Regular out of date IPS definitions alerts for Mac clients generated on SEPM

book

Article ID: 158904

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

The 12.1.4 version of the Symantec Endpoint Protection Manager generates alerts for out of date IPS signatures for 12.1.4 SEP for Mac clients, although there are no newer IPS signatures available.

Cause

 This is caused by enabling the IPS signature out-of-date notification condition alert in the SEPM. This notification is set to a condition of 100 computers with definitions older than 7 days by default. This setting works very well for Windows clients. However, since Mac IPS signatures are released roughly every 15 days, then if the client group associated with this alert contains Mac clients, this alert will trigger incorrectly for the Mac clients.

Resolution

This issue is by-design based on the default setting for the IPS out-of-date notification alert conditions while being used in a mixed-OS client group. Currently, customers can separate their Mac clients into Mac-only groups then add a new out-of-date alert condition to the Mac-only group with an interval greater then the 15 day Mac IPS signature release. A good suggestion would be 20 days to allow for offline Macs to get online and update.