Intrusion Prevention System (IPS) definitions download but the update does not register in the Symantec Endpoint Protection Manager (SEPM) or the Symantec Endpoint Protection (SEP) 12.1.1000 client.
All evidence of Sylink.log and client logs show that definitions are being downloaded from the SEPM server correctly to:
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs
The SEPM version information and the SEP client GUI do not reflect that these definitions are installed.
When IPS content update happens, the IPS driver starts using the new content, but the old IPS content is still registered by DefUtils.
This issue has been fixed in Symantec Endpoint Protection 12 Release Update 2 (RU2). For information on how to obtain the latest build of Symantec Endpoint Protection, read TECH 103088: Obtaining an upgrade or update for Symantec Endpoint Protection or Symantec Network Access Control
Symantec Endpoint Protection 12.1
Login to Subscribe
Please login to set up your subscription.
Get support for your product, with downloads, knowledge base articles, documentation, and more.
Maximize your product competency and validate technical knowledge to gain the most benefit from your IT investments.
Submit a suspected infected file to Symantec.
Report a suspected erroneous detection (false positive).
Set default language
Do you wish to save this as your future site?