Symantec Endpoint Protection Manager homepage shows "No items to display" in the Security Response box and many "Unknown Exceptions in" errors appear in scm-server-0.log

book

Article ID: 178009

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

The Symantec Endpoint Protection Manager (SEPM) console fails to display Top Threats and Last Threats information in the Security Response box, and shows "No items to display" in the Security Response box.

The scm.server.log shows "Signature verification failed for Security Response outbreak information" and "Unknown Exception in: com.sygate.scm.server.util.securitydata.VirusData". These entries write to the scm-server-0.log every 20-30 minutes.

 
The Server log scm-server-0.log contains the following exception:

2010-03-03 10:09:01.282 SEVERE: com.sygate.scm.server.util.securitydata.ThreatData: Signature verification failed for Security Response outbreak information.
2010-03-03 10:09:01.601 FINE: Test db connection successfully.
2010-03-03 10:09:01.707 INFO: PackageTask.publishGroup(): cmd= "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\bin\sempub.exe" "-group" "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent\D5091EA30A001E6800EF3D7B9C7BFC02" "8E72F4DDCACD92E4604372CEB086861B" "1F6F00F80A001E6A0110D1F9C14A58C3" "58A18E030A001E6A00076DA7D08B1B3C" "8014" "C:\Program Files\Symantec\Symantec Endpoint Protection Manager"
2010-03-03 10:09:02.922 SEVERE: Unknown Exception in: com.sygate.scm.server.util.securitydata.VirusData
java.io.FileNotFoundException: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\temp\indexE.html (The system cannot find the file specified)
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.
(FileInputStream.java:106)
at java.io.FileInputStream.
(FileInputStream.java:66)
at java.io.FileReader.
(FileReader.java:41)
at com.sygate.scm.server.util.securitydata.VirusData.getVirusFromIndex(VirusData.java:138)
at com.sygate.scm.server.task.SecurityDataTask.processVirusCats(SecurityDataTask.java:215)
at com.sygate.scm.server.task.SecurityDataTask.run(SecurityDataTask.java:88)
at java.util.TimerThread.mainLoop(Timer.java:512)
at java.util.TimerThread.run(Timer.java:462)
2010-03-03 10:09:03.013 INFO: PackageTask.publishGroup(): returnCode = 0(Unknown Error Code) errBuf = success
2010-03-03 10:09:03.013 INFO: PackageTask.publishGroup(): success
2010-03-03 10:09:03.894 INFO: PackageTask.publishGroup(): cmd= "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\bin\sempub.exe" "-group" "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent\CD4DB2AB0A001E6801131B5FEEBEB508" "8E72F4DDCACD92E4604372CEB086861B" "1F6F00F80A001E6A0110D1F9C14A58C3" "58A18E030A001E6A00076DA7D08B1B3C" "8014" "C:\Program Files\Symantec\Symantec Endpoint Protection Manager"
2010-03-03 10:09:04.001 SEVERE: Unknown Exception in: com.sygate.scm.server.util.securitydata.VirusData
java.io.FileNotFoundException: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\temp\indexT.html (The system cannot find the file specified)
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.
(FileInputStream.java:106)
at java.io.FileInputStream.
(FileInputStream.java:66)
at java.io.FileReader.
(FileReader.java:41)
at com.sygate.scm.server.util.securitydata.VirusData.getVirusFromIndex(VirusData.java:138)
at com.sygate.scm.server.task.SecurityDataTask.processVirusCats(SecurityDataTask.java:215)
at com.sygate.scm.server.task.SecurityDataTask.run(SecurityDataTask.java:88)
at java.util.TimerThread.mainLoop(Timer.java:512)
at java.util.TimerThread.run(Timer.java:462)
 

catalina.out contains the following exception:

java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:168)

Cause

This issue can happen because there is no internet access or a proxy is not allowing access to the Symantec Security Response website to retrieve the lastest threat information.

Resolution

Ensure access to the internet and the Symantec Security Response website. If the system does not have access to the internet, the "Unknown Exception in:" message continues to be added into the scm.server.log as a normal function.

If you are using a proxy, make sure you change the SEPM configuration from the default setting of Do not use a proxy.

To change the proxy settings for SEPM

  1. Log on to SEPM.
  2. Click Admin > Servers > server name, where server_name is the name of the SEPM server.
  3. Under Tasks, click Edit the server properties, and then click the Proxy Server tab.
  4. Under HTTP Proxy Settings, on the dropdown menu next to Proxy usage, select Use custom proxy settings. Configure the server address and port, and otherwise provide authentication credentials if the proxy server requires them.
  5. If applicable, customize the FTP Proxy Settings. 
  6. When configuration is complete, click OK.

Applies To

Proxy information is believed to be correct and Internet Explorer displays http://securityresponse.symantec.com/avcenter/venc/auto/index/indexE.html, which is the source of the Security Response information.

Attachments