Endpoint Protection

 View Only
Expand all | Collapse all

The date of the definitions in Symantec Endpoint Protection clients and Symantec Endpoint Protection Manager remain at Dec 31 2009

Migration User

Migration UserJan 04, 2010 05:43 AM

Migration User

Migration UserJan 13, 2010 09:02 PM

  • 1.  The date of the definitions in Symantec Endpoint Protection clients and Symantec Endpoint Protection Manager remain at Dec 31 2009

    Posted Jan 04, 2010 01:09 AM
    Question/Issue:
    Current Situation: An issue has been identified in the Symantec Endpoint Protection Management Server (SEPM) whereby all types of SEP definition content [AntiVirus/AntiSpyware, IPS, PTS] with a date greater than 12/31/09 11:59pm are considered to be “out of date”. SEPM will continue to successfully download the antivirus and other definitions, but upon recognizing the definitions as “out of date” they will be purged from the system. The net result is that managed clients dependent on SEPM for definitions will remain on the last definition set prior to 12/31/09 11:59pm (e.g. “12/31/2009 rev. 041” version).


    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010010308571348


  • 2.  RE: The date of the definitions in Symantec Endpoint Protection clients and Symantec Endpoint Protection Manager remain at Dec 31 2009

    Broadcom Employee
    Posted Jan 04, 2010 01:11 AM

    yes, there seems to be some issue. However as per the lionk, the systems are updated. Looks like cosmetic problem.http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010010308571348

     

     



  • 3.  RE: The date of the definitions in Symantec Endpoint Protection clients and Symantec Endpoint Protection Manager remain at Dec 31 2009

    Posted Jan 04, 2010 01:49 AM
    Symantec is aware of this and its working on it.




    Title: 'The date of the definitions in Symantec Endpoint Protection clients and Symantec Endpoint Protection Manager remain at Dec 31 2009'
    Document ID: 2010010308571348
    > Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2010010308571348?Open&seg=ent


  • 4.  RE: The date of the definitions in Symantec Endpoint Protection clients and Symantec Endpoint Protection Manager remain at Dec 31 2009

    Posted Jan 04, 2010 05:43 AM
    hi there, we got the same over here!


  • 5.  RE: The date of the definitions in Symantec Endpoint Protection clients and Symantec Endpoint Protection Manager remain at Dec 31 2009

    Posted Jan 04, 2010 05:57 AM
    Actually  SEPM is not stuck on 12/31/2009,  it is updating the defintion but the date is not changing , only  the revision number of the definition will increase.    The next certified definitions to be published will have a revision number greater than 114.


  • 6.  RE: The date of the definitions in Symantec Endpoint Protection clients and Symantec Endpoint Protection Manager remain at Dec 31 2009



  • 7.  RE: The date of the definitions in Symantec Endpoint Protection clients and Symantec Endpoint Protection Manager remain at Dec 31 2009

    Posted Jan 04, 2010 10:23 AM
    Is it possible to be placed on a list of users to be notified of when this issue is resolved?


  • 8.  RE: The date of the definitions in Symantec Endpoint Protection clients and Symantec Endpoint Protection Manager remain at Dec 31 2009

    Posted Jan 04, 2010 10:38 AM
    if you subscribe to the post linked to above - the official status thread, then you will get the latest information as and when that is updated.


  • 9.  RE: The date of the definitions in Symantec Endpoint Protection clients and Symantec Endpoint Protection Manager remain at Dec 31 2009

    Posted Jan 04, 2010 12:30 PM

    So far none of my users have noticed this but its only a matter of time.  Wondering what this will do for the alerts when definitions are over x number of days old.   I have mine set to 14 days so I have a little time until that hits.

     



  • 10.  RE: The date of the definitions in Symantec Endpoint Protection clients and Symantec Endpoint Protection Manager remain at Dec 31 2009

    Posted Jan 04, 2010 02:48 PM
    We are also seeing similar issues on our unmanaged clients.  If we use LiveUpdate, they show that the most current definition file is installed, but the client displays the definitions as Thursday, December 31, 2009 r114.

    If we download and install the latest updater it will update the definitions to the version of the downloaded updater - currently Monday, January 4, 2010 r4.

    Is this to be expected or are we experiencing something different?


  • 11.  RE: The date of the definitions in Symantec Endpoint Protection clients and Symantec Endpoint Protection Manager remain at Dec 31 2009

    Posted Jan 04, 2010 03:03 PM
    From what I have seen so far, the multiple daily updates have stopped and the "latest" version of the 12/31/2009 updates is not posted on the Symantec Security Response web page.  How can we verfiy that we are getting the latest definitions  downloaded and installed?


  • 12.  RE: The date of the definitions in Symantec Endpoint Protection clients and Symantec Endpoint Protection Manager remain at Dec 31 2009

    Posted Jan 04, 2010 03:19 PM
    Is there any ETA on when this will be fixed as our remote clients will start to have problems with connections due to host integrity checking.
    We have moved to the max on our IVE but that is only 10 days.

    There is little information comming from support as to an ETA on this, even with an open call with Symantec.


  • 13.  RE: The date of the definitions in Symantec Endpoint Protection clients and Symantec Endpoint Protection Manager remain at Dec 31 2009

    Posted Jan 04, 2010 04:05 PM
    @wrr123, that is expected behaviour, since LiveUpdate is locked to the 2009 definition sets at the moment, whereas IU will force in the latest definitions.

    @knightstorm, due to the increased overhead on the response team of creating another definition set, we have had to reduce the frequency temporarily to 1 committed release per day, with the potential for more if the team bandwidth is available.  The official thread on the forum (https://www-secure.symantec.com/connect/forums/official-status-sepm-definitions-stay-31-12-2009-last-updated-04-jan-2010) will contain the latest available content information.

    @simon.partridge, our engineers are working diligently to release a patch that will resolve this, but coding is just one small part - there is much more work that needs to go into the planning and release of the fix.

    For the most up to date information directly from the product team, please continue to reference the post above.

    In addition, there is a more active thread being used to discuss this issue, which a number of Symantec Employees are monitoring, please use this to ask questions if required:

    https://www-secure.symantec.com/connect/forums/sepm-update

    thanks



  • 14.  RE: The date of the definitions in Symantec Endpoint Protection clients and Symantec Endpoint Protection Manager remain at Dec 31 2009

    Posted Jan 13, 2010 09:02 PM
    How do you subscribe to the post?


  • 15.  RE: The date of the definitions in Symantec Endpoint Protection clients and Symantec Endpoint Protection Manager remain at Dec 31 2009

    Posted Jan 22, 2010 01:35 AM
    Hi,

    I am not able to update the patch in the SEPM Server, neither is the SEPM doing it automatically. 

    Pls advice.

    regards

    R. Leonard Martin