Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

urgent problem with SEPM and the group command "Update Content"

Created: 24 Sep 2013 | 7 comments

Hi all, we have urgent problem with SEPM.

In a center, by mistake, has launched a group command "Update Content" to all computers and network is saturated.

We had to shut down the server and network SEPM has recovered.

We need to know in what way you can stop remaining commands because there is still 50% and will re-saturate the network.

I await your urgent response

thank
 

Operating Systems:

Comments 7 CommentsJump to latest comment

.Brian's picture

Are you sure it's coming from the SEPM over port 8014? My understanding of this command is that it will launch a LiveUpdate session and go out to the Internet to get the updates, not get them from the SEPM.

See this KBA:

Run Command on Client (or Group) -- Cannot stop command

Article:TECH106007  |  Created: 2008-01-23  |  Updated: 2009-01-19  |  Article URL http://www.symantec.com/docs/TECH106007

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture

Hello,

Commands issued from the SEPM are immediately queued for execution on the clients and cannot be cancelled or withdrawn. Use care when issuing commands to ensure that execution is appropriate and acceptable.

As a best practice, test commands on a small group of clients and evaluate behavior before executing commands on a large group of clients.

Run Command on Client (or Group) -- Cannot stop command

http://www.symantec.com/docs/TECH106007

However, when running a scan by issuing a command, the scan can be stopped.

Try the steps below - 

SEPM >> Monitors >> Command Status

scan cancel.JPG

 

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Rafeeq's picture

Delete all the cmd xml files which will be located here

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent\command

JM Jimenez's picture

Good morning and thank you all.

You seem to be causing the problem loo SEP Firewall.

Yesterday afternoon was activated politca firewall and the problems started.

Today we have an old snapshot and it seems that all is well

I will keep you informed

.Brian's picture

Do you need more assistance with your problem or were you able to get it resolved?

If you could post an update for followers of this thread that would be most helpful.

Otherwise, if resolved, you can close the thread out by clicking the "Mark as solution" link at the bottom left on the most helpful post. If multiple posts helped to solve your problem, please click the "Request split solution" link at the bottom left, select the most helpful posts and click the "Submit" button. This will benefit admins looking for a resolution to the same problem.

Thanks and take care,
Brian

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.