SONAR definitions display out-of-date within the Endpoint Protection Manager after upgrade
search cancel

SONAR definitions display out-of-date within the Endpoint Protection Manager after upgrade

book

Article ID: 232586

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

SONAR definitions display out-of-date within the Endpoint Protection Manager after an upgrade. Locally clients show SONAR as up to date.

Environment

Release: 14.3 RU2, RU3, and RU4

 

Cause

Endpoint Protection Manager displays the oldest SONAR sequence numbers/entries instead of the latest

Resolution

This issue is fixed in Symantec Endpoint Protection (SEP) 14.3.5.0 (RU5). For information on how to obtain the latest build of SEP, see Download Symantec software, tools, and patches.

To workaround the issue:

1. Take a backup of the database
2. Open SQL Server Management Studio and execute the following query against the SEPM database.

UPDATE SC1
SET DELETED = 1
FROM 
                SEM_CONTENT SC1 WITH (NOLOCK)
                INNER JOIN PATTERN P1 WITH (NOLOCK) ON SC1.PATTERN_IDX = P1.PATTERN_IDX,
                SEM_CONTENT SC2 WITH (NOLOCK)
                INNER JOIN PATTERN P2 WITH (NOLOCK) ON SC2.PATTERN_IDX = P2.PATTERN_IDX
WHERE 
                P1.PATTERN_TYPE = 'BASH_CONTENT' AND
                P2.PATTERN_TYPE = 'BASH_CONTENT' AND
                SC1.AGENT_ID = SC2.AGENT_ID AND
                SC1.SEQUENCE < SC2.SEQUENCE AND
                SC1.DELETED = 0 AND
                SC2.DELETED = 0 AND
                P1.DELETED = 0 AND
                P2.DELETED = 0

The query corrects the issue for clients that are upgraded and have already checked in.

Additional Information

ESCRT-8985

Powered by Wolken Software