Upgrade to SEP 12 - False Positive Defintion Alerts
Created: 23 Jan 2012 | 9 comments
I recently upgraded our test environment from SEP 11.x to SEP 12.1. Since upgrading, I set up an alert for out of date IPS signatures (this is the type of information that we could not get out of SEP 11.x but wanted to), however it is now reporting that most of our test machines are out of date and shows an old IPS definiton version. However, when I actually go in to SEPM and look at the IPS definitions on those machines, they are actually up to date. Is there something I'm doing wrong here with alerts/monitors or is this maybe a bug?
Discussion Filed Under:
Comments
change the date format To
change the date format
To Modify the date format used by the SEPM:
check the article
http://www.symantec.com/business/support/index?page=content&id=TECH164272
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
The security status on the
The security status on the home page has been properly reporting that no attention is needed, however, I will try this. This is a problem with the automated email monitors/notifications that are sent based on conditions that I have configured. In these email notifications, is shows that the IPS signature date is: 01/06/2012 r1 for the clients however when I look at the clients in the console, their IPS signature date is actually 01/20/2012 r1.
Do you think this is the same issue?
I tried this and the
I tried this and the notification is still sending out incorrect information saying the IPS definitions are out of date. I've attached an image, at the top is the notification and at the bottom is a clip from the SEPM showing that the defintions are not what the notificiation says. Changing the date format just changed the format in the message, not the actual data.
Anyone have any ideas?
This is a big part of what management was hoping to see out of the new version.
Could you try ...??
Hello,
Could you try deleting the Notification and Re-creating a new one and check if that resolves??
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | SCTS | ITIL v3
Follow me on Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helped yo
I deleted the old one and
I deleted the old one and created a new one and I still have the same problem where it is seeing an incorrect definition date/version.
I set up some additional
I set up some additional alerts for SONAR definitions and the same type of problem is occurring.
The monitor seems to think that the SONAR definitions for two computers is 01/09/2012 r3 however I can see within the console that the definition file is 01/23/2012 r4. Anyone else seeing this? Any ideas?
I also completely removed and
I also completely removed and reinstalled the client... no dice.
Please report the case to
Please report the case to Symantec Support team, they would collect the necessary logs and would get back with you.
Contact info:-
Regional Support Telephone Numbers:
United States: 800-342-0652 (407-357-7600 from outside the United States)
Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
United Kingdom: +44 (0) 870 606 6000
Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp
How to create a new case in MySupport
http://www.symantec.com/business/support/index?page=content&id=TECH58873
I have a support call open,
I have a support call open, just having trouble getting in touch with the technician.
I did find this article: http://www.symantec.com/business/support/index?page=content&id=TECH144817 that seems to be the problem (or very similar).
Would you like to reply?
Login or Register to post your comment.