Symantec Endpoint Protection (SEP) clients fail to communicate with the Symantec Endpoint Protection Manager (SEPM). When viewing the status in the SEPM under Clients → Tasks → Clients tab → View: Client status, the "Last Update Status" field shows as recent for the impacted clients. However, the SEP clients do not receive policy updates, nor do they upload logs to the SEPM.
From the cve.log on the SEP client:
[2019-Jun-26 12:59:18.194480] [DEBUG] CertificateProvider Begins
[2019-Jun-26 12:59:18.194480] [DEBUG] CertificateProvider: Likely duplicate detected in building cert list.
[2019-Jun-26 12:59:18.194480] [DEBUG] CertificateProvider: Likely duplicate detected in building cert list.
[2019-Jun-26 12:59:18.194480] [DEBUG] CertificateProvider: Likely duplicate detected in building cert list.
[2019-Jun-26 12:59:18.194480] [DEBUG] CertificateProvider: Likely duplicate detected in building cert list.
[2019-Jun-26 12:59:18.194480] [DEBUG] CertificateProvider: Likely duplicate detected in building cert list.
[2019-Jun-26 12:59:18.194480] [DEBUG] CertificateProvider: Likely duplicate detected in building cert list.
[2019-Jun-26 12:59:18.194480] [DEBUG] CertificateProvider Finished
[2019-Jun-26 12:59:19.058754] [ERROR] Verify signature failed.
[2019-Jun-26 12:59:19.058754] [INFO ] Heartbeat failed
[2019-Jun-26 12:59:19.058754] [DEBUG] Heartbeat status: [complete: true] [successful: false]
[2019-Jun-26 12:59:19.059748] [ERROR] Heartbeat failed with error SignatureException
The issue is likely related to an issue with the Sylink.xml file, or certificate on the client.
To resolve the issue, replace the Sylink.xml with a known good copy.
For more information on replacing the Sylink.xml, reference: How do I replace the client-server communications file on the client computer?