Endpoint Protection

 View Only

  • 1.  DarkNetwork vs Standard client

    Posted Jul 05, 2017 03:56 AM

    Hello.

    I have some PCs with windows8.1 and SEP 14MP2. Few have "Standard Client" settings and others "Dark Network Client" settings.

    On all Standard clients I have:
    Virus and Spyware Protection July 3
    Proactive Threat Protection June 27
    Network and Host Exploit Mitigation July 3

    On all Dark Network clients:
    Virus and Spyware Protection July 3
    Proactive Threat Protection June 27
    Network and Host Exploit Mitigation June 28
    (screenshots attached)

    Can please someone advice, is it ok for DarkNetwork clients to not download "Network and Host Exploit Mitigation" defenitions from SEPM? 
    Thank you in advance



  • 2.  RE: DarkNetwork vs Standard client

    Posted Jul 05, 2017 11:38 AM
    They should be able to download it without issue.


  • 3.  RE: DarkNetwork vs Standard client

    Posted Jul 06, 2017 07:49 AM
      |   view attached

    Hello Brian,
    Thank you for your comment. Actually it's appears that all SEP in my network stop to check for "Intrusion Protection" and "Host Integrity" defenitions updates. All otheres defenitions are checked. (screenshot attached)

    Do you have any idea why it happens? 



  • 4.  RE: DarkNetwork vs Standard client

    Posted Jul 06, 2017 08:02 AM

    Not sure whithout digging deeper into it. Does SEPM download the IPS content? Have you run SymDiag on an affected client to see if it shows issues/errors?



  • 5.  RE: DarkNetwork vs Standard client

    Posted Jul 06, 2017 08:29 AM

    Yes, 07/05/2017 r21 IPS content available.
    SymDiag show no error.
    I install a client from SEPM to one affected PC with settings "new package deploying" "Default installation for Windows" and include virus defenitions to the installation package. Now SEP on this PC shows that IPS defs are July 5, 2017 r21, but still on troubleshoot view "Intrusion Protection" and "Host Integrity" last checked marked as "never".

    So looks like content is available but endpoints just stop to check for it...



  • 6.  RE: DarkNetwork vs Standard client

    Posted Jul 06, 2017 08:30 AM

    Or maybe it's just a "cosmetic" bug in that view and the defs are installed properly.

    Does this folder have the content installed?

    C:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.2332.0100.105\Data\Definitions\IPSDefs



  • 7.  RE: DarkNetwork vs Standard client

    Posted Jul 06, 2017 09:00 AM

    Ok...
    I downgrade client version from 14.0.2415.0200 to 14.0.2349.0100 and it starts works as expected.... Is it possible that issue appear because i have SEPM 14MP0 and all SEP are 14MP2? 
    It's very sad because i've already add 14MP2 SEP to standard installation...



  • 8.  RE: DarkNetwork vs Standard client

    Posted Jul 06, 2017 09:04 AM

    SEPM 14 should be able to manage all versions of 14 regardless of older or newer. However, it's always recommended to be on the same version of SEPM and SEP clients. I believe 14 MP2 may have its own content so in this case it appears an older SEPM cannot provided the newer MP2 content. I would suggest getting the SEPM up to MP2.



  • 9.  RE: DarkNetwork vs Standard client

    Posted Jul 06, 2017 09:08 AM

    Ok. Will schedule SEPM upgrade tomorrow. Will let you know. Thank you for your help



  • 10.  RE: DarkNetwork vs Standard client

    Posted Jul 06, 2017 09:09 AM

    You're welcome.



  • 11.  RE: DarkNetwork vs Standard client

    Posted Jul 07, 2017 06:35 AM

    Hello,
    Upgrade SEPM to MP2 didnt help.
    Looks like i have the same issue as https://www.symantec.com/connect/forums/troubles-ips-updates