Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

SEP Security Status reportes dekleted client

Posted on 2011-02-28
13
Medium Priority
?
1,084 Views
Last Modified: 2013-12-09
I have SEP management console installed on a server and the Security Status is "attention needed" because of one Client reporting "Intrusion Prevention Signature Failure". The issue is that this client (server) has been shut down and removed without uninstalling the SEP Client. What I did is that I have removed the Client from the management console, but the report still shows the security status RED and points to the same client.
Autorefresh is set to 15 minutes, restart of the console did not help either.

Any ideas?
0
Comment
Question by:haldoxp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +2
13 Comments
 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 35002283
Did you tried CleanClients command from a web browser on the SEPM:

http://127.0.0.1:9090/servlet/ConsoleServlet?ActionType=ConfigServer&action=CleanClients

Sudeep
0
 
LVL 3

Author Comment

by:haldoxp
ID: 35005687
An output i get from this one:
  <?xml version="1.0" encoding="UTF-8" ?>
  <Response ResponseCode="0" />
0
 
LVL 3

Author Comment

by:haldoxp
ID: 35024800
Well obviously this did not help, any other suggestions?
0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 35032551
Since how many days are passed the client has been removed? The offline clients are purged from the console after 15 days if I am not wrong. If it has not been 15 days you would need to wait till then.

Sudeep
0
 
LVL 20

Accepted Solution

by:
jimmymcp02 earned 1000 total points
ID: 35041519
What version of sep are you using? there is a bug in sep11 mr5 that causes the status tracker not to track risk correctly see


http://www.symantec.com/business/support/index?page=content&id=TECH103087

look up fix id 1947676
0
 
LVL 3

Author Comment

by:haldoxp
ID: 35055508
@Sudeep: it is more than 15 days since I deleted the client.

@Jimmy: The Version is 10.0.4202.75
0
 
LVL 20

Expert Comment

by:jimmymcp02
ID: 35083986
There is no symantec end point 10.0.4202

Are you sure we are talking about the same product?    It looks like you might be using Sep11 MR4 have you tried restarting the server and clearing the status page?

You are using an older version the currecnt version is sep11mu6 mp2
0
 
LVL 3

Author Comment

by:haldoxp
ID: 35107356
Sorry my bad it is 11.0.4202.75 of course

I tried to restart the server and run CleanCLients command

how exactly should I clear the status page?
0
 
LVL 12

Assisted Solution

by:jmlamb
jmlamb earned 1000 total points
ID: 35214779
Hi haldoxp,

jimmymcp02 has provided the solution for you. The issue you're having is due to a defect and there is no workaround for it. Below are the corresponding fixes related to this.

Symantec Endpoint Protection Manager Home page "Attention needed" details do not match client properties
Fix ID: 2009806
Symptom: On the Symantec Endpoint Protection Manager home page, "More Details, IPS Failures" does not match client properties.
Solution: A SQL query for IPS Failures was updated to that Symantec Endpoint Protection Manager shows the latest IPS version.

Symantec Endpoint Protection Manager Home Page "Security Status . Attention Needed" lists old data in details
Fix ID: 1745613
Symptom: Symantec Endpoint Protection ManagerHomePage "Security Status . Attention Needed" lists old data in details.
Solution: The algorithm to create the hardware key was changed such that the hardware key should not change with minor hardware changes, such as disabling of NICs.

You'll need to upgrade to Release Update 6 Maintenance Patch 1 (RU6 MP1) or later. RU6 MP3 is currently available.
0
 
LVL 38

Expert Comment

by:younghv
ID: 35455429
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line. I thought I’d share my experience with you. Why is it useful to be able to update an Antivirus from the command line?…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question