I'm going to be putting a Host Integrity policy in place but the wanted me to test it first. Therefore I moved my machine to a group by itself, assigned it a liveupdate policy whose server would not resolve. I then went to remove my definition but after running smc -stop I could not completely delete the definition folder. Then when i went to the registryand when down to hklm/software/symantec/shared defs none of the keys that needed to have their value removed were present.
So I went and restarted smc. I got the warning that the host failed the HI check and when I went into the client management security logs saw that it did download the file from our internal liveupdate server but result was fail. I'm just digging around trying to figure out why it failed. Is it because the definitions are damaged instead of missing? Is there another command that needs to process first? Any direction would be appreciated.
Just noticed at the end of the below error it says user delayed remediation but I didn't so I'm not sure.
Actual error:
Requirement name: "Week Old Antivirus Definitions".
--- Start checking requirement conditions ---.
Rule type: Antivirus enforcement.
Condition: Antivirus is running.
Result is pass.
Condition was checking "Symantec Endpoint Protection".
Condition: Antivirus signature file is up to date.
Result is fail.
Condition was checking "Symantec Endpoint Protection".
Error: file not found.
[Details: Invalid signature date. Probably software is not installed or is running an update]
Processing remediation actions.
Condition: File download complete.
Condition was checking "http://SSEPLUPP014001.msnyuhealth.org:7070/clu-test".
Result is fail.
Error: user postponed remediation.
[Details: 10/15/2015 10:50:21]
Requirement name: "Week Old Antivirus Definitions".
Result is fail.