Endpoint Protection

 View Only

  • 1.  How do clients report to SEPM when using SVA's?

    Posted Nov 21, 2014 12:50 PM

    I've implemented vShield in my environment, with SVA's installed on each of six ESXi hosts.  My understanding is that the clients (virtual machines), then become fully protected by virtue of the host, and that the SEP client is no longer necessary.  But something else seems to be going on.  When I uninstall a SEP client, that machine disappears from the SEPM console, and if I run an EICAR test on that machine, it fails to see any threat.  The SEPM console has also begun to show the vast majority of my clients offline, even though they aren't, which, I suspect, is in some way due to the server being virtual as well.  If anyone can provide me with some guidance on how to get SEPM to function properly in this scenario, I would appreciate the help. 

    The SEPM monitor shows all six hosts with their SVA's, but reports zero clients on those SVA's.  vShield looks good, with the thin agent enabled on nearly every VM at this point.  Firewalls have been checked to be off and are not the problem, either. 

     

    Thanks.

    Keith



  • 2.  RE: How do clients report to SEPM when using SVA's?

    Posted Nov 21, 2014 12:53 PM

    You still need SEP! You're unprotected if you remove it, even with SVA, see here:

    About the Symantec Endpoint Protection Security Virtual Appliance



  • 3.  RE: How do clients report to SEPM when using SVA's?

    Posted Nov 21, 2014 12:54 PM

    SEP client is needed for all the VMs, 

    About the Symantec Endpoint Protection Security Virtual Appliance

    http://www.symantec.com/business/support/index?page=content&id=HOWTO81080

     



  • 4.  RE: How do clients report to SEPM when using SVA's?

    Posted Nov 21, 2014 01:21 PM

    But how does that explain why the clients that DO have SEP are showing offline, and all of my SVA's are showing zero clients? 



  • 5.  RE: How do clients report to SEPM when using SVA's?

    Posted Nov 21, 2014 01:23 PM

    I would suggest going thru this longer thread:

    https://www-secure.symantec.com/connect/forums/sva-not-working-or-communicating-vmware-vdi-clients-or-vm-management

    You're not the only one having this issue.



  • 6.  RE: How do clients report to SEPM when using SVA's?

    Posted Nov 21, 2014 01:28 PM

    can you check this?

    Duplicate Hardware IDs result in only one client showing up in the Symantec Endpoint Protection Manager for multiple systems

    http://www.symantec.com/business/support/index?page=content&id=TECH97626
     
    are clients imported from AD? is there any AD integrarion in SEPM.
     
     


  • 7.  RE: How do clients report to SEPM when using SVA's?

    Posted Nov 21, 2014 01:59 PM

    Thank you both, it is quite possible that there is correlation to the hardware ID, as many of the machines are deployed from template.  I'll do some more testing in that direction.



  • 8.  RE: How do clients report to SEPM when using SVA's?

    Posted Nov 21, 2014 02:15 PM

    just try one one machine and check if it comes online, there are various ways to findout how many have duplicates and remove it