Intrusion Prevention System (IPS) definitions download but the update does not register in the Symantec Endpoint Protection Manager (SEPM) or the Symantec Endpoint Protection (SEP) 12.1.1000 client.
All evidence of Sylink.log and client logs show that definitions are being downloaded from the SEPM server correctly to:
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs
The SEPM version information and the SEP client GUI do not reflect that these definitions are installed.
When IPS content update happens, the IPS driver starts using the new content, but the old IPS content is still registered by DefUtils.
This issue has been fixed in Symantec Endpoint Protection 12 Release Update 2 (RU2). For information on how to obtain the latest build of Symantec Endpoint Protection, read TECH 103088: Obtaining an upgrade or update for Symantec Endpoint Protection or Symantec Network Access Control
Symantec Endpoint Protection 12.1
Did this article resolve your issue?
Did this article save you the trouble of contacting technical support?
How can we make this article more helpful?
Email Address (Optional)
Login to Subscribe
Please login to set up your subscription.
Get support for your product, with downloads, knowledge base articles, documentation, and more.
Maximize your product competency and validate technical knowledge to gain the most benefit from your IT investments.
Submit a suspected infected file to Symantec.
Report a suspected erroneous detection (false positive).
Create and manage cases, manage licensing and renewals, submit threats, and enroll with Symantec Rewards.
Customer and Technical Support phone numbers and hours of operation.
User-to-user forums, blogs, videos, and other community resources on Symantec Connect.
Set default language
Do you wish to save this as your future site?