Why SEPM is not showing info about virus definitions in use and time of last scan run on SEP Clients?
Symptoms - SEPM shows in client grous, with "Protection Technology" view, under "Virus definitions" column ="Not reporting status".
- Symantec Endpoint Protection client (SEP-Client) is not sending info about virus definition and last scan to Symantec Endpoint Protection Manager (SEPM). You can see in sylink logging that many info are not posted from SEP-Client to SEPM (see "Reference" section) and "<RTVScanRunning>0</RTVScanRunning>".
- You can see the following code snippet in the resulting debug.log when the Symantec Management Client is restarted:
This issue can be caused having a Group Policy Object applied to the computer clients that affects the Symantec Endpoint Protection or Symantec Antivirus services.
Remove the portion of the Group Policy Object that applies a start type or permissions to the Symantec Endpoint Protection or Symantec Antivirus services.
How to show current GPO's applied to services:
Start -> Run -> "rsop.msc"
On the left hand side, follow the tree: Computer Configuration -> Windows Settings -> Security Settings -> System Services
On the right hand side, find "Symantec Endpoint Protection" The "Startup" and "Permission" columns need to be blank. If they are not, the GPO applying this policy will be listed under the column "Source GPO"
On the Domain Controller side, where this GPO is configured, it might list "Symantec Antivirus" instead of "Symantec Endpoint Protection." Either one will apply to SEP because both services have the same real name as each other, only the display name is different.
Sylink Logs from issued SEP-client and working SEP-client:
SEP Clients are not sending AVMAN infos about virus-defs in use, last-scan, etc.etc. during process <mfn_PostAgentInfo>: