Endpoint Protection

 View Only

  • 1.  SEP Clients showing wrong virus definition dates

    Posted Oct 10, 2017 04:16 PM
      |   view attached

    Everything I've searched for on this site seems to be 4+ years old and doesn't seem to work so I'm making a new post. We started getting reports last week of 50+ of our 200+ clients being out of date. When I log onto the clients to and run live update, the definitions all show current from the clients themselves. I tried deleting the cache (the agentinfo folder) on the SEPM side and rebooting the services and it brought up the same results. So far it looks like reinstalling the client "may" have worked, but I'm looking for a simpler solution first than having to touch each individual machine.

    SEPM version is 12.1.6 build 7266 and we pushed the latest client, 12.1.7266.6800 through SCCM in June. SEPM is showing clients having definitions of around the end of September.

    Attached is a debug log I ran on one of the clients.

     

     

    Attachment(s)

    txt
    debug.txt   10 KB 1 version


  • 2.  RE: SEP Clients showing wrong virus definition dates

    Posted Oct 10, 2017 05:10 PM

    What about SymDiag, can you run it and see what additional info/errors that it may show?



  • 3.  RE: SEP Clients showing wrong virus definition dates

    Posted Oct 10, 2017 05:47 PM
      |   view attached

    Here's what it exported.

    Attachment(s)

    zip
    [LT-CNU420CDDJ]__2017-10-10__14-19-20__f0d30a.zip   2.53 MB 1 version


  • 4.  RE: SEP Clients showing wrong virus definition dates

    Posted Oct 10, 2017 06:03 PM

    Nothing relevant in it.

    How long did you let sylink logging run? I don't see much in it either. Did it run through a couple heartbeat attempts?

    Advanced logging can be enabled and logs uploaded to support as well. You'd have to open a case first.