Endpoint Protection

hello all,

I am running SEP 12.1.1 on server 2003 in my envoirement. Currently SEPM is updated with all the latest definations except SONAR which is staying at 4/9/2014. As a result clients are also not updated with latest Sonar definations . How can I fix this ?

Waiting for your replies. Regards,

Symantec not release every day NTP and PTP defination.

As per below articles symantec does not release after 9th april 2014

Behavior-Based Protection

Behavioral-based protection technology observes actively running threats on your computer and can terminate running programs if they exhibit malicious behaviors; this technology provides proactive protection from entirely new, previously unseen attacks. Also called Proactive Threat Protection.

•  

http://www.symantec.com/security_response/definitions.jsp

Hi, 

is your SEPM updating defs from Interent or from Luadmin?

are you using sql or Embedded DB?

on SEPM

Go to control pannel- select liveupdate- make it interactive

start -run - type luall.exe

select only Sonar defs, start downloading , if it fails post the lue.log  from SEPM

thanks rafeeq , SEPM downloading from internet

SQL DB 

Secondly on my SEPM console it shows that 90 machines are outdated , when I view those machines definations status then I see that AV definations are hanging around on the dates like 5 May, 4 May , 24 April , 23 April, 22 April, same goes for NTP Definations but as mentioned above Sonar definations are stuck at April 9.

So is there any way I can fix this that these machines are not being shown in outdated defination machines ? hence as a result now shown in reports. Waiting for your kind replies. 

Regards,

can you check what is this value set to ?

* Open SQL Server Management Studio

* Right click sem5 database; select Properties

* Select Files page and click on “… [three dot] button” stated after the value located in “sem5_content” row and “Autogrowth” column

* Set the “Restricted File Growth” value to let me say 40.000 MB

Now feel free to run a LiveUpdate session on SEPM console.

How can I set demper period settings in SEPM so that these clients won't show up in the outdated definations clients catogery in the SEPM Home Page. Is there any way I can fix this ? Regards

@Rafeeq what would happen after setting these configuration changes ?

Open sepm

Home tab

on the top right you will have preferences option, you set the damper settings there, 

when DB is full it wont download new defs, increasing the size or setting it to autogrowth. will let it to download new defs

Rafeeq like I said earlier that SEPM is with updated  content definations for all components , except for SONAR which is staying at April 9. When I visit the Symantec Security Response website I can see that SONAR defination are on 9th April and 24th April. What is the diffrence between the two and which should be appearing on SEPM  ? 

24 april should be appearing on SEPM.

That means SEP is not downloading SONAR definations , How can i fix this ? JDB for sonar would fix this ?

Yes, jdb will update sonar

The latest PTP defs are at 4/9/2014 rev.11

http://www.symantec.com/security_response/definitions.jsp

You're up to date.

Thanks Brian for your response. Just on a second thought I would like to ask you that if they are updated and on the clients if AV and NTP definations are about 4-5 behind the current date on SEPM.

Then why does it shows them in out of date clients in the SEPM Home Page ?

Regards

This reflects the client count that is out of date.