Endpoint Protection

 View Only

  • 1.  WMI Antivirus Version incorrect

    Posted Jul 16, 2015 03:06 PM

    I use a network monitoring software that can scan Windows clients via WMI to list installed apps and their versions.  I have a mixed environment, and some of my XP Pro SP3 systems do not display the correct version.

    The system correctly identifies the Symantec Endpoint Protection client and the current version for software, but when reading the WMI data for Security Center's Antivirus Version, it shows a completely different version.

    1. Confirmation.

    Using wbemtest, navigating to SecurityCenter, it lists the installation and under the versionNumber property, it shows CIM_STRING 12.1.0.0 instead of the installed 12.1.6x.  Other XP systems report other versions (but not the correct ones), and Windows 7 versions are reporting correctly via WMI.

    2. Troubleshooting:

    2.1 Deleted the entry for the antivirus product using wbemtest.  Rebooted, and it again shows the incorrect version.  

    2.2 Uninstalled SEP client, rebooted system, and ran cleanwipe utility.  Verified system is clean and no AV product detected via WMI.

    2.3 Redeployed SEP client, rebooted system, and it still shows incorrect version via WMI.

    My question is: why are some of my endpoints not displaying the correct version under AntivirusProduct version in the Security Center, but it does show the correct version under installed programs?  How can this be resolved so it shows the correct version without manually editing it?



  • 2.  RE: WMI Antivirus Version incorrect

    Posted Jul 16, 2015 03:15 PM
    Something may have changed in 12.1.6 as it showed correctly with 12.1.5 when I'd pull it using powershell.


  • 3.  RE: WMI Antivirus Version incorrect

    Posted Jul 16, 2015 03:20 PM

    This has been a known issue with SEP 12.12 & earlier. once a customer came complaining the same issues when I used to work for symantec. To my knowledge it is the issue with the WMI script that you are using.



  • 4.  RE: WMI Antivirus Version incorrect

    Posted Jul 16, 2015 04:41 PM

    I'm not using a script to pull that data.  As shown in the screentshot which was attached, I'm looking at the local WMI repository via wbemtest.

    https://technet.microsoft.com/en-us/library/cc180684.aspx

    It is the correct field, but the wrong information in said field.  Symantec is populating it incorrectly as far as I can tell.

    SEP_WMI.jpg



  • 5.  RE: WMI Antivirus Version incorrect
    Best Answer

    Posted Jul 16, 2015 05:29 PM
    This would be something Symantec would need to be aware of


  • 6.  RE: WMI Antivirus Version incorrect

    Posted Jul 16, 2015 05:52 PM

    The issue mentioned in the article at the below like is not the exact one. But it looks like similar. So, I would suggest you to try the solution mentioned on atleast one of the affected computer and check.

    Windows Security Information Center does not report the SEP client running state correctly

     



  • 7.  RE: WMI Antivirus Version incorrect

    Posted Jul 16, 2015 06:38 PM

    I have essentially done that when I deleted the entry for the antivirus object via wbemtest application.  It removes the entry from the WMI directory.  I have submitted a case with support and will see what they have to say.  



  • 8.  RE: WMI Antivirus Version incorrect

    Posted Jul 17, 2015 09:02 AM

    Please don't forget to update this thread as it will be helpful for us to know how to resolve this issue in future.