Endpoint Protection

Hi

have a weird problem with our symantec endpoint protection (v 11.0.5002.333)

When a user logs on, the SEP client is not enabled.  The user can open the client and click Fix All and everything will correct itself and enable SEP but need to sort this so it launches correctly

thanks in advance

Simon

can you upgrade the client to latest version and let know if it resolves the issue

Thanks for the reply Pete, sorry but I'm totally new to endpoint, where can I get the latest version from?

:)

upgrade to symantec 12.1 ru2 mp1 :)

The latest version is 12.1 RU3, not RU2 MP1.

You can download from https://fileconnect.symantec.com using your serial number.

Also, check in the SEPM under the AV policy to make sure the lock icons are closed.

Hi, I checked the AV policy and all the locks were open, so have closed those now.  What do they do?

I'm having troubIe finding the serial number at the moment, is there a way of finding it from the server itself?  Thanks

Hello,

How many machines are you facing this issue on??

Are all these clients installed, managed??

In this case, we see, ProActive Threat Protection and Download Insight is Malfunctioning.

Please check if the policies for ProActive Threat Protection (SONAR) and Download Insight are set correctly in SEPM?

It seems this issue is happening only on 1 machine, correct.

In your, case it clearly indicates that the SEP client is not installed properly or the installation is Corrupt.

If we check the SEP clearly, 

Download Insight Failure is caused because Proactive Threat Protection is not working properly, Proactive Threat Protection is not working properly because File System Protection is not working properly. All these Features are Inter-related.

Check this Article: http://www.symantec.com/docs/HOWTO55268

Again, what happens if you move the cursor from 9 to 5 in the Download Insight Policies??

Also to note that the SEP client system must be rebooted after installation to completely activate all components.

Or you may stop the SMC service by the command "smc -stop" followed by starting the service again with "smc -start".

All the Locks on the policies should be locked, so that the policies  could not be changed on SEP client.

In reference to the License, I would also recommend you to Contact the Licensing Department via:

Website: http://symantec.custhelp.com

Phone number: 1-800-721-3934

Email: license@symantec.com

https://licensing.symantec.com/acctmgmt/index.jsp

For Renewals or view details of your Symantec support contracts visit our License Renewal Center.

Hope that helps!!

Hi, apologises for my delay in responding, I was having trouble finding the serial number. 

I finally discovered that SEP had originally been installed by an engineer from one of our other offices and they hadn't left us the number.  I have now got a v12 serial number and installer but I have hit a different issue. 

I am unable to run the installer as windows gives the error "Symantec Endpoint Protection Manager has detected that there are pending system changes that require a reboot".  I have rebooted several times and I also tried deleting the "PendingFileRenameOperations" registry key but no luck.

Any ideas?  The server is a VM, running server 2008 R2 standard SP1, thanks

Mithun - thank you for your response, as I have managed to obtain a newer version I'm going to get that on the server first before trying your suggestions, thank you though in advance

Open regedit

navigate to HKLM\SYSTEM\CurrentControlSet\Control\Session Manager

look for a key called "PendingFileRenameOperations and delete it. Run the installer again.

make sure to take a backup first!

Hi Brian, as per my post, I have already tried this but thanks for your help  :)

You didn't reboot after deleting right?

That was the problem  :)

I was rebooting and the system was recreating the key, have got the installer running now, thanks Brian

That's great. If you reboot after deleting the key, it comes back on reboot.

The trick is to delete than run the installer immediately (no reboot) :)

SEPM is now upgraded to v12, I'm just waiting for it to pick up all the clients again, is there any way to speed this up?

Clients report in based on their heartbeat setting.

So it's a setting on each client?  Which I'm guessing means I need to go to each client if I wanted to get them to report in?

You can set the heartbeat from the SEPM. Clients >> Policies >> Communication Settings

You can force the client to check in by right clicking on SEP icon and selecting Update Policy. For this you would need to go to each client.

They are trickling through, think I'll just leave this overnight and come back to this tomorrow.  Thanks Brian

Glad to help. Check back in to update on status if you can.

Take care,
Brian