Starting with the May 2nd, 2014 virus definitions, the environment I administer has had serious difficulties in updating virus defs in a normal manner. By this I mean, all of the endpoints are checking in within 24 hours but it is taking more than 24 hours for them to update.
Example:
I have ~150,000 endpoints
Today my endpoints are updating to 6-1-2014 rev. 32 (we only update definitions once a day)
At the end of the day when we are going to update to 6-2 definitions, I'll still have 5000 or so endpoints on 6-1 definitions. They will stay on that date for 3 or 4 days slowly updating. On 6-2 I'll have 5000 on 6-1, on 6-3 I'll 4000, on 6-4 I'll have 3000 and so on. The endpoints are updating, they're just not doing it in a timely manner.
Where this gets really bad is the fact that its every definition. So I'll have 5000 on 6-1, 4000 on 5-31, 3000 on 5-30, 2000 on 5-29, 1000 on 5-28. In reality they don't update that quickly so what I end up with is something like 18,000 endpoints that are not within a 3 days of the current defnitions. This is inordanitely high as prior to May, we were looking at about 3000 endpoints out of date regularly.
Any ideas?
Thanks