Endpoint Protection

 View Only

  • 1.  Settings changes to Retention Logs revert back after PC reboot

    Posted Aug 21, 2017 05:56 PM

    So I have a weird one.

    One of my client's offices is using managed clients of SEP 12.

    When you click View Logs in the SEP interface of the client version, two of the users PCs only show logs from the past 14 days.

    The PC accounts that these two users use are admin accounts.

    If you click Change Settings in the SEP interface, they can manually change the Log Retention period, but it reverts back to 14 days after a PC reboot.

    The other users are showing logs from the past year.

    The PC accounts that these other users use are non-admin accounts.

    They cannot click Change Settings in the SEP interface, that function has been locked by the administrator.

    On the SEP management server, the policy settings for log retention is 14 days.

    I changed the policy settings on SEPM to be 365 days for log retention, but if this doesn't work for keeping logs in the interface past 14 days, I am out of ideas.

    I know the lifetime logs can still be found in the SEP installation folder, but my users use the Export Logs function to send the scan logs to their IT security team in their overseas headquarters.

    Any suggestions?



  • 2.  RE: Settings changes to Retention Logs revert back after PC reboot

    Posted Aug 21, 2017 09:46 PM

    Sounds like a bug in the version they're running. Have you checked fix notes for newer versions to see if this was addressed in a newer release?

    http://www.symantec.com/docs/TECH163829



  • 3.  RE: Settings changes to Retention Logs revert back after PC reboot

    Posted Aug 21, 2017 10:31 PM

    I'm not sure what version of 12.1.6 they are running but I can check.  Would 12.1 auto-update to RU8 through LiveUpdate?

    The weird thing is for the users with non-admin accounts, if you log in and check SEP logs, you can view a years worth of logs.

    Then if you log in with local or network admin account onto that same PC, you can only view 14 days worth of logs.



  • 4.  RE: Settings changes to Retention Logs revert back after PC reboot

    Posted Aug 22, 2017 03:36 PM

    Yeah I just confirmed that the logs are still on 14 day retention in the SEP client interface, even after updating the SEPM policy settings to be 365 days.

    I am out of ideas :T



  • 5.  RE: Settings changes to Retention Logs revert back after PC reboot

    Posted Aug 22, 2017 03:42 PM

    You can upgrade to MP8 to see if that fixes it. It will need to be a manual upgrade though and is not something that comes down from LiveUpdate.

    Or maybe a quick call to support will confim it's a known issue/bug.



  • 6.  RE: Settings changes to Retention Logs revert back after PC reboot

    Posted Aug 22, 2017 04:32 PM

    I can download the MP8 installer and apply the sylink, but if I wanted to create a deployment package from SEPM, would I also have to do a manual installation of RU8 SEPM?



  • 7.  RE: Settings changes to Retention Logs revert back after PC reboot

    Posted Aug 22, 2017 04:34 PM

    You can just import the latest package into the older SEPM:

    http://www.symantec.com/docs/TECH122824