The customer has requested that we have this ticket created, to help investigate the reported policy mismatch seen on the Symantec Management Center, for a specific policy/device.

Thank you.

Release: 3.1.4.1

Warning:

If you receive a Mismatch error for a device, it means that the policy is inconsistent: Either the policy was changed in Management Center and not installed to the device with the error, or the policy on the device was changed outside of Management Center.

You can click Compare Policy to determine what has changed.

As a troubleshooting step or as part of a performance evaluation, you might want to identify the changes between an earlier version and a later version of the policy.

• Select Configuration > Policy. From the Policy Objects list, select the policy name. If needed, search for the policy object; see Filter by Attributes and Keyword Search.
• Select the Versions tab.
• Select the versions of policy to compare (press and hold the Ctrl key while selecting the policy versions).
• Click Compare. The system displays the Compare Policy dialog.

CPL Example.

VPM example.

You can diff the source code of the VPM policy. To switch between the Generated CPL and XML views, select the appropriate window.

Note: To view all text changes, including rule index, and timestamp changes, click the Generated CPL (Verbose) tab.

The two policies are displayed side by side; the web console displays the earlier version on the left and the later version on the right.

• • Policy that is highlighted in red exists in the former version and was removed in the later version.
  • Policy that is highlighted in yellow indicates that a line exists in both versions of policy, but there are differences in the line.
  • Policy that is highlighted in green does not exist in the former version and was added in the later version.
  • Policy that is highlighted in white means that the two copies are identical.
• (Optional) To restore an earlier version of the policy, See Restore a Version of Policy.
• Click Close.

Please note that while comparing the policies, it's not possible to edit the policies from the "Compare Policy" interface. The whole idea here is to be able to identify the inconsistencies and then manually update the policy or restore the earlier version, before the change.