Vidéos d'aide de Screencast

Intrusion Prevention Signature Failures

Created: 16 Janv. 2013 • Updated: 16 Janv. 2013 | 10 comments
Ce problème a été résolu. Voir la solution.

This morning my SEPM 12.1.2015.2015 is reporting a Failure Ratio of 47.7%

Status Details show most clients are reporting "Not Available" and the rest show signatures 14/7/2011 r1

Liveupdate shows no updates found. 

Symantec shows current sifgnatures as Definitions Released: 1/16/2013

Extended Version: 1/15/2013 rev. 11

Commentaires CommentairesAccéder au dernier commentaire

l'image des Brɨan

Check the LiveUpdate.log on the SEPM for errors.

What does an up to date client show?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

l'image des Ashish-Sharma

HI,

Just wait some time,It's update automatic

Network-Based Protection (IPS): It's showing Latest

Extended Version: 1/15/2013 rev. 11
 

Thanks In Advance

Ashish Sharma

l'image des SebastianZ

What version do you see available in the SEPM console -> Admin -> Servers -> Local Site -> Show Available Downloads? If it is the same - you should be with the current revision.

l'image des thedominion

Now 74.69%

Liveupdate downloads shows,

Intrusion Prevention signatures Win32 11.0 01/15/2013 r1 January 16, 2013 12:07:26 AM EST

Client displaying IPS Defs as "not available" in SEPM show Sequence 130115011 DTD 1/16/2013 in the client.

In SEPM under LUP Policies>Content Revision shows IPS Win32 11.0 Rev 01/15/2013 r1

My next step is to bounce the server.

SOLUTION
l'image des Brɨan

Your failure rate now shows 74.69% ?

What happens if you try to update a client by running liveupdate just as a test? Does it update?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

l'image des Ashish-Sharma

HI,

You can wait some time It's automatic Update when System are online ...

Thanks In Advance

Ashish Sharma

l'image des thedominion
The following Symantec products and components are installed on your computer:
 
> Symantec Endpoint Protection Client
> SONAR Definitions
> AP Portal List
> Extended File Attributes and Signatures
> Centralized Reputation Settings
> Intrusion Prevention Signatures
> Submission Control Thresholds
> Virus and Spyware Definitions Win64
> Symantec Whitelist
> Virus and Spyware Definitions Win64 (hub)
> Revocation Data
 
Initializing...
Connecting to liveupdate.symantecliveupdate.com...
Connected to LiveUpdate server successfully.
 
There are 11 update(s) to be downloaded.
Downloading catalog file (1 of 11) finished.
Downloading catalog file (2 of 11) finished.
Downloading catalog file (3 of 11) finished.
Downloading catalog file (4 of 11) finished.
Downloading catalog file (5 of 11) finished.
Downloading catalog file (6 of 11) finished.
Downloading catalog file (7 of 11) finished.
Downloading catalog file (8 of 11) finished.
Downloading catalog file (9 of 11) finished.
Downloading catalog file (10 of 11) finished.
Downloading catalog file (11 of 11) finished.
 
Session summary: 0 update(s) available, 0 update(s) installed.
LiveUpdate session is complete.
 
l'image des Brɨan

I would do a restart to see what happens.

You can also run a repair on the SEPM

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

l'image des thedominion

Reboot appears to have cleared this up as all clients now show an IPS def date in this year.

Thanks to all those that chimed in with recommendations.