Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Unmanaged Client - PTP definitions stuck or not ?

Migration User

Migration UserJan 30, 2015 09:19 AM

 Chetan See attached screenshot.

  • 1.  Unmanaged Client - PTP definitions stuck or not ?

    Posted Jan 30, 2015 09:04 AM

    Hello

    Following a fresh install of the Endpoint 12.1.5 Client onto a Windows 7 PC I am getting a Proactive Threat Protection version dated 10 December 2014 r12.  This seems rather old.

    The same happens on a different computer when I upgraded the client from Endpoint 11 to 12.1.5.  In both cases the LiveUpdate logs show no errors.

    I am using unmanaged clients.

    According to this webpage, as of today, 30 Jan 2015,

    http://www.symantec.com/security_response/definitions.jsp

    the 12.1.5 Behaviour Based Protection should be at 6 January 2015 rev 11 -  I understand that this is displayed as "Proactive Threat Protection" on the Endpoint 12.1.5.client. 

    So the question is whether my unmanaged clients are updating properly, or is the webpage with the current versions wrong, or have I misinterpreted the web page ?

    The other two signatures "Virus&Spyware", and "Network Threat", do update correctly, several times a day.

    The SymHelp utility does not report any issues.

    Any suggestions gratefully received.

    Mike

     

     

     

     



  • 2.  RE: Unmanaged Client - PTP definitions stuck or not ?

    Posted Jan 30, 2015 09:07 AM

    Yes. 1/6/15 r11 is latest for PTP

    Have you tried a repair?



  • 3.  RE: Unmanaged Client - PTP definitions stuck or not ?

    Broadcom Employee
    Posted Jan 30, 2015 09:07 AM

    Hi,

    Could you post Screenshot of SEP client GUI?

    These are the recent defintions.

    sCREENSHOT1.jpg



  • 4.  RE: Unmanaged Client - PTP definitions stuck or not ?

    Posted Jan 30, 2015 09:19 AM
      |   view attached

    Chetan

    See attached screenshot.



  • 5.  RE: Unmanaged Client - PTP definitions stuck or not ?

    Posted Jan 30, 2015 09:28 AM

    And you said symhelp didn't show any errors?

    If you go into C:\ProgramData\Symantec\Symantec Endpoint Protection\<version>\Data\Definitions\BASHDefs

    How many folder are there and what dates?



  • 6.  RE: Unmanaged Client - PTP definitions stuck or not ?

    Broadcom Employee
    Posted Jan 30, 2015 09:38 AM

    Thanks for the screenshot. Could you run intelligent updater and see if it can make any difference.

    Refer this article: Using Intelligent Updater files to update content on Windows computers

    http://www.symantec.com/docs/HOWTO80903 

    Also try this way.

    How to determine if virus definitions of Symantec Endpoint Protection client (SEP) 11 or 12 Small Business Edition, are corrupted

    http://www.symantec.com/docs/TECH97677 

    If definitions are corrupted  see this: How to clear out definitions for a Symantec Endpoint Protection 12.1 client manually

    http://www.symantec.com/business/support/index?page=content&id=HOWTO59193

    Can give a try with SEP client repair also through add/remove program also.

    I hope it will help.

     



  • 7.  RE: Unmanaged Client - PTP definitions stuck or not ?

    Posted Jan 30, 2015 09:42 AM

    Brian

    Yes, Symhelp showed no errors.

    The C:\ProgramData\Symantec\Symantec Endpoint Protection\<version>\Data\Definitions\BASHDefs folder contains the following :

    20141210.12 (folder) - dated just after I installed Endpoint

    BinHub (folder)

    newdefs.trigger (folder)

    definfo.dat (file)

    usage.dat (file)



  • 8.  RE: Unmanaged Client - PTP definitions stuck or not ?

    Posted Jan 30, 2015 09:44 AM

    Try the manual update from here:

    http://www.symantec.com/security_response/definitions/download/detail.jsp?gid=sonar



  • 9.  RE: Unmanaged Client - PTP definitions stuck or not ?
    Best Answer

    Posted Jan 30, 2015 10:49 AM

    Thanks for that suggestion.  Doing the manual update seems to have worked.

    The problem I have now is that I need to be confident that when I deliver the PC to a customer (along with several other similar ones which I have yet to set up), that LiveUpdate will actually work the next time a SONAR update is published.  As the SONAR updates only come out infrequently this is a bit of a problem...

     



  • 10.  RE: Unmanaged Client - PTP definitions stuck or not ?

    Posted Jan 30, 2015 10:52 AM

    Something may have just been stuck.

    Problem with PTP is it isn't regularly updated, but mostly every 2-4 weeks so you're correct there.

     



  • 11.  RE: Unmanaged Client - PTP definitions stuck or not ?

    Posted Jan 30, 2015 10:54 AM

    Thanks for your suggestions.

    I did the diagnostics for corrupt definition before I started this thread but it reported no problems.

    I cleared the defintions manually which also made no difference - when LiveUpdate ran the old version of the SONAR definitions was downloaded again.  I even tried completely uninstalling Endpoint client and reinstalling but once again, LiveUpdate downloaded the old version of the SONAR defintions.

    Having finally done a manual update it now seems to be sorted.  I guess I will need to wait until the next SONAR update to see if it's working properly with LiveUpdate.



  • 12.  RE: Unmanaged Client - PTP definitions stuck or not ?

    Broadcom Employee
    Posted Jan 30, 2015 10:58 AM

    Thanks for the updates, it would be helpful for future readers as well.



  • 13.  RE: Unmanaged Client - PTP definitions stuck or not ?

    Posted Feb 25, 2015 04:02 AM

    Just to let you know that the solution proposed by Brian worked.  Having done a manual signature update, the next time the PTP definitions were updated by Symantec, they were picked up automatically by the unmanaged clients.

    Sorry about the delay but the PTP only update rarely and I couldn't be sure the solution had worked until the other day.

    Many thanks for your help.