SEPM12.1 – Security Virtual Appliance Unknown Status

Leave a reply

I have recently deployed Symantec EndPoint Protection in our my environment.  Great product, unfortunately can be a little tricky to configure sometimes.

For the purposes of this post, I’m assuming you have installed and configured the following:

  • vShield Manager
  • Security Virtual Appliance on each Esxi host, SVA must be installed on each host hosting virtual machines using a vShield-enabled Shared Insight Cache.
  • Symantec EndPoint Protection Manager
  • Symantec EndPoint Protection Client

Once all of the above is installed and configured, you may find you are getting a “Unknown Status” in the Security Virtual Appliance column of the Client table in Symantec EndPoint Protection Manager.

SEPM-clients-view

This is because you haven’t installed the VMware EPSEC 2.0 Driver for vShield.  You can check this by running the following in command on the Guest OS of the affected VM.

Open Command Prompt with elevated privileges,  type “fltmc” and hit enter… This will display a set of filter names.  Make sure the filter “SymEPSecFLt” is present on that list.  If not, the driver is not installed.

fltmc

There are a bunch of different methods to install the driver…

Method1:

  1. Right-click on the VM > Guest > Install / Upgrade VMware Tools > Interactive Tools Upgrade.
  2. Console on the VM and start the installation from the mounted image.
  3. Choose Modify.
  4. From the feature list, expand the VMCI Driver and add the “vShield Drivers“.
  5. Click Next, then Change.
  6. Wait for the installation to complete.
  7. Once the installation is complete the SEP installed on the Guest OS should be checking in with the SVA of the host it’s hosted on and the SEPM.

Method2:

This method is useful if you are installing the driver in multiple virtual machines with Windows guest operating systems.

  1. Right-click on the VM > Guest > Install / Upgrade VMware Tools > Automatic Tools Upgrade.
  2. Paste the following parameters in the Advanced Options,
    /S /v “/qn REBOOT=R ADDLOCAL=ALL REMOVE=Hgfs,WYSE”
  3. Click OK and wait for the installation to complete.
  4. Reboot VM or VMs at a convenient time (unfortunately suppressing the reboot, doesn’t replace it).
  5. Once the reboot is complete the SEP installed on the Guest OS should be checking in with the SVA of the host it’s hosted on and the SEPM.

Here are some great blogs on how to deploy Symantec End Protection with vShield-enabled Shared Insight Cache.  You can find some very detailed procedures on how to deploy vShield, Security Virtual Appliance and EndPoint Protection manager.

https://www.interworks.com/blogs/ijahanshahi/2014/08/06/how-deploy-ova-ovf-template-using-vmware-vsphere-desktop-client
http://thinkingloudoncloud.com/2013/06/symantec-endpoint-protection-integration-vmware-horizon-view-part1/

Post Views: 4,207

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.