Hello everyone. This is going to be a long one, so I will try and be as brief as possible.
First, here's some background:
We have Symantec Endpoint Manager, and clients with version 14.
We've migrated from 12.1. (some older PCs that run Windows XP still have 12.1.7 due to OS limits).
I work in IT, and I manage all of this. We have about 70 PCs and Servers linked up to the manager.
The clients have been saying they're definitions are failing (components are malfunctioning) at random.
Usually, the manager shows it's the Download Insight. Sometimes, the Tamper Protection. Sometimes, SONAR. Sometimes all. But the clients will always show them all malfunctioning if you went to the PC.
We've had our Symantec Manager migrated from a physical server, to a new VMWare virtual server while it was at version 12.1.
After that, I noticed a lot of clients started saying they were "Out of date". The reason was because of these failing definitions. Brand new computers that we would install it on would start saying this. It was not just our PCs we've had no problems with.
Long story short, I've put in 2 tickets to Symantec support, clean wiped and reinstalled Symantec numerous times on many of the clients (including via push in the manager), played with the policy settings to try and eliminate it being a network problem (getting updates from the manager). I've even clean installed the SEPM onto another separate VMWare server, updated communication with all of the clients, pushed version 14 to as many clients as possible (not including Windows XP machines). I still have clients saying they are "Malfunctioning". I've even tried installing clients without the Download Protection component. Either other components malfunction, or they say that the Download Protection defs are out of date (because it's not updating because it's not installed). This all took place over 2 months.
I put in a third ticket to Symantec seeing if they have something like their SymTool.exe that can clean the definitions remotely. It seems to help, but some computers will still show malfunctioning after rebooting. Even then, I can't clear the manually, because I have not been able to get around Symantec's folder security. Since I have no other solution yet, this is all I can do. The last thing the tech told me was to go around to the PCs and do "smc -stop", "smc -start". There's no way in h*** that I'm going around to all of the computers to stop/start the Symantec services to fix the malfunctioning components each time they mess up. Which, may or may not solve my problem, because it seems that the problem returns after a reboot. I've enabled Group Providers to further eliminate any network problems.
I've come to the forums to see if anyone has had this issue, and if they've tried anything that may have helped.
I'm at my wits end. I don't know if it's something installed in Windows like updates, web browsers, a service/process. It could possibly be that Symantec has memory problems, or some kind of bug. I know there's many posts about people having this problem, but after a lot of Googling, it seems there's not a permanent solution.
If anyone has any tools to clean defs, or any insight on how I can isolate any network issue with SEPM, or know of any programs/services interfering with SEP, or just any firewall rules that I need to add (even though Symantec should be compensating for it's on communications), it would be great. If anyone would like information on some of the things I've done, I would be glad to share that also.
Thank you for your help, and thanks for taking time to read this.