I noticed that the Bigfix fixlets for antivirus definitions and the Endpoint protection Dashboards incorrectly say clients have out of date definitions. In fact, all the clients in question have newer definitions than Bigfix is deploying (bigfix fixlets seem to be a day or so behind all the time). I think you need to fix the relevance for the fixlets and the dashboards to not show out of date when they have defs newer than Bigfix knows about. I’m using Symantec Endpoint Protection 11 (some clients) and 12 (most clients)
Thanks for your reporting. But we are unable to reproduce the error in our environment. Can I know whether the error you mentioned applies all the clients or only part of them? and whether both SEP 11 and SEP 12 or both x86 and x64 versions are not reporting correctly?
Thanks for the response. Right now at 9:00 AM on the 24th of Oct it is showing 211 clients on the dashboard pie chart as having old definitions. (75% of the clients). 37 clients show as fine (Clicking on the yellow section that represents the “out of date” clients, the majority (95%+) checked in within the last 5 minutes. Those clients have 23 Oct 2011 Rev 5 definitions which is correct. The Fixlet that installs defs says the date is 23 Oct 2011 (which is current) and it says all those systems need those defs. Most of the ones showing as ok are 64 BIT systems but there are many 64bit systems in the “outdated” chart. We are using SEP 12.1.671 which is when this started. Some clients are still running SEP 11 (less than 10%) which represent the clients that are ok. It looks like that the clients that have SEP 12.1 are the ones having issues. Whatever fixlit language that looks for definitions dates is probably having issues on 12.1 clients (32bit and 64bit). Just recently you fixed the language that recognizes SEP 12.1 clients as having an antivirus client installed but I think the definition language is still not functioning.
Thanks for your information. After investigation, we noticed this issue is probably caused by upgrading old SEP to current SEP 12. I believe those clients with SEP 12.1 had SEP 11 or older versions installed previously in your deployment.
We have modified the contents of the fixlets to address the issue and they are included in the latest version of CMEP site (version is 2120). Please check whether the new contents resolve the issue and let us know the result. Thanks.
Well, I can see immediate improvement. Current defs are now showing for 70% of my systems, which represents all the online ones. So it looks like the chanages you made to the fixlets solved the issue. Thanks again