I am trying to find some information on how to interpret the NISLOG.TXT file.
From what I understand, if everything is working "OK", then you should find the NIS signatures are OFF. However, when I look at the NISLOG files on our clients, there are currently approx. 100 active signatures, which have been active for a number of months. I am trying to ascertain what patches - if any - need applying to the clients to fix the issues so that the NIS signatures turn off.
Note that I also find it hard to believe that our windows clients are missing so many patches. SCCM 2012 is configured to deploy updates on a regular basis and the compliance rate for the last updates is over 90%.
I am thinking that NIS may not be working properly, as the NISLOG does not seem to have any information regarding KB updates that other post I can find suggest it should have ... below is a sample of one of the NISLOG files, showing the last 5 signatures that are ON, plus the summary information. Any help to interpret this and advise if this is correct or if we have an issue would be great! Many thanks.
[08/25/15-08:46:18] [On ] Sig {59a97b9d-b9f4-49d2-8e07-f6aab66e3d05} Other:Win/YahooClick.HTTP.HTTP!NIS-0000-0000 -
[08/25/15-08:46:18] [On ] Sig {f60d9da0-2863-49c5-98ee-672cd92df19a} Other:Win/YahooImp.HTTP.HTTP!NIS-0000-0000 -
[08/25/15-08:46:18] [On ] Sig {14e0ea00-37fe-4109-bd78-1cef72adf272} Other:Win/SimplifiCollect.HTTP.HTTP!NIS-0000-0000 -
[08/25/15-08:46:18] [On ] Sig {5b419168-2f04-4346-8bbd-cc673b6a4797} Other:Win/SimplifiImp.HTTP.HTTP!NIS-0000-0000 -
[08/25/15-08:46:18] [On ] Sig {30ec694c-88fe-4c8f-a3de-c53d971fcfb9} Other:Win/SimplifiClk.HTTP.HTTP!NIS-0000-0000 -
[08/25/15-08:46:18] --Signature list end--
[08/25/15-08:46:18] Signatures: Total: 100; Enabled: 100
[08/25/15-08:46:18] Active signature breakdown: BM: 100; ZeroDay-Block: 0; ZeroDay-Detect: 0; ZeroDay-Detect-Inline: 0
[08/25/15-08:46:18] New engine version=2.1.11804.0; New signature version=115.3.0.0
[08/25/15-08:46:18] Successfully loaded new definitions, Any signature active (0/1): ZeroDay=0, BM=1
[08/25/15-08:46:18] At least one signature is active
[08/25/15-08:46:18] Connecting to the driver
[08/25/15-08:46:18] NumberOfCompletionPortThreads: 1, NubmerOfInspectionThreads: 12
[08/25/15-08:46:18] Load Definitions completed successfully.