definitions up to date if you check directly on the client machines?

Kian_SG's picture

Hi SebastianZ,

Yes, the client machines is getting the virus definition update and updated policy from SEPM.

The SEPM version is 12.1.2015.2015 running on Windows 2003 R2 with MS SQL 2005.

Rafeeq's picture

on any single client

go to start run 

smc -stop

wait for a min

smc -start

check if that comes up with new def info.

consoleadmin's picture

One reason is that your defintion of the client systems getting corrupt.

try it

How to clear out definitions for a Symantec Endpoint Protection 12.1 client manually

 

Article:HOWTO59193  |  Created: 2011-09-08  |  Updated: 2012-09-25  |  Article URL http://www.symantec.com/docs/HOWTO59193

 

Thanks.

Mohan Babu's picture

Delete the clients from the SEPM console

Clients will register again in SEPM  on the next heart beat interval

It will show the correct information

Mohan Babu

moglie20@gmail.com

+91 9884382160

Your satisfaction is very important to us.If you find above information helpful or it has resolved your issue...please mark it accordingly :)

Kian_SG's picture

Hi Mohan, Done, but after 2 hours of waiting, still no luck !

MWFolsom's picture

I'm running 12.1.3001.165 on a population of stand alone systems under one SEP Manager with no internet connectivity.  So, I must download the defs and sneaker net them over.  All members in one of my Groups weren't showing the Virus Definition info, the others were fine. Deleting the client and letting it "re add" itself worked for me -

Thanks -

Mike

Ambesh_444's picture

Hi,

Please reboot the sepm and check.

 

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

Mohan Babu's picture

In your case client can able to communicatewith SEPM. But SEPM is not processing the client data.

 

Problem

 

 

When checking the computer status in Symantec Endpoint Protection Manager (SEPM), clients say that they are not reporting status.

Symptoms
Can't confirm if commands were sent successfully.

  • Status page shows various failures.

  • No entries in the Virus Definitions Distribution box.

  • No data about the clients at all in SEPM.

  • Clients and SEPM don't show the same data for definition dates

  • "The data folder disk space is full" errors in the exsecars.log file

Reference:

Clients cannot send data back to Symantec Endpoint Protection Manager

http://www.symantec.com/docs/TECH105348

 
 
Kindly try this troubleshooting step: 

1. Browse to \Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agentinfo

2. Look for any .err files or tmp files & Dat files

3. If you find anything which is not processed by sepm then it might be the reason for the client data loss

4. Stop SEPM services from services.msc 

5. Delete all the files inside the location \Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\agentinfo

6. Restart the SEPM services.

Check the SEPM now if still issue persist go for step 7

 

7. Run the Management server configuration wizard.

Note: While running Management server configuration wizard it requires Database password. if you running SEP 12.1.2 it wont prompt you for DB password.

 

Kindly update us the status .... thanks 

 

 

Mohan Babu

moglie20@gmail.com

+91 9884382160

Your satisfaction is very important to us.If you find above information helpful or it has resolved your issue...please mark it accordingly :)

Rafeeq's picture

Correction: the folder is Browse to \Program Files\Symantec\Symantec Endpoint Protection Manager\data\INBOX\agentinfo 

not outbox\agent info.

You may refere this document

http://www.symantec.com/business/support/index?pag...

 

Mohan Babu's picture

Thanks for correcting Rafeeq

 

Mohan Babu

moglie20@gmail.com

+91 9884382160

Your satisfaction is very important to us.If you find above information helpful or it has resolved your issue...please mark it accordingly :)

SameerU's picture

Hi

Can you please delete the client from SEPM console and do a smc stop and start on client system.

Regards

 

DVlad's picture

Hi Kian_SG

I have the same symptoms.
You decide your problem? If so, how?

W007's picture

hope this bug fix in SEP 12.1 RU2 MP1

Clients report to the Symantec Endpoint Protection Manager as offline, even though they are online
 
Fix ID: 3002170
 
Symptom: Clients will randomly report into the Symantec Endpoint Protection Manager as offline, even though they are actively online and available.
 
Solution: Updated the client USN management to properly update the client status in the Symantec Endpoint Protection Manager reports.
 

 

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Berino's picture

Hi Kian  :)

I see your problem and I had the same too in the past. The SEPM is not completely in Sync with the Database specially when it is a SQL DB (Certain details alone are not updating on a real time basis or are not updating at all)

Solution:

Step 1: Run the management server configuration wizard

Step 2: Reboot the SEPM and the SQL Server once (if you can get a down time on the servers)

Then you'll see the correct data. This helped me resolve my issue. Keep us posted on the developments.

Cheers  :)

 

SameerU's picture

Hi

Can you delete the client from SEPM console and update the policy and check

Regards

 

SEP_FMI's picture

I too am having this problem and have not found a reoslution yet for this.  Basically it seems like the SEP client is reporting back to the SEPM but only certain fields.  Ones that appear up to date include Health State, Logon User or Computer, IP Address, Client Version, Last Time Status Changed, Policy Serial Number.  Virus Definition seems to be the one causing problems.  If I check from the SEP Client its up to date.

Anyone figure this out?  I'm using SEP 12.1 RU2

davek8814's picture

i found that i had some low disk space-i cleaned that up and have started an update content from the manager-so far nothing but when I do a update policy from the client machine it updates, so I am going to wait and see if the request sent from the manager works. 

theexplorer's picture

This is common issue, Please follow Rafeeq's advice, run intelligent updater. Later the update will go fine.

Good Luck!

davek8814's picture

should we look in other folders for .tmp, .err and .dat files as well?

theexplorer's picture

Also post the lue.log from any affected machine.

On Windows XP and Windows server 2003:
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\<silo_id>\Data\Lue\Logs

On Windows Vista, Windows 7, and Windows Server 2008:
C:\Program Data\Symantec\Symantec Endpoint Protection\<silo_id>\Data\Lue\Logs

 

 

 

Good Luck!

Sharanvc's picture
Kindly try this troubleshooting step: 

1. Browse to \Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\agentinfo

2. Look for any .err files or tmp files & Dat files

3. If you find anything which is not processed by sepm then it might be the reason for the client data loss

4. Stop SEPM services from services.msc 

5. Delete all the files inside the location \Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\agentinfo

6. Restart the SEPM services.

Check the SEPM now if still issue persist go for step 7

 

7. Run the Management server configuration wizard.

Note: While running Management server configuration wizard it requires Database password. if you running SEP 12.1.2 it wont prompt you for DB password.

 

 

IT WORKS !!!!!

SandeepJ's picture

check by one reboot or repair the client, this will clear all corrupt definitions and resolve the issue.