Clean Access 18.104.22.168 and Symantec SEP11 virus def. issue
Today (May 28, 2009) until ~2pm EST, Clean Access was reporting that Virus Definitions are out of date and putting users into the temporary role to remediate. The Clean Access agent reports showed the correct information and that the virus definitions installed on the PCs were from today. The reports from the Clean Access manager also show the correct information. We currently have a 30 day AV signature window set, so there's no way that was a problem.
The issue resolved itself, literally. But we are looking for an explanation. We never rebooted, or failed over to our secondarys either (for the CAM or CAS). Nothing changed...
The only action on my part was to disable the Symantec signature checks this morning, and then re-enable them to test at ~2pm and everything works once again. Nothing abnormal in the logs, other than it showing that users were being placed in the temporary role for not meeting virus def. requirements.
Any help? Don't really want to place a TAC call for this one.
Re: Clean Access 22.214.171.124 and Symantec SEP11 virus def. issue
I think If your definition files (or DATs) are out of date. Find the date of your virus definitions were created on. If this date is more than a day old it is likely there is a more current update available.
We do not check for the daily updates because daily updates are typically done manually - i.e. if someone relies on their Symantec AV client to do the autoupdate, it will pick up the weekly updates only. Btw, this is similar to what Symantec had before with their LiveUpdate" and "IntelligentUpdate". Intelligent updates were typically done manually. Anyways, the short of it is that our rules are correct as of a few minutes ago.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...