Endpoint Protection

 View Only

  • 1.  Autoprotect Off - Status false positives

    Posted Apr 11, 2011 04:28 AM

    From the SEPM console - 'Status Summary' I see a big number of clients' Autoprotect status as Off. After cross checking I'm finding most of machines appearing in this report are false positives. So I was trying to get the 'true' status of the Clients somehow. I know there is a registry entry associated with this (SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Storages\Filesystem\RealTimeScan > OnOff keyvalue). But this is also not showing the right status, I mean ideally if OnOff = 1, Autoprotect is enabled, but this was not always true from my cross checking of the clients. Do any one have a clue as to how to get the right status of the client. I'm using RU6MP2 version. In many cases it was like this, in the client's system log an error 'warning' is generated "Symantec Endpoint Protection Auto-Protect failed to load." but in the subsequent updated definitions I noticed that this got automatically fixed but it did not leave any clue that things got fixed.



  • 2.  RE: Autoprotect Off - Status false positives
    Best Answer

    Trusted Advisor
    Posted Apr 11, 2011 09:10 AM

    Hello,

    There are multiple causes for this error, but most commonly there could be a problem with the virus definitions failing to load.

    Uninstalling and reinstalling will often resolve the virus definition issue.

    If that is not the case, then please contact Symantec Technical Support for further assistance.

     

    Also, try Migrating to the Latest Version 11.0.6300 (RU6 MP3) and check if that resolves the issue.

     

    Migrating to Symantec Endpoint Protection 11.0.6300 (RU6 MP3)
     
    http://www.symantec.com/business/support/index?page=content&id=TECH155655
     
     
    Why Migrate? Check these: 
     
    Release notes for Endpoint Protection and Network Access Control 11
     
    http://www.symantec.com/business/support/index?page=content&id=TECH103087
     
    About Maintaining Consistency of Software Versions throughout a SEP 11 Organization
     
    http://www.symantec.com/business/support/index?page=content&id=TECH131660
     
     


  • 3.  RE: Autoprotect Off - Status false positives

    Posted Apr 11, 2011 11:38 PM

    Thanks Mithun for the info and lnks. But what I was looking forward was to get some clue to identify the 'real' issue ones.



  • 4.  RE: Autoprotect Off - Status false positives

    Broadcom Employee
    Posted Apr 12, 2011 02:03 AM

    I believe for a moment it would be off, while updating the Autoprotect status would have turned on. DId you check the logs on the client side for any changes?



  • 5.  RE: Autoprotect Off - Status false positives

    Posted Apr 12, 2011 05:10 AM

    "Symantec Endpoint Protection Auto-Protect failed to load" error is on the client logs as i stated earlier just after the "Symantec Endpoint Protection services shutdown was successful." log. Then there is a "Symantec Endpoint Protection services startup was successful" log also. But I never get to see any log pertaining to the Auto-Protect fixed status for those machines where the issue is really fixed.