Endpoint Protection

 SEPM is showing that almost all of my SEP client machines have outdated IPS definitions.  What would cause those not to be updating?

Clients are set to update from the SEPM server. 

What is the version you are running ? anything below mr4?

If so you need to upgrade to latest version.. check the fix id. Fix ID: 1405083

let us know the version you are running.

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007121216360648
Troubleshooting Content Delivery to the Symantec Endpoint Protection client
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008092511045348

 Sorry, running RU5

What time is it scheduled to update those machines.. pleas check whether those client have the green dot showing on the below icon.. on on SEPM and make sure that the SEPM have the latest update.. If the update is too old on those clients.. open end point and click on "FIX" are you on a server enviroment? what windows server are you on to?

Please try these steps

Troubleshooting Content Delivery to the Symantec Endpoint Protection client
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008092511045348

 The SEPM has signatures dated 10/23 -- Rev 001.  Are those the latest available?  I have a handful of clients with those signatures, but most have older versions as far back as 9/11.  Clients do have the green dot.  SEPM runs on Server 2008R2 Standard.

We are using the default liveupdate policies for both settings and content.  I double checked, and the policy does specify to get updates from the management server, and the content settings are all set to latest available.  

The IPS signature , are upto date, i checked on my machine , thats the latest one.

can u check this document and make sure things are in place


Content Update files in the \Program FIles\Symantec Endpoint Protection\LiveUpdate are growing in size

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008082210033648

 Sorry for the long time without an update.  I got pulled away from this issue and am just getting back to it.  I don't seem to have the issue Rafeeq linked to in the last post, as the directory in question is empty on both the server and the client. 

As of right now, I still have over half of my clients on IPS definitions dated 2009-09-11 rev. 001

Hi,

If its an issue with corrupt definitions, this article should take care of it:

https://www-secure.symantec.com/connect/articles/how-clear-corrupt-virus-definitions-sepm

Aniket

 Aniket -- Thanks for the suggestion.  I went through that whole process, then ran 'update content' on a client from the console, and after it finished, the client is still on 9-11 defs.  

Any other suggestions?

 Bump.  Any other suggestions?

Hi Gai-jin,

Two questions:

Are you using replication between two servers?

Where are you looking to see that IPS is outdated the homepage or client tab? Please verify that is shows as outdated in both locations.

Thanks,
Grant-

 Grant_Hall: We only have one SEPM server.  It was migrated to a new server a while back, using the replication method.

The graph on the homepage shows the IPS defenitions out of date, and when I browse to an individual client and pull up properties, it also shows out of date there.  

Thanks Gai

Well it wasn't the problem I was thinking of then (issue a while back where the homepage reported different from the client tab). I will keep looking into this. Have you opened a case with phone support yet? If so please post the case number so we can follow it.

Thanks
Grant

 I haven't opened a phone support case yet.  I probably won't be able to until next week, as we have had staff off last week and this week for the holidays.  When we're back to full staff I'll have more time.  

Gai-Jin did you manage to resolve this issue ?

I'm experiencing the same at one of our sites. I've installed SEP RU5 on the machines and rolled out IPS across the company. Only one site is having problems , the same stated above . All other sites are ok & it's the same definitions going out.....