I recently upgraded our test environment from SEP 11.x to SEP 12.1.  Since upgrading, I set up an alert for out of date IPS signatures (this is the type of information that we could not get out of SEP 11.x but wanted to), however it is now reporting that most of our test machines are out of date and shows an old IPS definiton version.  However, when I actually go in to SEPM and look at the IPS definitions on those machines, they are actually up to date.    Is there something I'm doing wrong here with alerts/monitors or is this maybe a bug? 

change the date format

To Modify the date format used by the SEPM:

1. Log into the SEPM Console
2. Click the Preferences link In the  Security Status section on the SEPM Home tab
3. Select the Logs and Reports tab
4. Select DDMMYY from the Date format combo box
5. Click the OK button to close the Preferences page
6. The changes to these settings may take a few minutes to take effect.

check the article

http://www.symantec.com/business/support/index?page=content&id=TECH164272

The security status on the home page has been properly reporting that no attention is needed, however, I will try this.  This is a problem with the automated email monitors/notifications that are sent based on conditions that I have configured.  In these email notifications, is shows that the IPS signature date is: 01/06/2012 r1 for the clients however when I look at the clients in the console, their IPS signature date is actually 01/20/2012 r1. 

Do you think this is the same issue?

I tried this and the notification is still sending out incorrect information saying the IPS definitions are out of date.  I've attached an image, at the top is the notification and at the bottom is a clip from the SEPM showing that the defintions are not what the notificiation says. Changing the date format just changed the format in the message, not the actual data.

Anyone have any ideas?  This is a big part of what management was hoping to see out of the new version.

Hello,

Could you try deleting the Notification and Re-creating a new one and check if that resolves??

Hope that helps!!

I deleted the old one and created a new one and I still have the same problem where it is seeing an incorrect definition date/version.

I set up some additional alerts for SONAR definitions and the same type of problem is occurring. 

The monitor seems to think that the SONAR definitions for two computers is 01/09/2012 r3 however I can see within the console that the definition file is 01/23/2012 r4.  Anyone else seeing this?  Any ideas?

I also completely removed and reinstalled the client... no dice.

Please report the case to Symantec Support team, they would collect the necessary logs and would get back with you.

Contact info:-

Regional Support Telephone Numbers:
United States: https://support.broadcom.com (407-357-7600 from outside the United States)
Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
United Kingdom: +44 (0) 870 606 6000
Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp

How to create a new case in MySupport

http://www.symantec.com/business/support/index?page=content&id=TECH58873

I have a support call open, just having trouble getting in touch with the technician.

I did find this article: http://www.symantec.com/business/support/index?page=content&id=TECH144817  that seems to be the problem (or very similar).