Endpoint Protection

 View Only

  • 1.  Live update is not working on SEPM

    Posted Jan 04, 2013 03:48 AM

    Hi Team,

    Live update is not working properly in my SEPM 12.1 server.Pls see the Live update status given below.

    Current Virus version is showing as follows;

    Windows Definitions

    Latest from Symantec: 01/03/2013 r19
    Latest on Manager: 12/09/2012 r6

    January 4, 2013 1:59:00 PM IST: No updates found for SONAR Heuristics engine 12.1. [Site: PINSAV02] [Server: PINSAV02]
    January 4, 2013 1:59:00 PM IST: Symantec Endpoint Protection Manager could not update SONAR scan whitelist Win32 11.0. [Site: PINSAV02] [Server: PINSAV02]
    January 4, 2013 1:58:59 PM IST: Symantec Endpoint Protection Manager could not update TruScan proactive threat scan commercial application list Win64 11.0. [Site: PINSAV02] [Server: PINSAV02]
    January 4, 2013 1:58:59 PM IST: No updates found for SEPM LiveUpdate Database 12.1. [Site: PINSAV02] [Server: PINSAV02]
    January 4, 2013 1:58:59 PM IST: No updates found for SONAR scan commercial application engine 11.0. [Site: PINSAV02] [Server: PINSAV02]
    January 4, 2013 1:58:59 PM IST: No updates found for Extended File Attributes and Signatures 12.1 RU2. [Site: PINSAV02] [Server: PINSAV02]
    January 4, 2013 1:58:59 PM IST: Symantec Endpoint Protection Manager could not update Virus and Spyware definitions Win64 12.1. [Site: PINSAV02] [Server: PINSAV02]
    January 4, 2013 1:58:58 PM IST: No updates found for Symantec Endpoint Protection Manager Content Catalog 12.1. [Site: PINSAV02] [Server: PINSAV02]
    January 4, 2013 1:50:37 PM IST: LUALL.EXE has been launched. [Site: PINSAV02] [Server: PINSAV02]
    January 4, 2013 1:50:36 PM IST: Download started. [Site: PINSAV02] [Server: PINSAV02]

     



  • 2.  RE: Live update is not working on SEPM

    Posted Jan 04, 2013 03:55 AM

    HI,

    Can you pass  log.liveupdate logs

     

     

    The SEPM does not update virus definitions. Liveupdate not working on the Symantec Endpoint Protection Manager 12.1

    Article:TECH183178  |  Created: 2012-03-07  |  Updated: 2012-07-03  |  Article URL http://www.symantec.com/docs/TECH183178
     

    https://www-secure.symantec.com/connect/articles/troubleshooting-liveupdate-issues-symantec-endpoint-protection



  • 3.  RE: Live update is not working on SEPM

    Posted Jan 04, 2013 04:12 AM

    Hi,

    Please check with below....

    1) Please check disk space in your SEPM server, I mean free space should be available in which drive your SEPM installed.

    2) Please reboot the system.

    3) Uninstall your live update server and again install the same.

    4) Run luall on the server.

    and then let me know if it will help u.



  • 4.  RE: Live update is not working on SEPM

    Trusted Advisor
    Posted Jan 04, 2013 09:11 AM

    Hello,

    Are you using any proxy on your network??

    Generally speaking, when the SEPM's LU encounters a problem, it will return some sort of error code.  For it to produce "Return code = 0" seems to suggest that the SEPM thinks it ran correctly.

    This is usually down to the SEPM using a proxy to access the Internet, and that proxy (e.g. ISA) is configured to cache web content.  Does this apply to your environment by any chance?  If so, you may want to get test by disabling caching (http://support.microsoft.com/kb/837352)

    I would also suggest you to - 

    1) Restart the server and check if the updates are happening properly.

    2) If already restarted, please Migrate the SEPM to the Latest version of SEP 12.1.2015 (RU2)

    I am sure this would help you.

    3) You could also try these steps in the Article below - 

    TECH171060   How to Uninstall and Reinstall LiveUpdate on SEPM 12.1 (Enterprise Edition or Small Business Edition)

    TECH181305   Windows LiveUpdate Client for Use with Symantec Endpoint Protection Manager 12.1

    Hope that helps!!



  • 5.  RE: Live update is not working on SEPM

    Posted Feb 08, 2013 01:14 PM

    I'd also like to add that to get an unmanaged SEP 12.1.2 client's LiveUpdate to work through our proxy server required a number of whitelist exceptions.  You may only need the LU-related URLs but had my security guys put all the ones listed in the tech article, below, in addition to http://update.symantec.com where LU has been successfully downloading virus defs/content ever since.

    http://www.symantec.com/business/support/index?page=content&id=TECH162286

    Unlike SEP 11.x, it appears the 12.x client tries to get out to the Internet without passing any credentials to the proxy server so naturally it fails without these exclusions.  The default in the client is to use IE's proxy settings but apparently this functionality doesn't work.  A Symantec support engineer told me awhile ago that the resolution was to explicitly set the proxy credentials in the client which only makes sense if the user's password never expires and/or changes.  I suppose you could use a shared account for the proxy credentials although this wouldn't fly with our security guys.