So I was having an issue with some of our machines on 12.1 where it was not showing the current sigs in SPC management and causing the big red X.  Noticed that it was a known issue, so I put a couple of our machines on 12.1.2015 (ru2) as that seemed to be the fix.  Unfortunately, is been 24hrs now and those two machines are still showing under the intrusion prevention signature column "not available".  Ive run LiveUpdate on them a couple of times but to no avail.

Hi,

SEP client are updated virus defination ?

You could use the rapid release definitions.

http://www.symantec.com/security_response/definitions/download/detail.jsp?gid=rr

yes all Clients effected have current virus def dec-18-2012-r20

HI,

How many system having Problem ?

Please Provide error SNAP shot ?

What happens when you try Running a Repair of this SEP client from Add / Remove Programs

6 total systems having 'issues' with showing old signatures.  4 of them are on 12.1.1 and the 2 new ones that are showing "not available" are on 12.1.2015+

I ran LU yesterday and today on all the machines.

I have done a repair, no change to the problem.

HI

Try this,

How to clear out definitions for a Symantec Endpoint Protection 12.1 client manually

are the other module of SEP updated?

are these machines communicating with SEPM?

did you run symhelp tool? it will give you information if virus definition is corrupted.

Im currently completeing the manual clearing of definitions and its gathering the new defs via LU right now.

All other modules of SEP were fine, besides the Intrusion Prevention Signatures on the machines listed in the above post.

All machines are indeed communicating with SEPM

have not yet run symhelp.  Finishing this step 1st.

cleared all old defs, ran LU, everything updated.  Manager console still showing "not available" under Intrusion Protection signatures.

where specifically can I see the folder for those signatures?

Are the machines themselves out of date or is it just not reflecting properly in the SEPM?

What OS are you using?

For XP, IPS defs are in:

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Definitions\IPSDefs

nope. one of these machines (win7) worked fine on 12.0, it failed after 12.1 and now also on 12.1.2

checked c:\programdata\syamtec\symantec endpoint protection\12.1.2015.2015.105\data\definitions\ipsdefs on this machine just now and it shows a 20121218.011 folder that was created 12/19 that it just got from LU.  SEP Manager still shows "not available" for this machine IPS

the other machine is a fresh install win8.

So it looks like the client has the correct defs, this seems to be more of a cosmetic issue...

Cosmetic maybe, but the big red X showing daily on the console is sure making my boss look at me sideways.

Have you deleted the SEP client from SEPM and let it check back in?

Hello,

Could you delete the client enteries from the groups and let the clients re-register them in the SEPM.

OR

1. Ensure both IPS and Advanced Download Protection are uninstalled from the client to stop sending data on IPS definitions.
2. Force the client to generate a new hardware ID using the RepairClonedImage tool: http://www.symantec.com/docs/TECH163349
3. Delete the old client entry once the new entry appears.

Hope that helps!!

yup

Mithun.

I have deleted the client entry from the console and let it re-register twice now. no change. Again, the other PC is a brand new win8 machine with a fresh install exibiting the same behavior.  The :"not available" is a direct product of 12.1.2015 it seems.  The other issues with the 12.1 machines not showing (but being) updated is its own issue.

I do not follow on the "or" section #1.  not sure how to do that.  No need for #2, as I do not image our machines here, they are all standalone installs.

Anyone else??

clients are set to take the updates from Manager or from Liveupdate?

in the home tab, if you click on more details option ( top right) whats the level set for IPS defs failures?

Clients get info from Live Update

no such "more details" in the upper riht of the home tab screen on SEP SBE

the version on the server is still 12.0.1001.95 if that makes a difference.

Hello,

Absolutely yes.

(In should have understood when you wrote: "So I was having an issue with some of our machines on 12.1 where it was not showing the current sigs in SPC management and causing the big red X. ")

I would please request you to Migrate the SPC (Symantec Protection Center) to the Latest Symantec Endpoint Protection Manager 12.1.

You need to Migrate to the Latest version of Symantec Endpoint Protection Manager 12.1 because the definitions are different for this product version.

To understand check the links below:

For Symantec Endpoint Protection 11.x - Symantec Endpoint Protection 12.0 (32 bit)

http://www.symantec.com/security_response/definitions.jsp?pid=sep11_32

For Symantec Endpoint Protection 12.1

http://www.symantec.com/security_response/definitions.jsp?pid=sep12

For Symantec Endpoint Protection 12.1 RU2

http://www.symantec.com/security_response/definitions.jsp?pid=sep1212

Hope that helps!!

well, 12.0 manager worked with the other 12.1 clients....and I havent read anything that said it wouldnt.  But ill go ahead and get around to upgrading the mgr then. Thanks

Hello,

I would suggest you to also follow the Article below when Migrating - 

Best practices for upgrading to Symantec Endpoint Protection 12.1.2

http://www.symantec.com/docs/TECH163700

Hope that helps!!