Endpoint Protection

 View Only
  • 1.  Symantec Threat Reporter 7.2.6

    Posted Mar 09, 2009 11:09 PM

    Having problems with Current Virus Definition Distribution, on the list the info regarding the virus defs seems not updating, where could the problem be?



  • 2.  RE: Symantec Threat Reporter 7.2.6

    Posted Mar 09, 2009 11:42 PM

    Anyone?



  • 3.  RE: Symantec Threat Reporter 7.2.6

    Posted Mar 10, 2009 01:12 AM

    any comments?



  • 4.  RE: Symantec Threat Reporter 7.2.6

    Posted Mar 10, 2009 03:33 AM

    Hi! anyone?



  • 5.  RE: Symantec Threat Reporter 7.2.6

    Posted Mar 10, 2009 06:19 AM

    Have you checked if the agents (Threat Reporter Agents) on the servers have hanged? Is it only on Threat Reporter where it seemed not to be updated?



  • 6.  RE: Symantec Threat Reporter 7.2.6

    Posted Mar 11, 2009 12:34 AM

    Agents are running, but what I did now is to create a new agent schedule for inventory, I will keep it running for 2 days and will check if it will update the virus defs distribution.



  • 7.  RE: Symantec Threat Reporter 7.2.6

    Posted Mar 11, 2009 11:45 PM

    The Client Inventory Agent seems to be running now, but here are the errors from the logs.

     

    localread: D:\Program Files\Threat Reporter\Data\fff3ec0d9c5bcafa34492b4bb27DBD::mysql::st execute failed: Table 'domain' is marked as crashed and should be repaired at ../perl/sub_ImportAgent.pl line 2001, <VLOG> line 1.
    DBD::mysql::st fetchrow_hashref failed: fetch() without execute() at ../perl/sub_ImportAgent.pl line 2003, <VLOG> line 1.    
    DBD::mysql::st execute failed: Table 'domain' is marked as crashed and should be repaired at ../perl/sub_ImportAgent.pl line 2058, <VLOG> line 1.
    DBD::mysql::st fetchrow_hashref failed: fetch() without execute() at ../perl/sub_ImportAgent.pl line 2059, <VLOG> line 1.    
    813ec.INVENTORY renamed to D:\Program Files\Threat Reporter\Temp\ImportAgent_Client Inventory\fff3ec0d9c5bcafa34492b4bb27813ec.INVENTORY

     

    and additional error logs

     

     

    ERROR: failed to execute query: UPDATE inventory SET LastCheckinTime = '2009-03-12 10:08:57', 
    SAVRepCheckinTime = '2009-03-12 10:08:57',       
    GMTCheckinTime = '2009-03-12 02:08:57',         
    TimezoneFlag = '1',            
    Timezone = '999999',            

     

    Any help pls...



  • 8.  RE: Symantec Threat Reporter 7.2.6

    Posted Mar 12, 2009 09:58 AM

    I would say that it looks like corruption in one of the MySQL database tabels, you can run a fix on that via the MySQL CMD interface. (Do not remember the exact command for that)

    Try like this:

    1) Reboot the MySQL server
    2) If it still not working, check the MyISAM corruption here: http://www.mysqlperformanceblog.com/2006/07/30/mysql-crash-recovery/ (Try that recovery option)
    3) If that does not work, please consult your local MySQL guru. :)



  • 9.  RE: Symantec Threat Reporter 7.2.6

    Posted Mar 15, 2009 10:30 PM

    Thanks for the input, I managed to get updated virus defs distributions by changing the value of the domain id from INT to varchar, seems to be updating now.



  • 10.  RE: Symantec Threat Reporter 7.2.6

    Posted Mar 15, 2009 10:31 PM

    I also have a query on the threat reporter, some of the alerts are dated ahead,

    Please see below;

    Alert Date/Time:   2009-03-16 08:04:07
    DB insertDate/Time:2009-03-15 17:08:35
    it is more than 8 hours ahead, what could be affecting this???