These types of errors are generally safe to ignore, but here is what is going on:
Clients upload logs to SEPM (they upload it to Apache via the Secars.dll module).
SEPM saves the data in the inbox file. In your case, this is a file in the inbox\agentinfo folder.
Next, asyncronisly, SEPM (the Tomcat module) will scan the directory and begin to process any new files that have arrived.
After processing the files (and storing the data in the database), it will delete them.
In your case, we are talking about AgentInfo files. These are also refered to as "OpState" files (short for Operation Status, or something like that). These are XML files the SEP clients upload that show the current state of the client. It contains things like, current revision the client is running, whether or not the client is infected, operating system, etc.
What commonly happens is the "data" portion of the XML will contain some special charater. Either some special symbol, or escape charater that is not encoded properly. This causes the XML data struture to be "broken". Generally the data is not neccissarily 'corrupt', it is just that the client failed to encode it properly. This is a SEP bug.
Often the 'bad' data comes from some registry key that the SEP client copied-and-pasted into the Opstate data (often the "BIOS" name and/or version found in the registry, but there can be other sources as well).
I personally did a lot of analyzing and isolating work to fix these kinds of issues in SEP 12.1 RU2. So hopefully if you upgrade to SEP 12.1 RU2 (which should be out soon) the issue will go away.
But there is no guarentee that SEP 12.1 RU2 fixed the exact same issue you found. To analyze this further the process is as follows:
Overview:
1) You need to enable the "troubleshooting" option in SEPM (see details below). This prevents SEPM from deleting inbox data after it's processed.
2) You wait until the issues occures again.
3) You find the file specified in the error log. Since you have the troubleshooting flag on from step 1, it won't be deleted and you can find it on the disk. (The extention will be .dat.bak)
4) Analyze the XML file (The Agentinfo or "OpState" file) for XML syntax error, usually starting for some unencoded escape code in the data portion of the XML.
5) If possible, see if the issue can be fixed directly on the client Example: Modify the BIOS version string in the registry (if that's the issue). Depending on the exact field that is causing the error, you may be able to change that data-value on the clients so it doesn't upload that data again.
6) Be sure to turn OFF the troubleshooting option once your done. If you leave the option on for weeks, it will eventually fill up your disk with already-processed logs.
7) Delete all *.bak files from your Inbox\AgentInfo folder (there will be a lot of them, you may want to use a DOS prompt: del *.bak).
8) Improve the quality of the SEP product by opening a Support case and explaining the issue along with the evidence of the defect. This is a SEP bug.
To enable the Troubleshooting option in SEPM do the following:
1) Open tomcat/etc/conf.properties file found in the SEPM install directory.
2) Find/add the following lines:
scm.log.loglevel=FINEST
scm.log.troubleshoot=/inbox/agentinfo
3) Save the conf.properties file.
4) Restart SEPM.
NOTE: Enabling debug mode greately increases the size of temp logs written on the disk. It's fine for a few weeks -- but you do want to eventually turn it off as it reduces overall performance and does use a lot of disk space for logging.
To disable debug mode:
1) Open tomcat/etc/conf.properties file found in the SEPM install directory.
2) Remove the scm.log.troubleshoot= line completely.
3) Put the scm.log.loglevel line back to INFO
4) Save the conf.properties file.
5) Stop SEPM.
6) Delete all the files under tomcat\logs
5) Start SEPM.
6) Delete all the *.bak files under inbox\AgentInfo
Just for completeness, the full troubleshooting line is:
scm.log.troubleshoot=/inbox/agentinfo;/inbox/enflog/client;/inbox/enflog/enforcer; \
/inbox/enflog/system;/inbox/enflog/traffic;/inbox/enforcerinfo;/inbox/learnedapp/apps; \
/inbox/learnedapp/computerapp;/inbox/log/behavior;/inbox/log/client;/inbox/log/lansensor; \
/inbox/log/packets;/inbox/log/security;/inbox/log/system;/inbox/log/tex/AvMan; \
/inbox/log/tex/legacy;/inbox/log/tex/LUMan;/inbox/log/traffic
with no breaks in it. But in your case, you only need the agentinfo line.
I hope that solves you issue. I would be interested in seeing you post a copy of one of your bad AgentInfo files.
Again, the issue is generally minor and can be ignored (although it means one of your clients is failing to update their status). But if need/want to fix it, that's how you do it.