Recently we have had clients report out-of-date definitions. The only definitions I show in the console that are out of date are SONAR. I have been told that this isn't a problem and we won't get alerts. Any particular reason TruScan can keep itself up to date but SONAR can't?

This monrning I had about 4 clients out of date...mainly SONAR defintions. This evening I have over 270. With only about 650 clients installed my console went from green to red in minutes. Most of these out of date clients are due to SONAR definitions.

This is an irritation for me but a larger issue for my boss.

 

Why is this happening?

Hello,

What is the last defintion date of Sonar on your Clients?

SONAR Definitions are not updated on SEP 12.1 Clients.

Article:TECH178125

|

Created: 2012-01-02

|

Updated: 2012-02-01

|

Article URL http://www.symantec.com/docs/TECH178125

http://www.symantec.com/security_response/definitions.jsp

Cureent Sonar Defintion date

Behavior-Based Protection

 

what is the SONAR definition on client side?

what is the SEP client version?

check this link

SONAR definition not getting the updates in 12.1 clients

http://www.symantec.com/docs/TECH178125

Hi 

 

try this link,

 

http://www.symantec.com/connect/forums/endpoint-proitection-out-date-definitions

Hi,

Please let me know the version of sep? even tell me that only sonar is not updating or all component are not getting updated.?

SONAR Definitions are not updated on SEP 12.1 Clients

http://www.symantec.com/business/support/index?page=content&id=TECH178125

http://www.symantec.com/business/support/index?page=content&id=HOWTO59193

 

Hey, SONAR Definitions are not updated on SEP 12.1 Clients. Article:TECH178125 | Created: 2012-01-02 | Updated: 2012-02-01 | Article URL http://www.symantec.com/docs/TECH1781

Hello,

I would suggest you to Migrate the SEPM and SEP clients to the Latest version of SEP 12.1 RU3 as 

SONAR and IPS Intelligent updater (IU) are now available on :

http://www.symantec.com/security_response/definitions.jsp

NOTE: These SONAR and IPS Intelligent updater are only for SEP 12.1 RU3.

Hope that helps!!

Hi,

Thank you for posting in Symantec community.

I would be glad to answer your question.

Could you please confirm the SEPM version?

Also check this article.

SONAR Definitions are not updated on SEP 12.1 Clients.

http://www.symantec.com/docs/TECH178125

 

HI, 

Is clients are getting updated after some time ?

Regards

Ajin

Thanks for all the replies. I have been pretty busy working some other issues.

SEP 12 RU2 MP1 is the current version.

For an example of why this is an irritating issue.

I believe we were on 5/21 version of SONAR definitions. Some clients reported newer versions...before the next update which I think was 5/28. I came into work that morning and 50% of my clients were out of date. Why? Well because they hadn't updated to the latest version of SONAR yet...or rather from 5/21 to 5/28. Very irritating. I don't want to change my def reminders and warnings...should not be happening.

SONAR defs should have their own separate settings that can be set and monitored independent of virus defs.

Are your clients configured to get updates from SEPM only or they can go out the internet?

is your sepm getting update from Liveupdate administrator. If  yes then check if you have checked the option to download sonar defs.

All clients are configured to get their updates from our live update distribution centers with fall back to the Internet. Systems not on the corporate network get their updates from the Internet.

Again I have clients that seem to stop trying to update SONAR defs on certain dates. Some clients do update to newer interim dates but very few.

When another major SONAR def comes out my console suddenly reports 100's of clients out of date. Since we have only recently deployed SEP 12 I expect in the future it will be 1000's of clients out of date.

I am attaching 3 screenshots. One is of my console that went red with out of date systems. Another is of the listing of out of date systems all showing 5/31/2013 as the date. The third is the list of defintions for SONAR.

Again...most clients stay at one SONAR date while only a few pick up new defs in between a major update. Going from 5/31/2013 to 6/20/2013 is UNACCEPTABLE. I should not have to explain why Symantec cannot keep these definitions up to date. Also the SONAR definitions should have their own settings for when a client is out of date. Thus I can tell the system not to alert or change when to report. Settings for defs are set for either 3 days, 7 days, or 14 days warning depending on the type of client. Three weeks is outside these settings.

I am almost to the point of disabling the SONAR feature do to this. I have opened a case and was informed "this is normal behavior". Normal behavior is not having my clients spew messages about being out of date.

 

From previous posts:

I am not going to roll back 40,00 lients every couple weeks to fix and issue that shouldn't be an issue. Intelligent update again should not be the fix...especially with 40,000 clients. Yes they finally update...with most reporting out of date.

 

No...definitions are not updated for SONAR because there is no set schedule is not an excuse for having out of date definitions.