Clean Access 4.1.3.1 and Symantec SEP11 virus def. issue

mgloomis123 · ‎05-28-2009

Today (May 28, 2009) until ~2pm EST, Clean Access was reporting that Virus Definitions are out of date and putting users into the temporary role to remediate. The Clean Access agent reports showed the correct information and that the virus definitions installed on the PCs were from today. The reports from the Clean Access manager also show the correct information. We currently have a 30 day AV signature window set, so there's no way that was a problem.

The issue resolved itself, literally. But we are looking for an explanation. We never rebooted, or failed over to our secondarys either (for the CAM or CAS). Nothing changed...

The only action on my part was to disable the Symantec signature checks this morning, and then re-enable them to test at ~2pm and everything works once again. Nothing abnormal in the logs, other than it showing that users were being placed in the temporary role for not meeting virus def. requirements.

Any help? Don't really want to place a TAC call for this one.

Thanks,

-=Mike G.

carenas123 · ‎06-03-2009

I think If your definition files (or DATs) are out of date. Find the date of your virus definitions were created on. If this date is more than a day old it is likely there is a more current update available.

We do not check for the daily updates because daily updates are typically done manually - i.e. if someone relies on their Symantec AV client to do the autoupdate, it will pick up the weekly updates only. Btw, this is similar to what Symantec had before with their LiveUpdate" and "IntelligentUpdate". Intelligent updates were typically done manually. Anyways, the short of it is that our rules are correct as of a few minutes ago.