Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

SONAR Content Failures exceeds the Maximum Acceptable

  • 1.  SONAR Content Failures exceeds the Maximum Acceptable

    Posted Aug 27, 2013 03:25 AM

    Hi All,

    Someone can help me? I noticed that SONAR Content for many computers are Out-of-date this morning? What is the root cause and how to fix this.

    Your prompt feedback will be very appreciate.

    Thanks



  • 2.  RE: SONAR Content Failures exceeds the Maximum Acceptable

    Posted Aug 27, 2013 03:36 AM

    Hi,

    Please check the below thread.There was a known issue about this -

    Please have a look at this article:

    SONAR Definitions are not updated on SEP 12.1 Clients.

    http://www.symantec.com/docs/TECH178125

     

    Even Try to clean the defintion

    How to clear out definitions for a Symantec Endpoint Protection 12.1 client manually
    http://www.symantec.com/docs/HOWTO59193



  • 3.  RE: SONAR Content Failures exceeds the Maximum Acceptable

    Posted Aug 27, 2013 03:38 AM

    whats the sonar definition on your SEPM? you can view that under sepm-servers-liveupdate tab

    is your sepm getting updates from Luadmin or from internet, if from Luadmin check if you have select SONAR.

     

     


  • 4.  RE: SONAR Content Failures exceeds the Maximum Acceptable

    Posted Aug 27, 2013 04:14 AM

    Hi Rafeeq,

    The computers up to date have the sonar content bellow :

    uptodate1.jpg

    The computers out of date have the sonar content bellow:

    outofdate1.jpg

    Here is the log from server tab:

    log1.jpg



  • 5.  RE: SONAR Content Failures exceeds the Maximum Acceptable

    Posted Aug 27, 2013 04:21 AM

    machines which are 8/22 definitions do they get the updates from internet or from SEPM.

    Just want to make sure if SEPM indeed downloaded the updates

    open Liveudpate policy. on the right hand side you will find Liveupdate content. Select sonar. select use a revision. Do you see 8/22 listed?



  • 6.  RE: SONAR Content Failures exceeds the Maximum Acceptable

    Posted Aug 27, 2013 04:38 AM

    Yes i see 8/22 listed



  • 7.  RE: SONAR Content Failures exceeds the Maximum Acceptable

    Posted Aug 27, 2013 06:00 AM

    Sylink log would have more info. Enable sylink log and run update policy. post the log here

    or run intelligent udpater which will update your sonar defs immediately

    http://www.symantec.com/security_response/definitions.jsp



  • 8.  RE: SONAR Content Failures exceeds the Maximum Acceptable

    Posted Aug 27, 2013 07:46 AM

    How can i run intelligent udpater?



  • 9.  RE: SONAR Content Failures exceeds the Maximum Acceptable

    Posted Aug 27, 2013 08:05 AM

    Download from  here and update it

    http://www.symantec.com/security_response/definitions/download/detail.jsp?gid=savce



  • 10.  RE: SONAR Content Failures exceeds the Maximum Acceptable

    Posted Aug 27, 2013 09:00 AM

    Ok  Rafeeq, i'll do it and revert to you. Big thanks for your assistance.



  • 11.  RE: SONAR Content Failures exceeds the Maximum Acceptable

    Posted Aug 28, 2013 06:17 AM

    Hi Rafeeq,

    Why i can't see the 'inbox' directory as following paths On the SEP client :

    %ALLUSERSPROFILE%\Symantec\Symantec Endpoint Protection\CurrentVersion\inbox  ?

    Regards
     


     



  • 12.  RE: SONAR Content Failures exceeds the Maximum Acceptable

    Posted Aug 28, 2013 06:50 AM

    for inbox to appear you need to check " Enable third party content" in Liveudpate policy. Once done that update the policy on the client. it will create that folder

    Instead of waiting for it to happen you can create that folder manually.