Endpoint Protection

I'm running SEPM 11.0.4202.75 on four systems. Three of the four systems are fine but one refuses to update the antivirus definitions. When I run Download LiveUpdate Contrent by hand, the log reports:

Antivirus and antispyware definitions Win32 11.0 MicroDefsB.CurDefs failed to update.
...
Antivirus and antispyware definitions Win64 11.0 MicroDefsB.CurDefs failed to update.

I can update the definitions manually by downloading the jdb file and putting it into the incoming folder.

When I look at the SesmLu.log file, I see the following reported on the system that does not update:

INFO(Low) sesmVirDef64 DefaultDefUtilsContentHandler: CDefUtils::PreMicroDefUpdateInternal() - current bGetDataSuccess: failure.

INFO(Low) sesmVirDef64 DefaultDefUtilsContentHandler: CDefUtils::SetMicroDefLastUpdateValue(false, DU_BINARY) - start.

INFO(Low) sesmVirDef64 DefaultDefUtilsContentHandler: CDefUtils::SetMicroDefLastUpdateValue() - returning success.

INFO(Low) sesmVirDef64 DefaultDefUtilsContentHandler: CDefUtils::PreMicroDefUpdateInternal() - Either bGetDataSuccess or bBinResult is false, save the err value.

INFO(Low) sesmVirDef64 DefaultDefUtilsContentHandler: CDefUtils::PreMicroDefUpdateInternal (HubDir:C:\PROGRA~3\Symantec\DEFINI~1\SymcData\SESMVI~1\tmp3ddb.tmp, DirectDir: C:\PROGRA~3\Symantec\DEFINI~1\SymcData\SESMVI~1\tmp1bad.tmp, Version: MicroDefsB.Error, HubIsOk: false) - returning DU_S_OK

...

INFO(Med) sesmVirDef64 SesmLu: PreProcessing... finished. Result: -2144731115

Any ideas?
 

If this machine has internet connectivity try going to Start>> run >> and type LUALL and hit enter. In case its an issue with only AV/AS definitions try downloading it from  http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce  and run the executable. Its possible that the previous definitions are corrupt

Looks like this is Windows 2008...?  Is it 32 and 64 bit defs that fail to download, or just 32?  I don't have a Windows 2008 box at my disposal to verify the paths, and most of our documentation has the XP/2003 file paths.

ETA: I just saw that all of the info from the log you sent has to do with 64 bit defs.  Adjust the following accordingly.

1- Try emptying this folder; are you using LiveUpdate Administrator, too?
C:\Program Data\Symantec\LiveUpdate\Downloads

2- Make sure the following folder exists:
C:\Program Data\Symantec\Definitions\SymcData\sesmvirdef32
(there should also be a sesmvirdef64 folder there too)

The LiveUpdate log may also have some information (C:\Program Data\Symantec\LiveUpdate\log.liveupdate). 

Thanks,
sandra

Delete the contents of  C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads

Delete all numbered folders under :

C:\Program Files\Common Files\Symantec Shared\SymcData\sesmvirdef32

C:\Program Files\Common Files\Symantec Shared\SymcData\sesmvirdef64

c:\program files\symantec\symantec endpoint protection manager\inetpub\contents\{C60DC234-65F9-4674-94AE-62158EFCA433}

and

c:\program files\symantec\symantec endpoint protection manager\inetpub\contents\{1CD85198-26C6-4bac-8C72-5D34B025DE35}

Run Live update once again and check if the definitions are getting updated.

The SEPM Download LiveUpdate Content command executes LUALL. Running LUALL by hand doesn't seem to make any difference. I'm accessing an internal liveupdate server, the same source of content used by the three servers that update without a problem. I've updated the broken server several times by downloading the definitions, but the next run of LUALL reports the same problem.

Yes, I'm using Win 2008. It is both defs that fail to load. Should I empty the sesmvirdef* folders too?

Before I had a chance to try deleting various folders, I upgraded from v11 RU4 to RU5, and that solved the problem. Perhaps the upgrade cleanded up the prior mess, or perhaps it contains a software patch for this problem.

Thanks for the help.

It could be that the migration up repaired the previous installation.  Whatever the case, glad it's fixed for you!

sandra