The Symantec Endpoint Protection Manager (SEPM) is updated with most of the latest virus definitions and distributes them to its clients, except for the SONAR definitions.
There are no error messages, but to see if definitions have updated on the manager, open the SEPM console and navigate to Admin - Servers - Local Site. Select Show LiveUpdate Downloads to see the SONAR revision currently available on the SEPM.
1. Change the Communication Mode from Push to Pull.
Open the SEPM console and in the Clients section (Computers section on small business edition), choose My Company or a client group that doesn't inherit policies from My Company.
On the right side of the console go to the Policies tab.
On the far right, click on Communications Settings.
If the Download is set to Push mode, change it to Pull mode.
Set the heartbeat interval to something appropriate for the size of the network, which could be from 15 minutes to a few hours.
2. Roll back the SONAR definitions to an older set.
In the Policies section of the manager, highlight LiveUpdate.
Select the LiveUpdate content tab, and edit the LiveUpdate Content policy.
Under Security Definitions, use the radio button under SONAR heuristic signatures to Select a revision.
Use the edit button to select an older revision for SONAR Heuristics engine 12.1 than is currently in use.
Make sure that the policy is assigned to all groups and that they update with the policy.
The policy serial number has the date and time of the last change and that can be seen in Monitors - Logs - Computer Status, or in the Client Status view in the client group.
3. Reboot the server with the Symantec Endpoint Protection Manager.
4. Verify that the clients roll back their SONAR definitions to the chosen set.
5. After the manager has updated its SONAR definitions, set clients to get their definitions normally.
Edit the LiveUpdate Content Policy again, and set the SONAR heuristic signatures to Use latest available.
Clients should update to the new SONAR definitions when they heartbeat to the manager.
Windows Server 2008 R2.
SEPM: v 12.1
Imported Document ID: TECH178125
Subscribing will provide email updates when this Article is updated. Login is required.