Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Sonar Content Failures - Out of date content

  • 1.  Sonar Content Failures - Out of date content

    Posted Feb 23, 2015 01:21 PM

    I have 3 of 11 workstations with out of date Sonar Content. I tried changing the communication policies in SEPM from push to pull mode but I do not see any policies for communications.

    This is an SBS 2011 server and we are using SEPM Small Business Edition 12.1.5.

    Here is the KB article I was using to troubleshoot my issue.

    http://www.symantec.com/business/support/index?page=content&id=TECH178125



  • 2.  RE: Sonar Content Failures - Out of date content

    Posted Feb 23, 2015 01:23 PM

    And if you run LU manually? What date shows?

    Run the symhelp tool on one affected machine, see if defs are corrupt.



  • 3.  RE: Sonar Content Failures - Out of date content

    Posted Feb 23, 2015 02:45 PM

    Here is what I get when I run the liveupdate.

     

    February 23, 2015 10:39:32 AM AKST:  LiveUpdate succeeded.  [Server: AppServer]
    February 23, 2015 10:39:32 AM AKST:  LUALL.EXE finished running.  [Server: AppServer]
    February 23, 2015 10:39:32 AM AKST:  LUALL.EXE finished.  There were no new content updates. Return code = 1.  [Server: AppServer]
    February 23, 2015 10:39:31 AM AKST:  No updates found for SPC AntiVirus Client Mac 12.1 (English).  [Server: AppServer]
    February 23, 2015 10:39:31 AM AKST:  No updates found for Symantec Endpoint Protection Win64 12.1 (English).  [Server: AppServer]
    February 23, 2015 10:39:31 AM AKST:  No updates found for Symantec Endpoint Protection Win32 12.1 (English).  [Server: AppServer]
    February 23, 2015 10:39:31 AM AKST:  No updates found for Centralized Reputation Settings 12.1 RU5.  [Server: AppServer]
    February 23, 2015 10:39:31 AM AKST:  No updates found for SONAR scan engine Win32 11.0.  [Server: AppServer]
    February 23, 2015 10:39:31 AM AKST:  No updates found for AP Portal List 12.1 RU5.  [Server: AppServer]
    February 23, 2015 10:39:31 AM AKST:  No updates found for TruScan proactive threat scan commercial application list Win32 11.0.  [Server: AppServer]
    February 23, 2015 10:39:31 AM AKST:  No updates found for SONAR scan whitelist Win64 11.0.  [Server: AppServer]
    February 23, 2015 10:39:30 AM AKST:  No updates found for Virus and Spyware definitions Win32 12.1 RU5.  [Server: AppServer]
    February 23, 2015 10:39:30 AM AKST:  No updates found for Intrusion Prevention signatures Win64 11.0.  [Server: AppServer]
    February 23, 2015 10:39:30 AM AKST:  No updates found for Client Intrusion Detection System signatures 12.1 RU5.  [Server: AppServer]
    February 23, 2015 10:39:30 AM AKST:  No updates found for Revocation Data 12.1 RU5 .  [Server: AppServer]
    February 23, 2015 10:39:30 AM AKST:  No updates found for SONAR scan engine Win64 11.0.  [Server: AppServer]
    February 23, 2015 10:39:30 AM AKST:  No updates found for Submission Control signatures 11.0.  [Server: AppServer]
    February 23, 2015 10:39:30 AM AKST:  No updates found for Symantec Endpoint Protection Manager Content Catalog 12.1 RU5.  [Server: AppServer]
    February 23, 2015 10:39:30 AM AKST:  No updates found for Submission Control signatures 12.1 RU5.  [Server: AppServer]
    February 23, 2015 10:39:30 AM AKST:  No updates found for SONAR scan data 11.0.  [Server: AppServer]
    February 23, 2015 10:39:30 AM AKST:  No updates found for Symantec Whitelist 12.1 RU5 .  [Server: AppServer]
    February 23, 2015 10:39:30 AM AKST:  No updates found for SONAR Heuristics engine 12.1 RU5.  [Server: AppServer]
    February 23, 2015 10:39:30 AM AKST:  No updates found for SONAR scan whitelist Win32 11.0.  [Server: AppServer]
    February 23, 2015 10:39:30 AM AKST:  No updates found for TruScan proactive threat scan commercial application list Win64 11.0.  [Server: AppServer]
    February 23, 2015 10:39:30 AM AKST:  No updates found for SEPM LiveUpdate Database 12.1.  [Server: AppServer]
    February 23, 2015 10:39:30 AM AKST:  No updates found for SONAR scan commercial application engine 11.0.  [Server: AppServer]
    February 23, 2015 10:39:30 AM AKST:  No updates found for Extended File Attributes and Signatures 12.1 RU5.  [Server: AppServer]
    February 23, 2015 10:39:30 AM AKST:  No updates found for Power Eraser Definitions 12.1 RU5.  [Server: AppServer]
    February 23, 2015 10:39:30 AM AKST:  No updates found for Client Intrusion Detection System signatures Mac 12.1 RU4.  [Server: AppServer]
    February 23, 2015 10:39:30 AM AKST:  No updates found for Virus and Spyware definitions Win64 12.1 RU5.  [Server: AppServer]
    February 23, 2015 10:39:30 AM AKST:  No updates found for Intrusion Prevention signatures Win32 11.0.  [Server: AppServer]
    February 23, 2015 10:39:22 AM AKST:  LUALL.EXE has been launched.  [Server: AppServer]
    February 23, 2015 10:39:22 AM AKST:  Download started.  [Server: AppServer]



  • 4.  RE: Sonar Content Failures - Out of date content

    Posted Feb 23, 2015 02:48 PM

    3 client machines are showing Sonar updates from 12/10/14 and the th other 8 machines are showing todays date.



  • 5.  RE: Sonar Content Failures - Out of date content

    Posted Feb 23, 2015 02:51 PM

    Run the symhelp tool on an affected one to see if defs are corrupt



  • 6.  RE: Sonar Content Failures - Out of date content

    Posted Feb 23, 2015 03:45 PM

    Double Post



  • 7.  RE: Sonar Content Failures - Out of date content

    Posted Feb 23, 2015 03:57 PM

    How do I run the symhelp tool? I do not see it in the programs.



  • 8.  RE: Sonar Content Failures - Out of date content

    Posted Feb 23, 2015 03:59 PM

    Needs to be downloaded from here:

    Download the Symantec Help (SymHelp) diagnostic tool to detect Symantec product issues



  • 9.  RE: Sonar Content Failures - Out of date content

    Posted Feb 23, 2015 04:10 PM

    I got 2 errors and a warning.

     

    X - Disable the windows autorun feature

    X - One or more symantec endpoint protection definition sets are corrupted

    ! - SONAR is not optimally configured with a HIgh Security configuration



  • 10.  RE: Sonar Content Failures - Out of date content

    Posted Feb 23, 2015 04:11 PM

    Check "One or more symantec endpoint protection definition sets are corrupted"

    Likely need to follow this document:

    http://www.symantec.com/docs/HOWTO59193



  • 11.  RE: Sonar Content Failures - Out of date content

    Posted Feb 24, 2015 12:52 AM

    Hi Brian,

     

    Is SONAR - corresponds only to BASH ?

     

     



  • 12.  RE: Sonar Content Failures - Out of date content

    Posted Feb 24, 2015 05:46 AM

    Yes, Khi02. BASH is the driver for SONAR

    Cheers,
    Sayed



  • 13.  RE: Sonar Content Failures - Out of date content

    Posted Feb 24, 2015 06:37 AM

    Yes



  • 14.  RE: Sonar Content Failures - Out of date content

    Posted Feb 24, 2015 12:23 PM
      |   view attached

    On the one machine I ran the scans the BASH were corrupted.

    I did the steps listed and it seemed to solve the Issue on that workstation. But as soon as that machine was fixed, another machine had the Sonar error(Now 4 Machines).

    First thing this morning I checked the status and I only see 2 workstations with this error. It looks like one of them resolved it itself so I ran a scan on one of the machines. Here is an attachment of the scan.