Endpoint Protection

Hello everyone,

just upgraded to SEPM build 7401 and i have a situation, not a problem, but something that is bugging me, as of this SEPM 7401 build.
Previous version of my SEPM was 5427, but as of this 7401, it keeps sending email alerts regarding the Poor Health Status of the site.
I don't understand why Symantec decided to add this into their latest build, but the Health Status is now checking for:

- The database has low available space
DB has enough diskspace

- A management server on the site has low memory, low disk space, or is overloaded.
The management server has enough memory, diskspace.

- A management server on the site does not have Symantec Endpoint Protection installed.
THIS is why the Health Status keeps sending emails.
Because on my SEPM servers there's another AV solution, which cannot be replaced with SEP.

In the previous SEPM version, this kind of checks weren't done, the Health Status was sending emails ONLY if the SEPM servers were down, or if there was no connectivity towards the SQL server.

But as of 7401 it checks also if the SEPM server has SEP on it.

Does anyone knows if this can be changed ?

I had to disable the SEPM sending me Health Status emails, but i don't want that.
I need to have the option ON so that i may know if my SEPM servers are down or the connectivity towards SQL srv is down.

Can somebody assist here ?

Thx

Have you opened a case with Support as of yet?

------------------------------
John Owens
Strategic Support Engineer | Symantec Endpoint Security Division (SES)
Broadcom Software
------------------------------

Original Message:
Sent: May 11, 2022 06:27 AM
From: Calin Olariu
Subject: SEPM 14.3.7401.4000 - Constantly sending Health Status emails due to SEP missing on SEPM server

Hello everyone,

just upgraded to SEPM build 7401 and i have a situation, not a problem, but something that is bugging me, as of this SEPM 7401 build.
Previous version of my SEPM was 5427, but as of this 7401, it keeps sending email alerts regarding the Poor Health Status of the site.
I don't understand why Symantec decided to add this into their latest build, but the Health Status is now checking for:

- The database has low available space
DB has enough diskspace

- A management server on the site has low memory, low disk space, or is overloaded.
The management server has enough memory, diskspace.

- A management server on the site does not have Symantec Endpoint Protection installed.
THIS is why the Health Status keeps sending emails.
Because on my SEPM servers there's another AV solution, which cannot be replaced with SEP.

In the previous SEPM version, this kind of checks weren't done, the Health Status was sending emails ONLY if the SEPM servers were down, or if there was no connectivity towards the SQL server.

But as of 7401 it checks also if the SEPM server has SEP on it.

Does anyone knows if this can be changed ?

I had to disable the SEPM sending me Health Status emails, but i don't want that.
I need to have the option ON so that i may know if my SEPM servers are down or the connectivity towards SQL srv is down.

Can somebody assist here ?

Thx

No, not yet, yesterday i just upgraded and waited 24hrs to see if the alerts keep coming.
At first i thought the messages are coming due to RAM usage, because after the upgrade, due to SEPM components it was still installing and updating stuff in the background and was using 7,4gb out of 8gb, and i thought, ok, it's due to ram, let's wait until the next day to see if anything changes.
But today the alerts kept coming stating:
The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed.

I wanted to ask here first, perhaps somebody encountered this and changed something in some .config file or something, idk...
Should i proceed then with opening a case ?
Original Message:
Sent: May 11, 2022 10:31 AM
From: John Owens
Subject: SEPM 14.3.7401.4000 - Constantly sending Health Status emails due to SEP missing on SEPM server

Have you opened a case with Support as of yet?

------------------------------
John Owens
Strategic Support Engineer | Symantec Endpoint Security Division (SES)
Broadcom Software

Original Message:
Sent: May 11, 2022 06:27 AM
From: Calin Olariu
Subject: SEPM 14.3.7401.4000 - Constantly sending Health Status emails due to SEP missing on SEPM server

Hello everyone,

just upgraded to SEPM build 7401 and i have a situation, not a problem, but something that is bugging me, as of this SEPM 7401 build.
Previous version of my SEPM was 5427, but as of this 7401, it keeps sending email alerts regarding the Poor Health Status of the site.
I don't understand why Symantec decided to add this into their latest build, but the Health Status is now checking for:

- The database has low available space
DB has enough diskspace

- A management server on the site has low memory, low disk space, or is overloaded.
The management server has enough memory, diskspace.

- A management server on the site does not have Symantec Endpoint Protection installed.
THIS is why the Health Status keeps sending emails.
Because on my SEPM servers there's another AV solution, which cannot be replaced with SEP.

In the previous SEPM version, this kind of checks weren't done, the Health Status was sending emails ONLY if the SEPM servers were down, or if there was no connectivity towards the SQL server.

But as of 7401 it checks also if the SEPM server has SEP on it.

Does anyone knows if this can be changed ?

I had to disable the SEPM sending me Health Status emails, but i don't want that.
I need to have the option ON so that i may know if my SEPM servers are down or the connectivity towards SQL srv is down.

Can somebody assist here ?

Thx

I would. I have seen one other report of this so far. Let me know the case number once created.

------------------------------
John Owens
Strategic Support Engineer | Symantec Endpoint Security Division (SES)
Broadcom Software
------------------------------

Original Message:
Sent: May 11, 2022 11:21 AM
From: Calin Olariu
Subject: SEPM 14.3.7401.4000 - Constantly sending Health Status emails due to SEP missing on SEPM server

No, not yet, yesterday i just upgraded and waited 24hrs to see if the alerts keep coming.
At first i thought the messages are coming due to RAM usage, because after the upgrade, due to SEPM components it was still installing and updating stuff in the background and was using 7,4gb out of 8gb, and i thought, ok, it's due to ram, let's wait until the next day to see if anything changes.
But today the alerts kept coming stating:
The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed.

I wanted to ask here first, perhaps somebody encountered this and changed something in some .config file or something, idk...
Should i proceed then with opening a case ?
Original Message:
Sent: May 11, 2022 10:31 AM
From: John Owens
Subject: SEPM 14.3.7401.4000 - Constantly sending Health Status emails due to SEP missing on SEPM server

Have you opened a case with Support as of yet?

------------------------------
John Owens
Strategic Support Engineer | Symantec Endpoint Security Division (SES)
Broadcom Software

Original Message:
Sent: May 11, 2022 06:27 AM
From: Calin Olariu
Subject: SEPM 14.3.7401.4000 - Constantly sending Health Status emails due to SEP missing on SEPM server

Hello everyone,

just upgraded to SEPM build 7401 and i have a situation, not a problem, but something that is bugging me, as of this SEPM 7401 build.
Previous version of my SEPM was 5427, but as of this 7401, it keeps sending email alerts regarding the Poor Health Status of the site.
I don't understand why Symantec decided to add this into their latest build, but the Health Status is now checking for:

- The database has low available space
DB has enough diskspace

- A management server on the site has low memory, low disk space, or is overloaded.
The management server has enough memory, diskspace.

- A management server on the site does not have Symantec Endpoint Protection installed.
THIS is why the Health Status keeps sending emails.
Because on my SEPM servers there's another AV solution, which cannot be replaced with SEP.

In the previous SEPM version, this kind of checks weren't done, the Health Status was sending emails ONLY if the SEPM servers were down, or if there was no connectivity towards the SQL server.

But as of 7401 it checks also if the SEPM server has SEP on it.

Does anyone knows if this can be changed ?

I had to disable the SEPM sending me Health Status emails, but i don't want that.
I need to have the option ON so that i may know if my SEPM servers are down or the connectivity towards SQL srv is down.

Can somebody assist here ?

Thx

I have noticed the exact same behavior.   We are running Version 14.3 RU4 build 7393. 

We also do not have SEP client installed on the SEP Manager as we use a different AV product which can't be changed.

For me, this is a very annoying change, almost to the point where I want to disable the emails for this notification entirely.

I had asked our Technical Account Manager (TAM) back in February if we could somehow change the settings for this and was told NO.

Here is the reply that I got...

The Server Health notification has very few configurable parameters and pulls the data from the Site Status Report, which has no configurable parameters. So it doesn't appear that we can change anything related to the "poor" health status of the SEPM's. The report should still notify you of other status conditions such as low memory or disk space, or large numbers of client failures. You can read more about the Site Status Report at the bottom of this link - https://knowledge.broadcom.com/external/article?legacyId=TECH95538 

Do you have a case opened or case number?

------------------------------
John Owens
Strategic Support Engineer | Symantec Endpoint Security Division (SES)
Broadcom Software
------------------------------

Original Message:
Sent: May 13, 2022 03:28 PM
From: Erik Denkers
Subject: SEPM 14.3.7401.4000 - Constantly sending Health Status emails due to SEP missing on SEPM server

I have noticed the exact same behavior.

We also do not have SEP client installed on the SEP Manager as we use a different AV production which can't be changed.

For me, this is a very annoying change, almost to the point where I want to disable the emails for this notification entirely.

I had asked our TAM if we could somehow change the settings for this and was told NO.
Original Message:
Sent: May 11, 2022 06:27 AM
From: Calin Olariu
Subject: SEPM 14.3.7401.4000 - Constantly sending Health Status emails due to SEP missing on SEPM server

Hello everyone,

just upgraded to SEPM build 7401 and i have a situation, not a problem, but something that is bugging me, as of this SEPM 7401 build.
Previous version of my SEPM was 5427, but as of this 7401, it keeps sending email alerts regarding the Poor Health Status of the site.
I don't understand why Symantec decided to add this into their latest build, but the Health Status is now checking for:

- The database has low available space
DB has enough diskspace

- A management server on the site has low memory, low disk space, or is overloaded.
The management server has enough memory, diskspace.

- A management server on the site does not have Symantec Endpoint Protection installed.
THIS is why the Health Status keeps sending emails.
Because on my SEPM servers there's another AV solution, which cannot be replaced with SEP.

In the previous SEPM version, this kind of checks weren't done, the Health Status was sending emails ONLY if the SEPM servers were down, or if there was no connectivity towards the SQL server.

But as of 7401 it checks also if the SEPM server has SEP on it.

Does anyone knows if this can be changed ?

I had to disable the SEPM sending me Health Status emails, but i don't want that.
I need to have the option ON so that i may know if my SEPM servers are down or the connectivity towards SQL srv is down.

Can somebody assist here ?

Thx

I have now opened a case on this issue.  The Case ID is 3115995​
Original Message:
Sent: May 13, 2022 03:34 PM
From: John Owens
Subject: SEPM 14.3.7401.4000 - Constantly sending Health Status emails due to SEP missing on SEPM server

Do you have a case opened or case number?

------------------------------
John Owens
Strategic Support Engineer | Symantec Endpoint Security Division (SES)
Broadcom Software

Original Message:
Sent: May 13, 2022 03:28 PM
From: Erik Denkers
Subject: SEPM 14.3.7401.4000 - Constantly sending Health Status emails due to SEP missing on SEPM server

I have noticed the exact same behavior.

We also do not have SEP client installed on the SEP Manager as we use a different AV production which can't be changed.

For me, this is a very annoying change, almost to the point where I want to disable the emails for this notification entirely.

I had asked our TAM if we could somehow change the settings for this and was told NO.
Original Message:
Sent: May 11, 2022 06:27 AM
From: Calin Olariu
Subject: SEPM 14.3.7401.4000 - Constantly sending Health Status emails due to SEP missing on SEPM server

Hello everyone,

just upgraded to SEPM build 7401 and i have a situation, not a problem, but something that is bugging me, as of this SEPM 7401 build.
Previous version of my SEPM was 5427, but as of this 7401, it keeps sending email alerts regarding the Poor Health Status of the site.
I don't understand why Symantec decided to add this into their latest build, but the Health Status is now checking for:

- The database has low available space
DB has enough diskspace

- A management server on the site has low memory, low disk space, or is overloaded.
The management server has enough memory, diskspace.

- A management server on the site does not have Symantec Endpoint Protection installed.
THIS is why the Health Status keeps sending emails.
Because on my SEPM servers there's another AV solution, which cannot be replaced with SEP.

In the previous SEPM version, this kind of checks weren't done, the Health Status was sending emails ONLY if the SEPM servers were down, or if there was no connectivity towards the SQL server.

But as of 7401 it checks also if the SEPM server has SEP on it.

Does anyone knows if this can be changed ?

I had to disable the SEPM sending me Health Status emails, but i don't want that.
I need to have the option ON so that i may know if my SEPM servers are down or the connectivity towards SQL srv is down.

Can somebody assist here ?

Thx

It looks like we are stuck with this notification as is.  The only option is to enable or disable it.

Here is the response from support on my case about this...

At this time in the most current versions the alert is either on or off and not customizable.

To change this I would need to submit a feature request, but as things stand now I doubt that a feature request to customize these alerts would be considered by the development team.

This is because it is not recommended, supported, nor considered best practice to have a third party malware protection on the SEPM. As many protection/failover features will not be in place. One easy example would be the protection of SEPM communication and quarantine rules in the firewall. It is this fact that they likely enabled this alert.

Therefore if the other alerts are a concern I would adjust the priority to looking into the possibility of changing the organizational policy to allow for the change of the SEPM Malware protection to SEP. If you need help or support in pushing for this we will help wherever we can.
Original Message:
Sent: May 13, 2022 04:23 PM
From: Erik Denkers
Subject: SEPM 14.3.7401.4000 - Constantly sending Health Status emails due to SEP missing on SEPM server

I have now opened a case on this issue.  The Case ID is 3115995​
Original Message:
Sent: May 13, 2022 03:34 PM
From: John Owens
Subject: SEPM 14.3.7401.4000 - Constantly sending Health Status emails due to SEP missing on SEPM server

Do you have a case opened or case number?

------------------------------
John Owens
Strategic Support Engineer | Symantec Endpoint Security Division (SES)
Broadcom Software

Original Message:
Sent: May 13, 2022 03:28 PM
From: Erik Denkers
Subject: SEPM 14.3.7401.4000 - Constantly sending Health Status emails due to SEP missing on SEPM server

I have noticed the exact same behavior.

We also do not have SEP client installed on the SEP Manager as we use a different AV production which can't be changed.

For me, this is a very annoying change, almost to the point where I want to disable the emails for this notification entirely.

I had asked our TAM if we could somehow change the settings for this and was told NO.
Original Message:
Sent: May 11, 2022 06:27 AM
From: Calin Olariu
Subject: SEPM 14.3.7401.4000 - Constantly sending Health Status emails due to SEP missing on SEPM server

Hello everyone,

just upgraded to SEPM build 7401 and i have a situation, not a problem, but something that is bugging me, as of this SEPM 7401 build.
Previous version of my SEPM was 5427, but as of this 7401, it keeps sending email alerts regarding the Poor Health Status of the site.
I don't understand why Symantec decided to add this into their latest build, but the Health Status is now checking for:

- The database has low available space
DB has enough diskspace

- A management server on the site has low memory, low disk space, or is overloaded.
The management server has enough memory, diskspace.

- A management server on the site does not have Symantec Endpoint Protection installed.
THIS is why the Health Status keeps sending emails.
Because on my SEPM servers there's another AV solution, which cannot be replaced with SEP.

In the previous SEPM version, this kind of checks weren't done, the Health Status was sending emails ONLY if the SEPM servers were down, or if there was no connectivity towards the SQL server.

But as of 7401 it checks also if the SEPM server has SEP on it.

Does anyone knows if this can be changed ?

I had to disable the SEPM sending me Health Status emails, but i don't want that.
I need to have the option ON so that i may know if my SEPM servers are down or the connectivity towards SQL srv is down.

Can somebody assist here ?

Thx

Since we have Microsoft Exchange and use Outlook for an email client, I have decided to leave the Health Alert notification by email enabled and just created a rule that checked for "The Symantec Endpoint Protection Manager server does not have Symantec Endpoint Protection installed" in the body of the email and then delete the email.

This works for me as I never have to see these notification email alerts that complain about the SEPM not having a SEP client installed.
Original Message:
Sent: May 16, 2022 08:24 AM
From: Erik Denkers
Subject: SEPM 14.3.7401.4000 - Constantly sending Health Status emails due to SEP missing on SEPM server

It looks like we are stuck with this notification as is.  The only option is to enable or disable it.

Here is the response from support on my case about this...

At this time in the most current versions the alert is either on or off and not customizable.

To change this I would need to submit a feature request, but as things stand now I doubt that a feature request to customize these alerts would be considered by the development team.

This is because it is not recommended, supported, nor considered best practice to have a third party malware protection on the SEPM. As many protection/failover features will not be in place. One easy example would be the protection of SEPM communication and quarantine rules in the firewall. It is this fact that they likely enabled this alert.

Therefore if the other alerts are a concern I would adjust the priority to looking into the possibility of changing the organizational policy to allow for the change of the SEPM Malware protection to SEP. If you need help or support in pushing for this we will help wherever we can.
Original Message:
Sent: May 13, 2022 04:23 PM
From: Erik Denkers
Subject: SEPM 14.3.7401.4000 - Constantly sending Health Status emails due to SEP missing on SEPM server

I have now opened a case on this issue.  The Case ID is 3115995​
Original Message:
Sent: May 13, 2022 03:34 PM
From: John Owens
Subject: SEPM 14.3.7401.4000 - Constantly sending Health Status emails due to SEP missing on SEPM server

Do you have a case opened or case number?

------------------------------
John Owens
Strategic Support Engineer | Symantec Endpoint Security Division (SES)
Broadcom Software

Original Message:
Sent: May 13, 2022 03:28 PM
From: Erik Denkers
Subject: SEPM 14.3.7401.4000 - Constantly sending Health Status emails due to SEP missing on SEPM server

I have noticed the exact same behavior.

We also do not have SEP client installed on the SEP Manager as we use a different AV production which can't be changed.

For me, this is a very annoying change, almost to the point where I want to disable the emails for this notification entirely.

I had asked our TAM if we could somehow change the settings for this and was told NO.
Original Message:
Sent: May 11, 2022 06:27 AM
From: Calin Olariu
Subject: SEPM 14.3.7401.4000 - Constantly sending Health Status emails due to SEP missing on SEPM server

Hello everyone,

just upgraded to SEPM build 7401 and i have a situation, not a problem, but something that is bugging me, as of this SEPM 7401 build.
Previous version of my SEPM was 5427, but as of this 7401, it keeps sending email alerts regarding the Poor Health Status of the site.
I don't understand why Symantec decided to add this into their latest build, but the Health Status is now checking for:

- The database has low available space
DB has enough diskspace

- A management server on the site has low memory, low disk space, or is overloaded.
The management server has enough memory, diskspace.

- A management server on the site does not have Symantec Endpoint Protection installed.
THIS is why the Health Status keeps sending emails.
Because on my SEPM servers there's another AV solution, which cannot be replaced with SEP.

In the previous SEPM version, this kind of checks weren't done, the Health Status was sending emails ONLY if the SEPM servers were down, or if there was no connectivity towards the SQL server.

But as of 7401 it checks also if the SEPM server has SEP on it.

Does anyone knows if this can be changed ?

I had to disable the SEPM sending me Health Status emails, but i don't want that.
I need to have the option ON so that i may know if my SEPM servers are down or the connectivity towards SQL srv is down.

Can somebody assist here ?

Thx