Endpoint Protection

 View Only

  • 1.  Issues with live update for Endpoint Protection

    Posted Feb 19, 2012 09:28 AM

    Hi

    I have had some problems with the LiveUpdate for Endpoint Protection. It is installed as a standalone version. Basically it just never finds any updates and definitions keeps getting older and older. I just did a maual update of the definitions as they were almost 2 months old and Windows 7 started complaining.

    I am using Endpoint protection 12.1 and have LiveUpdate 3.3 installed. I tried following this guide:
    http://www.symantec.com/connect/articles/troubleshooting-liveupdate-issues-symantec-endpoint-protection

    I have connectivety. Running luall.exe doesn't give any errors. The LiveUpdate log says the following:

    19-02-2012, 14:17:01 GMT -> LuComServer version: 3.3.0.96
    19-02-2012, 14:17:01 GMT -> LiveUpdate Language: English
    19-02-2012, 14:17:01 GMT -> LuComServer Sequence Number: 20091211
    19-02-2012, 14:17:01 GMT -> OS: Windows 7 Home Premium Edition, Service Pack: 1, Major: 6, Minor: 1, Build: 7601 (64-bit)
    19-02-2012, 14:17:01 GMT -> System Language:[0x0406], User Language:[0x0406]
    19-02-2012, 14:17:01 GMT -> IE 7 Support
    19-02-2012, 14:17:01 GMT -> ComCtl32 version: 6.16
    19-02-2012, 14:17:01 GMT -> Loading C:\ProgramData\Symantec\LiveUpdate\Product.Inventory.LiveUpdate
    19-02-2012, 14:17:01 GMT -> Only the LiveUpdate command lines were registered in the Product.Inventory.LiveUpdate file.
    19-02-2012, 14:17:01 GMT -> Failed to load C:\ProgramData\Symantec\LiveUpdate\Product.Inventory.LiveUpdate.
    19-02-2012, 14:17:01 GMT -> Opened the product inventory at "C:\ProgramData\Symantec\LiveUpdate\Product.Inventory.LiveUpdate".
    19-02-2012, 14:17:01 GMT -> Combined Product Inventory Flags 0, Permanent Flags 0, Permanent Flags Filter 0
    19-02-2012, 14:17:01 GMT -> LiveUpdate flag value for this run is 0
    19-02-2012, 14:17:01 GMT -> ProductRegCom/luGroup(PID=5980/TID=7040): Successfully created an instance of an luGroup object!
    19-02-2012, 14:17:01 GMT -> ProductRegCom/luGroup(PID=5980/TID=7040): Path for calling process executable is C:\Program Files (x86)\Symantec\LiveUpdate\LUALL.EXE.
    19-02-2012, 14:17:01 GMT -> ProductRegCom/luGroup(PID=5980/TID=7040): Destroyed luGroup object.
    19-02-2012, 14:17:01 GMT -> Scanning the following file for potentially malicious host entries: C:\Windows\system32\Drivers\etc\hosts
    19-02-2012, 14:17:01 GMT -> Scanning the following file for potentially malicious host entries: C:\Windows\system32\Drivers\etc\lmhosts.sam
    19-02-2012, 14:17:01 GMT -> LiveUpdate did not find any malicious host entries in any hosts files.
    19-02-2012, 14:17:01 GMT -> **** Starting an Express Mode LiveUpdate Session ****
    19-02-2012, 14:17:01 GMT -> User Type: Limited.
    19-02-2012, 14:17:25 GMT -> ***********************        Start of New LU Session        ***********************
    19-02-2012, 14:17:25 GMT -> EVENT - SESSION START EVENT - The LiveUpdate session is running in Express Mode.
    19-02-2012, 14:17:25 GMT -> Check for updates to:  Product: LiveUpdate, Version: 3.3.0.96, Language: English.  Mini-TRI file name: liveupdate_3.3.0.96_english_livetri.zip
    19-02-2012, 14:17:25 GMT -> Progress Update: TRYING_HOST: HostName: "liveupdate.symantecliveupdate.com" URL: "http://liveupdate.symantecliveupdate.com" HostNumber: 0
    19-02-2012, 14:17:25 GMT -> Progress Update: TRIFILE_DOWNLOAD_START: Number of TRI files: 0    Downloading LiveUpdate catalog file
    19-02-2012, 14:17:25 GMT -> LiveUpdate will download the first Mini-TRI file, liveupdate_3.3.0.96_english_livetri.zip
    19-02-2012, 14:17:25 GMT -> Progress Update: DOWNLOAD_BATCH_START: Files to download: 1, Estimated total size: 0
    19-02-2012, 14:17:25 GMT -> Progress Update: PRE_CONNECT: Proxy: "(not-available)" Agent: "Symantec LiveUpdate" AccessType: 0x0       
    19-02-2012, 14:17:26 GMT -> Progress Update: CONNECTED: Proxy: "(not-available)" Agent: "moDa5W9fJ2b/78rMpD4qXIabbiEXQRBTwAAAAA" AccessType: 0x0       
    19-02-2012, 14:17:26 GMT -> Progress Update: DOWNLOAD_FILE_START: URL: "http://liveupdate.symantecliveupdate.com/liveupdate_3.3.0.96_english_livetri.zip", Estimated Size: 0, Destination Folder: "C:\ProgramData\Symantec\LiveUpdate\Downloads"
    19-02-2012, 14:17:26 GMT -> Unable to find the property 'PREFERENCES\MAX_LIVETRI_SIZE' in settings file; using default: 1048576.
    19-02-2012, 14:17:37 GMT -> HttpSendRequest (status 404): Request failed - File does not exist on the server.
    19-02-2012, 14:17:37 GMT -> Progress Update: DOWNLOAD_FILE_FINISH: - NOTE - URL: "http://liveupdate.symantecliveupdate.com/liveupdate_3.3.0.96_english_livetri.zip", Full Download Path: "C:\ProgramData\Symantec\LiveUpdate\Downloads\liveupdate_3.3.0.96_english_livetri.zip" HR: 0x802A0026
    19-02-2012, 14:17:37 GMT -> HR 0x802A0026 DECODE: E_HTTP_NOT_FOUND
    19-02-2012, 14:17:37 GMT -> Progress Update: DOWNLOAD_BATCH_FINISH: HR: 0x0       , Num Successful: 0
    19-02-2012, 14:17:37 GMT -> LiveUpdate will check for Mini-TRI file support on the server since the first Mini-TRI file was not available (liveupdate_3.3.0.96_english_livetri.zip).
    19-02-2012, 14:17:37 GMT -> Progress Update: DOWNLOAD_BATCH_START: Files to download: 1, Estimated total size: 0
    19-02-2012, 14:17:37 GMT -> Progress Update: DOWNLOAD_FILE_START: URL: "http://liveupdate.symantecliveupdate.com/minitri.flg", Estimated Size: 0, Destination Folder: "C:\ProgramData\Symantec\LiveUpdate\Downloads"
    19-02-2012, 14:17:37 GMT -> HttpSendRequest (status 200): Request succeeded
    19-02-2012, 14:17:37 GMT -> Download complete: Original estimated file size: 1; Actual bytes downloaded: 1
    19-02-2012, 14:17:37 GMT -> Progress Update: DOWNLOAD_FILE_FINISH: URL: "http://liveupdate.symantecliveupdate.com/minitri.flg", Full Download Path: "C:\ProgramData\Symantec\LiveUpdate\Downloads\minitri.flg" HR: 0x0       
    19-02-2012, 14:17:37 GMT -> Progress Update: DOWNLOAD_BATCH_FINISH: HR: 0x0       , Num Successful: 1
    19-02-2012, 14:17:37 GMT -> Progress Update: HOST_SELECTED: Host IP: "63.80.138.24" URL: "http://liveupdate.symantecliveupdate.com" HostNumber: 0
    19-02-2012, 14:17:37 GMT -> Attempting to load SymCrypt...
    19-02-2012, 14:17:37 GMT -> SymCrypt.dll does not exist.
    19-02-2012, 14:17:37 GMT -> EVENT - SERVER SELECTION SUCCESSFUL EVENT - LiveUpdate connected to server liveupdate.symantecliveupdate.com at path  via a HTTP connection. The server connection connected with a return code of 200, Successfully download TRI file
    19-02-2012, 14:17:37 GMT -> LiveUpdate is connected to a server with Mini-TRI file support.  LiveUpdate will download and process the remaining Mini-TRI files.
    19-02-2012, 14:17:37 GMT -> Check for updates to:  Product: Automatic LiveUpdate, Version: 3.3.0.96, Language: English.  Mini-TRI file name: automatic$20liveupdate_3.3.0.96_english_livetri.zip
    19-02-2012, 14:17:37 GMT -> Progress Update: TRIFILE_DOWNLOAD_END: Number of TRI files: "0"
    19-02-2012, 14:17:37 GMT -> Progress Update: TRIFILE_DOWNLOAD_START: Number of TRI files: 1    Downloading Mini-TRI files
    19-02-2012, 14:17:37 GMT -> Progress Update: DOWNLOAD_BATCH_START: Files to download: 1, Estimated total size: 0
    19-02-2012, 14:17:37 GMT -> Progress Update: DOWNLOAD_FILE_START: URL: "http://liveupdate.symantecliveupdate.com/automatic$20liveupdate_3.3.0.96_english_livetri.zip", Estimated Size: 0, Destination Folder: "C:\ProgramData\Symantec\LiveUpdate\Downloads"
    19-02-2012, 14:17:38 GMT -> HttpSendRequest (status 404): Request failed - File does not exist on the server.
    19-02-2012, 14:17:38 GMT -> Progress Update: DOWNLOAD_FILE_FINISH: - NOTE - URL: "http://liveupdate.symantecliveupdate.com/automatic$20liveupdate_3.3.0.96_english_livetri.zip", Full Download Path: "C:\ProgramData\Symantec\LiveUpdate\Downloads\automatic$20liveupdate_3.3.0.96_english_livetri.zip" HR: 0x802A0026
    19-02-2012, 14:17:38 GMT -> HR 0x802A0026 DECODE: E_HTTP_NOT_FOUND
    19-02-2012, 14:17:38 GMT -> Progress Update: DOWNLOAD_BATCH_FINISH: HR: 0x0       , Num Successful: 0
    19-02-2012, 14:17:38 GMT -> Progress Update: TRIFILE_DOWNLOAD_END: Number of TRI files: "0"
    19-02-2012, 14:17:38 GMT -> ********* Finished Finding Available Updates *********

    19-02-2012, 14:17:38 GMT -> LiveUpdate did not find any new updates for the given products.
    19-02-2012, 14:17:38 GMT -> EVENT - SESSION END SUCCESSFUL EVENT - The LiveUpdate session ran in Express Mode. LiveUpdate found 0 updates available, of which 0 were installed and 0 failed to install.  The LiveUpdate session exited with a return code of 100, LiveUpdate ran successfully.  There are no new updates to your products.
    19-02-2012, 14:17:38 GMT -> Unable to find the property 'PREFERENCES\MAX_PACKAGE_SIZE' in settings file; using default: 734003200.
    19-02-2012, 14:17:38 GMT -> ProductRegCom/luGroup(PID=5980/TID=7040): Successfully created an instance of an luGroup object!
    19-02-2012, 14:17:38 GMT -> ProductRegCom/luGroup(PID=5980/TID=7040): Path for calling process executable is C:\Program Files (x86)\Symantec\LiveUpdate\LUALL.EXE.
    19-02-2012, 14:17:38 GMT -> ProductRegCom/luGroup(PID=5980/TID=7040): Destroyed luGroup object.
    19-02-2012, 14:21:11 GMT -> Only the LiveUpdate command lines were registered in the Product.Inventory.LiveUpdate file.
    19-02-2012, 14:21:11 GMT -> Integrity check of the newly saved product inventory failed with error code=0x802A0044.

    I have tried reinstalling Endpoint Protection. That doesn't fin the problem either. I am unable to solve this myself. Does anyone have some good ideas?

    Kind Regards,



  • 2.  RE: Issues with live update for Endpoint Protection

    Posted Feb 19, 2012 10:01 AM

    The first thing I notice in this log is the 404 http error code when attempting to download a tri file from http://liveupdate.symantec.com. Can you ping this server from the affected machine? Is there a webfilter or firewall that could be getting in the way? 

     



  • 3.  RE: Issues with live update for Endpoint Protection

    Posted Feb 19, 2012 10:18 AM

    Hi

    Windows Firewall is disabled and controlled by Endpoint Protection. I can both ping and access the server. Tried downloading the file it meantions (http://liveupdate.symantecliveupdate.com/liveupdate_3.3.0.96_english_livetri.zip) which actually gives a 404 error. Followed the below guides aswell:http://www.symantec.com/business/support/index?page=content&id=TECH102059&locale=en_US

    No issues there. There shouldn't by any filters or proxys. I only have Endpoint Protection installed.

    Kind regards



  • 4.  RE: Issues with live update for Endpoint Protection

    Posted Feb 19, 2012 11:33 AM

    I found the following document that makes reference to a later version of live update. (http://www.symantec.com/docs/TECH171060 

    You are running 3.3.096 and this document recommends 3.3.1.23 for SEP 12.1. Could you verify the version of live update that was included with your original product download? If that is showing 3.3.1.23 then I wouldn't suspect that this is the problem. 

    Are you manually updating the definitions through the product interface or using intelligent updater? 



  • 5.  RE: Issues with live update for Endpoint Protection

    Posted Feb 19, 2012 01:50 PM

    I mistyped the version on that previous post. You would want to verify the version and if it shows that your product download came with 3.3.096 then that should work fine. If your download came with a newer Live Update version than you might consider installing the newer version. 

    This issue can also come up when an unmanaged client package is created with Logs, Policies and Communications settings from a group that restricts Live Update from communicating with Symantec servers. If you installed from a package that was pushed from your Manager, you might try reinstalling with the package from the original product download or with a package that was created with out such Live Update restrictions. 



  • 6.  RE: Issues with live update for Endpoint Protection

    Posted Feb 19, 2012 02:00 PM

    The LiveUpdate version that came with the product is 3.3.1.19. Full version of the product is 12.1.601.4699. Uninstalled the old LiveUpdate version and installed the version that came with the product. Edited the Endpoint Protection install (repair) to register it with LiveUpdate. Still no luck sadly. The install has not been pushed by SEPM. It has been a unmanaged install from the beginning.

    Earlier I update the definitions with the intelligent updater. no log just says this:

    ////////////////////////////////////////////////////////////////////////////////
    ////////////////////////////////////////////////////////////////////////////////
    // Start LuComServer
    ////////////////////////////////////////////////////////////////////////////////
    ////////////////////////////////////////////////////////////////////////////////
    19-02-2012, 18:50:26 GMT -> LuComServer version: 3.3.1.19
    19-02-2012, 18:50:26 GMT -> LiveUpdate Language: English
    19-02-2012, 18:50:26 GMT -> LuComServer Sequence Number: 20110328
    19-02-2012, 18:50:26 GMT -> OS: Windows 7 Home Premium Edition, Service Pack: 1, Major: 6, Minor: 1, Build: 7601 (64-bit)
    19-02-2012, 18:50:26 GMT -> System Language:[0x0406], User Language:[0x0406]
    19-02-2012, 18:50:26 GMT -> IE9 support.
    19-02-2012, 18:50:26 GMT -> ComCtl32 version: 6.16
    19-02-2012, 18:50:26 GMT -> Loading C:\ProgramData\Symantec\LiveUpdate\Product.Inventory.LiveUpdate
    19-02-2012, 18:50:26 GMT -> Only the LiveUpdate command lines were registered in the Product.Inventory.LiveUpdate file.
    19-02-2012, 18:50:26 GMT -> Failed to load C:\ProgramData\Symantec\LiveUpdate\Product.Inventory.LiveUpdate.
    19-02-2012, 18:50:26 GMT -> Opened the product inventory at "C:\ProgramData\Symantec\LiveUpdate\Product.Inventory.LiveUpdate".
    19-02-2012, 18:50:26 GMT -> Combined Product Inventory Flags 0, Permanent Flags 0, Permanent Flags Filter 0
    19-02-2012, 18:50:26 GMT -> LiveUpdate flag value for this run is 0
    ////////////////////////////////////////////////////////////////////////////////
    ////////////////////////////////////////////////////////////////////////////////
    // End LuComServer
    ////////////////////////////////////////////////////////////////////////////////
    ////////////////////////////////////////////////////////////////////////////////



  • 7.  RE: Issues with live update for Endpoint Protection

    Posted Mar 07, 2012 04:29 AM

    Hi Dimshushi,

    Please disable all windows firewall in windows7.

    1. Public.

    2. Domain

    3. Windows.



  • 8.  RE: Issues with live update for Endpoint Protection

    Posted Apr 18, 2012 03:34 PM

    Hi,

    Please disable window firewall when running the liveupdate.

    Disable public. private & domain firewall.

    Disable UAC account from control panel



  • 9.  RE: Issues with live update for Endpoint Protection

    Posted Apr 19, 2012 05:30 AM

    Hi Dimsushi,

    > The LiveUpdate version that came with the product is 3.3.1.19. Full version of the product is 12.1.601.4699.

    That looks like an old beta version of the product.  Here's the build numbers for the official supported releases:

    • SEP 12.1 RTM (build 12.1.671.4971)
    • SEP 12.1 RU1 (build 12.1.1000.157)

    Only the SEPM uses the Windows LiveUpdate client (and its version must be 3.3.1.23).  The SEP client uses a different tool called LUE.  Clicking "LiveUpdate" from teh SEP 12.1 GUI will launch that.    It's 100% correct that Windows LiveUpdate on a SEP client will find nothing.  &: )

    The Log.LiveUpdate file is missing or out of date on a Symantec Endpoint Protection 12.1 client
    Article: TECH168602   |  Created: 2011-08-31   |  Updated: 2012-03-02   | 
    Article URL http://www.symantec.com/docs/TECH168602 
     

    Hope this helps!



  • 10.  RE: Issues with live update for Endpoint Protection

    Posted Apr 19, 2012 06:39 AM

    Hi

    Upgrade to letest SEPM release.

    SEPM 12.1 RU1

    Thanks