SAVCE 9.0 AMS not working

[LawnBoy]

I have a parent server, W2Kserver sp4, SAVCE 9.0.0.338, and I'm trying to send Message Box alerts from AMS. The Test function works, but a real virus doesn't trigger the alert.

Following doc ID 2004021111250348, all services listed are running on server EXCEPT the Symantec Antivirus service is running, not the Symantec Antivirus Server service (nor is SAS even available).

When I drop a copy of the eicar test string on my desktop, my local AV catches it and displays local notification, but the event never shows up in the AMS log. In fact, the only events that show in the log are from legacy 7.5 clients (which will be eliminated soon). None of the 80-odd 9.0 clients ever log anything to AMS.

Can somebody buy me a clue?

 

[Stiddy]

did you configure that AMS properties for every group that you have?



HTH - Stiddy

 

[LawnBoy]

Only have 1 group and yes. The test function works.

 

[oggywan]

I recall that there was a problem with AMS in 9.0.0.338. Uninstall AMS, and replace it with a later version...

AMS install can be found in CD1\Rollout\AVServer\AMS2\WINNT

Let me ask you this though. AMS solely depends on log forwarding:

- client forwards log to parent
- parent forwards log to primary (or not, if parent is the primary)

Have you confirmed if the virus alerts generated by your clients are actually showing up in the virus history on both the parent and primary server? If there are no logs from non-legacy clients there, then you will not receive AMS alerts period.

But I recall having tons of problems with AMS with the shipping build 9.0.0.338. Upgrading is your best shot IMO.

 

[LawnBoy]

My parent is primary. Checked the logs as you suggested and the 9.0 clients are not reporting scans or alerts, only the 7.5 clients just like in the AMS log. Everything shows up in the SSC though.

I'll check into a newer build, thanks.