Why is Virus Definition Report incorrect?
Created: 31 Aug 2012 | Updated: 18 Oct 2012 | 74 comments
Every day I receive an emailed Administrator Daily Summary Report from Symantec Endpoint Protection Manager. And everyday the section on Virus Definition Distribution says there are more PCs out of date than there really are. It will say there are 4 PCs out of date by 7 days, but will only list 1 PC. (see attachment) The same report is also in the program when I open it. Why is this? Thanks in advance!
Discussion Filed Under:
Comments 74 Comments • Jump to latest comment
What is SEPM version ?
Have you check manualy Out of date System ?
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
SEPM version is 12.1.1000.157
I'm not sure what you mean by the second question though.
Thanks!
Remove...
Edit...
Are you having unmanged client ?
are you using image OS ?
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
No, we don't use imaged OSs, and to my knowledge there should not be any unmanaged clients.
Hi,
Have you looked at upgrading the OS?
Update your OS and also take a look at the system clock maa look at the clock in bios
After upgrading the system to update your solution and run a scan in safe mode
Then check reports
hugs
Fabiano Pessoa
Systems Analyst - Forensic Expert
Unfortunately upgrading the OS is not something we can do right now.
What is "system clock maa?"
Hi,
Sometimes the system clock also changes its forms.
Fabiano Pessoa
Systems Analyst - Forensic Expert
How do I know if that has happened? Thanks!
If your operating system is windows?
If you let me know and I will continue to help you
hugs
Fabiano Pessoa
Systems Analyst - Forensic Expert
Yes, it is Windows.
have you any SEP 11 Client ?
Please check Manually in sepm Console how many system are out of 7 days ?
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
I am new to the position and to SEPM and I don't know how to find out if there are any SEP 11 Clients or how to manually check which systems are out of date. Sorry.
How many system difference daily reports?
Currently Report saying 3 systems different.
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Correct, there is a "4" noted there but only 1 is listed. It seems like there is a discrepancy every day.
Yes rest of three system are yet not reporting your sepm console.
So it's SEPM server showing out of date.
please check manually in sep console how many system are not update in 7 days?
do you have access SEPM console ?
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
OK, I figured out how to check manually the Virus Definitions Distribution in the SEPM console. It appears that only 1 is out of date for the past 7 days. So should I not worry about the discrepancy in the numbers that are being reported in the daily emailed report?
Yes, you can export all SEP Client and Sorting by defination Date.
How to Export SEP client
https://www-secure.symantec.com/connect/forums/how-print-out-all-sep-client
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
I did not get a "Search Clients pop-up" as stated in the instructions.
HI,
Are you login SEPM console on admin account ?
There is an easy way to copy sep client
you can open the required group to export its clients and select all clients "Ctrl+A" and then copy "Ctrl+C" then past it in Notepad or Excel.
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
That didn't work for me. Thanks though.
Hi,
It was an upgrade or a fresh install?
I would like to suggest to check with the latest version i.e SEP 12.1 RU1 MP1 (12.1.1101.401)
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
This was installed a while back before I worked here. SEPM version is 12.1.1000.157
Hi,
As per your converstation, i would suggest you that you can create the daily notification for the same.
It help you to find the old defintion systems with hostanme/ip address.
Steps are below
Open and login to the SEPM
Click Monitors
Click Notifications
Click Notification Conditions
Click Add
Select "Virus definitions out-of-date"
Enter the notification name(eg- old defintion)
Select condition (eg- 3 computers with virus definitions older than 2 and so on days )
Add your email id here.
Then Ok.
Sorry, I can't quite understand your instructions. Particularly this part: "Select condition (eg- 3 computers with virus definitions older than 2 and so on days)"
Hi,
Try the following steps:
Delete daily summary report, before deleting check the settings.
Repair SEPM through add/remove programs.
Again create same daily summary reports & check.
A weekly summary report is showing correct information?
What's the size of sem5.db? It will be under C: or installed drive \Program Files or (x86)\Symantec\Symantec Endpoint Protection Manager\db
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
Hi Chetan,
Thanks for the info. I delete the report and re-created it, repaired SEPM, and the new report shows the same thing. I couldn't find sem5.db.
Hi,
Try following steps:
1) SEPM --> Admin --> Servers --> Local Site --> Edit Site properties --> Chnage management server log settings expires after 1 day.
Note: It will wipe out entire database entries, you have a limited number of clients so I think you can go ahead with this setting.
Wait for a one day
2) On day 2, Stop the Symantec Endpoint Protection Manager Service
Go to C:or Installed drive \Program Files or (x86)\Symantec\Symantec Endpoint Protection Manager\Tools
Run updatedbtime.bat
3) Go to Admin --> Servers --> localhost --> Select Rebuild indexs now & Truncate transactions log now
4) Monitor new report.
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
I don't get the option for log settings. Attached is what I get:
Hi,
My apologies, screenshot were taken from SEP version 11.
In SEP version 12.1 it's under localhost properties.
SEPM --> Servers --> Local host ---> Edit database properties.
The screenshot is attached to the reference.
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
I did this:
2) On day 2, Stop the Symantec Endpoint Protection Manager Service
Go to C:or Installed drive \Program Files or (x86)\Symantec\Symantec Endpoint Protection Manager\Tools
Run updatedbtime.bat
And got this error: (see attachment)
Hi,
Check symantec Database services are running or not ?
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Hi,
Go to services.msc, check Symanec Endpoint Protection Manager and Symantec Embedded database services are running or not?
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
They are both running (but I had stopped SEPM earlier as directed in the instructions).
Hi,
If possible reboot the server & try to run updatedbtime.bat
If above steps didn't help, you have following choices left.
1) Upgrade to the latest SEP version i.e SEP 12.1 RU1 MP1
2) Log a web case with Support.
How to create a new case in MySupport
http://www.symantec.com/docs/TECH58873
How to Create and Validate a SymAccount for using Symantec's MySupport
http://www.symantec.com/docs/HOWTO31127
3) SEP next release SEP 12.1 RU2 is on road map, you can test with beta version
https://symbeta.symantec.com/login.html
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
Rebooting didn't help. :(
How do I know what version I have and how do I upgrade?
(BTW, the link above for creating a new case provides outdated information. I can figure it out, just FYI)
Thanks again!
Hi,
To check current version, login to the SEPM console. On the right hand top corner you will see Help option, Select that & click on about.
It will tell you the SEPM version details.
Check till date SEP releases: http://bit.ly/m0vOJp
Let me know SEPM version I will tell you the possible upgrade path.
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
Hi Chetan,
Thanks for the info. I have version 12.1.1000.157
BTW, I tried several times to create a case via Symantec's website. I keep getting this error (attached). This has happened to me before which is why I never use the website.
Hi,
SEPM version 12.1.1000.157 i.e SEP 12.1 RU1.
The latest version is 12.1.1101.401 i.e. SEP 12.1 RU1 MP1
You can directly upgrade from SEP 12.1 RU1 to SEP 12.1 RU1 MP1.
You need to download setup files from https://fileconnect.symantec.com, you would require a serial number which starts with 'M'. Eg. M1122334455
If facing problem to log a web-case then Please contact Symantec Technical Support via the support phone numbers listed below
Regional Support Telephone Numbers:
United States: 800-342-0652 (407-357-7600 from outside the United States)
Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
United Kingdom: +44 (0) 870 606 6000
Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp India: Toll-Free 000 800 4401 456
IDD call: +61 2 8220 7111
Contact Symantec Customer Care on
http://www.symantec.com/support/assistance_care.jsp
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
Which of these do I download? Thanks!
Hi,
Download Symantec_Endpoint _Proection_12.1.1_MP1_SEPM_EN.exe.
After download extract it & run setup.exe, it will start the SEPM upgrade.
Prior to upgrade always take a database backup.
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
Hello,
Check this Article:
Understanding the Downloads of Symantec Endpoint Protection (SEP) 12.1 available on Symantec FileConnect website.
In your case, you would have to download the Symantec_Endpoint_Protection_12.1.1_MP1_Part1_Installation_EN
which includes all the Installation of
SEPM 12.1RU1 MP1 , SEP 12.1 RU1 MP1 (32 bit) , SEP 12.1 RU1 MP1 (64 bit), SEP MAC 12.1 RU1 MP1
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
I am not able to extract any SEPM files that I download.
This is as far as I get and it hangs up (see below). Do you know what I am doing wrong?
Hi, good afternoon, how are you?
Make an easier way to remove the PCs on the network each you upgrade the operating system and version of your security solution separately in each
Do it one by one and then put in the network again
will work
hugs
Fabiano Pessoa
Systems Analyst - Forensic Expert
OK sorry, not quite sure I understand, could you rephrase? Or write it in Portuguese or Spanish - Entendo :)
Oi,
Que bom que você entende o português !! (risos)
Vamos lá, eu quis dizer que poderi fazer o seguinte;
Retirar as máquinas da rede e atualizar uma a uma fora da rede, atualizando o sistema operacional e a solução de segurança utilizada por você.
O problema pode estar na conformidade e é de se imaginar que como as nossas soluções procuram conformidade, uma delas não entrando a outra recusa.
Então, poderíamos tentar reaver isso pelo modo de separar as máquinas, atualizar sistema operacional e solução de segurança e retornar as mesmas para rede e aí sim atualizar todas juntas.
Já tentou isso ?
Grande abraço
Fabiano Pessoa
Systems Analyst - Forensic Expert
oi,
Se você tiver baixado apenas arquivos de instalação do SEPM de FileConnect como eu havia dirigido, então, provavelmente, não vai ser um arquivo zip.
Nesse caso, não há necessidade de extraí-lo, ir diretamente para a pasta de download.
Execute o setup.exe e atualização será iniciado.
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
Muito obrigada Chetan e Fabiano! :)
Tudo esta funcionando agora!!
Well, the upgrade seemed to keep the Virus Definition Distribution report straight for a couple of days, but now my problem is back again. There is a 2 listed but only one computer reported.
Hi,
I would suggest you to test with SEP 12.1 RU2 beta version.
Let me know if you faced the same issue.
https://symbeta.symantec.com/login.html
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
I logged in to get the Beta version but this is all I see. Where do I go? Thanks!
HI,
I Think this is something bug.
You can try test with beta version
or you can will be be wait for release date.
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Hi,
Go to beta agreement, accept the agreement.
You have to download SEPM beta setup.
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
There is no way to accept the beta agreement. It just lists the agreement, that's all. :(
Wondering if BETA testing is closed...
SEP Knowledge Base
Endpoint SWAT
Hi,
Go to the Home tab, select download beta build
Screenshot is attached to the reference.
Now select Download SEP 12.1.2 SEPM beta build.
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
Yes, maybe it is closed. I don't have those options (see below):
Hi,
It's not closed.
Beta2 is now open for testing.
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
Just got the email about Beta2 being available.
SEP Knowledge Base
Endpoint SWAT
Oh well, I can't access it. Guess I'm forever doomed.....at least during Beta.....
You've registered and created an account?
SEP Knowledge Base
Endpoint SWAT
Yes
Okey dokey, Beta is installed and everything seems to be fine so far - Virus Distribution Definitions have been correct for the past couple of days. Thanks for everyone's help! :)
I am still receiving a Virus Definition Distribution report that has (2) listed but only shows one PC. Any more ideas?
Hi,
Are you using OS image while deploying SEP?
Check this article
http://www.symantec.com/business/support/index?pag...
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
Actually no, we don't do imaging here, it's a small agency.
Hi,
It's not working after an upgrade to SEP 12.1 RU1 MP1 nor with SEP 12.1 RU2 beta version.
I hope SPEM and SEP clients both are on the same version.
With reference to this thread it seems that you have less number of clients in the network.
Is it possible to recreate the new database? Replace Sylink.xml to restore clients communication?
If not possible we will try to follow some other troubleshooting steps.
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
I have never recreated the database so I'm not sure if I can do it or not. Any links to directions for this? Thanks!
How do I tell what SEP version the client is using?
Hi,
After logon to the SEPM console, click on help tab & select about option.
Screenshot is attached to the reference.
For SEP clients, GO to Computers tab & select client status view.
Database reinstall is nothing but SEPM reinstall.
You will have to uninstall SEPM through add/remove programs and do a fresh install :)
SEPM 12.1 Fresh install with Embedded database - graphical overview
http://bit.ly/KUWxaS
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
Is there any update on this?
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
Same errors as before. I give up ;)
Hi,
You should call now support to find out root cause of an issue.
Please contact Symantec Technical Support via the support phone numbers listed below
Regional Support Telephone Numbers:
United States: 800-342-0652 (407-357-7600 from outside the United States)
Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
United Kingdom: +44 (0) 870 606 6000
Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp
Contact Symantec Customer Care on
http://www.symantec.com/support/assistance_care.jsp
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
Hi,
I haven't give up
According to the fix notes of latest SEP version i.e. SEP 12.1 RU2, issue is resolved in this release.
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
Hmm... I think this is SEPM bug....
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Well I am running SEP 12.1 RU2 and the administrator daily summary report still has frequent errors in the virus definitions section. It seems to have more errors on "< 24 hours" and " > 1 day". For instance the report I generated from the management console a few moments ago says there are 222 that are > 1 day old, but when I expand the list there are 763. This is only one example. Is anyone else having issues with the Administrator Daily Summary report on 12.1 RU2?
Would you like to reply?
Login or Register to post your comment.