All clients are configured to get their updates from our live update distribution centers with fall back to the Internet. Systems not on the corporate network get their updates from the Internet.
Again I have clients that seem to stop trying to update SONAR defs on certain dates. Some clients do update to newer interim dates but very few.
When another major SONAR def comes out my console suddenly reports 100's of clients out of date. Since we have only recently deployed SEP 12 I expect in the future it will be 1000's of clients out of date.
I am attaching 3 screenshots. One is of my console that went red with out of date systems. Another is of the listing of out of date systems all showing 5/31/2013 as the date. The third is the list of defintions for SONAR.
Again...most clients stay at one SONAR date while only a few pick up new defs in between a major update. Going from 5/31/2013 to 6/20/2013 is UNACCEPTABLE. I should not have to explain why Symantec cannot keep these definitions up to date. Also the SONAR definitions should have their own settings for when a client is out of date. Thus I can tell the system not to alert or change when to report. Settings for defs are set for either 3 days, 7 days, or 14 days warning depending on the type of client. Three weeks is outside these settings.
I am almost to the point of disabling the SONAR feature do to this. I have opened a case and was informed "this is normal behavior". Normal behavior is not having my clients spew messages about being out of date.
From previous posts:
I am not going to roll back 40,00 lients every couple weeks to fix and issue that shouldn't be an issue. Intelligent update again should not be the fix...especially with 40,000 clients. Yes they finally update...with most reporting out of date.
No...definitions are not updated for SONAR because there is no set schedule is not an excuse for having out of date definitions.