Hello all , I have created few HI polcies to check . I need to know do I also need SEP 12.1.5 for endpoints ? or HI policies will also work on SEP 12.1.4 or earlier version agents. Thanks

Any 1 ????

Yes it's working on earlier version agents,You can check in test group.

Attachment(s)

Getting_Started_SNAC12.1.5.pdf   507 KB 1 version

if the SNAC is not enabled in the endpoint UI then the policies wont trigger ?

I have a SEP 12.1.4 endpoint on which HI policies are not triggering.

Regards,

See Chetan comment

After doing an upgrade to RU5 Host Integrity policy will be added under default policies but it won't be assign to any group by default. Ground location count show '0'.

If you assign Host Integrity policy to any group you may have to reboot the client to take necessary updates.

https://www-secure.symantec.com/connect/forums/sep-1215-does-not-update-nac-definitions#comment-10591341

The problem is, the HI license requirement was removed in 12.1.5. Prior to that, a separate license was required.

Do they policies fire on 12.1.5 clients? If so, it looks like this only works on 12.1.5 clients due to the change that was made.

Hello I have observed a strange thing when applying HI policies to a group in SEPM 12.1.5 the console simply hangs. so I'd to close it forcefully via taks manager. Why is it hanging ?

Regards

Please Check Java heap setting

James be value set it default. Should I increase it ? if yes then how much . Regards

You can SET as per articles

Set the following four registry values:
HKLM\System\CurrentControlSet\Services\semsrv\Parameters\
JVM Option Number 0=-Xms1024m
JVM Option Number 1=-Xmx1024m
JVM Option Number 2=-XX:MinHeapFreeRatio=40
JVM Option Number 3=-XX:MaxHeapFreeRatio=70

Tuning the Performance of the Symantec Endpoint Protection Manager console

You should enable FINEST debugging before you start making changes that may or may not fix the issue.

Outrageous,

It will NOT work, see here:

Older versions of SNAC is not manageable with Symantec Endpoint Protection 12.1.5

Thanks for your reply Brian its very helpful

Happy to help, as always sir.

Thanks for your reply Jeshrel its very informative no exisiting SEP 12.1.4/1.3 clients do not have any existing SNAC polcies in place nor SNAC was being used previously.

SEP is a weird alien it's hard to predict what it does are it is going to do cause most of the time the documentation is just the opposite of whats happens. Sorry to spoil the thread.

The documentation stated that it aint possible but i just moved client from 18 SEPM server and huge chunk of about 20000+ clients of which non on them where in version 12.1.5 always where below 12.1.4 majority in 12.1.2. I was able to use HI policy and move all of them to just one server.

I did face issue with one server  and the issue can be seen in the follwoing thread

https://www-secure.symantec.com/connect/forums/sep-1215-does-not-update-nac-definitions

@Outrageous - For your question will SEP 12.1.5 Server be able to update HI policy to 12.1.4 or below client yes as per my experience and as per a tech in SEP support but if you have existing SNAC policy in place and if your gonna upgarde from 12.1.4 or older to 12.1.5, then its advisiable to contact support to find out what can be done.

~Edit~  

Your welcome..:)