Endpoint Protection

I have an environment with 4 SEPM servers. several thousand clients devices with a hundred or so GUPs serving them.

we use an internal liveupdate server which distributes Symantec content updates 24h later than they are official released.

 

On the Symantec home tab i have worked out that only the GUPs are reporting as being "Up to date" (green) on the pie chart, and the rest are considered "out of date" (Red)

I have checked the majority of the Desktops and i have claculated aproximately 90% of them are running as up to date from what i can see.

Any idea why is this not reflected in the Endpoint status report in the home page?

 

I have a security status - attention needed allert on the home page and when i view the details, it says content category download problems.

when i scroll down the details window only "download protection content faileures" has its maximum acceptable failure ratio exceeded, but is still under 50% failure.

there is still a green tick next to this cateory as well which doesnt seem right considering its exceeded the maximum accepted threshold...

 

Any help would be much appreciated.

 

Hi,

Are the out of date clients communicating to SEPM? Looks like these out of date clients are actually out of date or not reporting their  new status to SEP manager.

Also are these SEPMs have load balancing?

If you jump on an "affected" client does the GUI show up to date compared to what it shows in the SEPM? How often are the clients checking in (heartbeat setting)?

All the Clients are checking in to SEPM and can recieve policy updates, they appear as online in the console.

I dont understand why the GUPs are reporting as up to to date (green in the chart however none of the end client devices are...
 

Yeah, When i open the GUI on the Client the status of "your computer is Protected" and "No Problems detected", and matches up to what the SEPM console is reporting.

The heartbeat interval is every 30 minutes.

 

I find is strange ther only the GUPs are reporting as up-to-date (green) in the SEPM console but no other device is.

I tried installiung the Client device with the same intallation package that is used on the GUP but the client still didnt report as being as up-to-date in the home tab.

If you delete one of the affected clients from SEPM and let it check back in, does it report correctly?

Also, forgot to ask, but what is the exact SEPM and client version you're running?

Hi, As the client are online, double click on any of the client from clients group tab and see if it is reflecting correct definitions or not. What's the heart beat settings say? Pull or Push?

Home tab is of 12/24 hours format

if you create a report

monitor - logs- computer status 

Does it show latest defs date?

The SEPM Server and the clients GUI are reporting the same. the clients GUI says its up to date with no problems.

The communication setting is pull with heartbeat interval of 30mins.

The clients are synchronised with AD so i cannot delete anything.

Clients are running a mix of 12.1.6306.6100 and 12.1.6306.6400.

The servers are running 12.1.6867.6400.

Sorry, i meant to say the clients are running a mix of 12.1.6306.6100 and 12.1.6867.6400

Yes the clients are showing as having the latest defs installed that are available to them (04/19/17 R8)

HI,

 

Hi,

 

On the Home tab in the security status select preferences > security check if the below options are checked and default -

Its just home tab which is not getting refreshed but the DB has the latest info.

You can try running the data sweep, its optional, you can give it a try 

https://support.symantec.com/en_US/article.TECH90856.html

 

I have the same settings as these,

the home tab does reports several devices as being up-to-date i have worked out that these are the GUPs. all end user devices however are reporting as being out of date even though they done appear to be when i check the client GUI