Endpoint Protection

Guys,

I have a 32 bit poweredge, Win2008 server that has Symantec System Center ver. 6.0 installed on it and it still has an old virus definition file on it.  The clients as well have this same old definition file too.  It shows as 5/2/2011 rev.2.  Doing a definition file update doesn't help.  No error messages.  Neither the server or clients are updating..  clients are set to update from the win08 server as well.

help!!!!!

try this might help

To download an .xdb file from Symantec

1. Go to the xdb folder on the Symantec FTP site.
   You can also find the file from the Symantec Security Response Virus Definitions Download Page.
2. Click the .xdb file with the latest date, and select Save to disk from the dialog box.
3. If the .xdb file downloads with a .zip extension, remove the .zip extension by renaming the file.
   The file name should be similar to the following:
   vd12bc02.xdb

To copy an .xdb file to a Symantec AntiVirus server

• Copy the .xdb file to the Symantec AntiVirus program folder.
  • For NetWare servers, the default location is SYS:SAV.
  • For antivirus servers on Windows computers, the default is C:\Program Files\SAV\ for Symantec AntiVirus 8.x, or C:\Program Files\Symantec AntiVirus for Symantec AntiVirus 9.x.

The location of the folder can vary if you upgraded from a previous version.
For help with this, see the "To find the Symantec AntiVirus program folder" section in the Technical Information section of this document.

To copy an .xdb file to a Symantec AntiVirus client

• Copy the .xdb file to the correct folder, depending on the program version:
  • For clients that run Windows 2003/XP/2000, the default folder is one of the following:
    • C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\
    • C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\
      
      The Application Data folder may be hidden. To show hidden and system folders, read the document How to make Windows show all files.
  • For clients that run Windows 98/Me, the following is the default folder:
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\ or C:\Program Files\Symantec AntiVirus\
  • For clients that run Windows NT 4.0, the following is the default folder:
    C:\WinNT\Profiles\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\

Automatically updating definitions using the .xdb file
Symantec provides a batch file that you can schedule to update the definitions with the latest .xdb file. This batch file automatically downloads and extracts the latest .xdb file from a statically named executable (Navup8.exe), and copies the .xdb file to the appropriate location. For more information, read the document How to automatically update Symantec AntiVirus Corporate Edition definitions without using LiveUpdate

http://www.symantec.com/business/support/index?page=content&id=TECH99867

So does this mean that I will not be able to use liveUpdate to update the virus definition files?

Er... Neither Symantec System Center nor SAV server is supported to run on Windows 2008:

From "System requirements for Symantec AntiVirus 10.1" (http://www.symantec.com/docs/TECH101699):

The only supported SAV product on Windows 2008 is the SAV 10.2 client.

Don't mean to be rain on the parade--the xdb workaround may work and if it does, great--though there's going to be no further development on SAV, so I would definitely consider migrating up to Endpoint Protection (SEP).

sandra

I am sorry it's actually Win2003 R2.. I was thinking of another server we have here :)  So, is this problem fixable so I don't have to use this manual process above.  We have over 400 clients!

The event logs show the following error in LiveUpdate:

Event Type:    Error
Event Source:    LiveUpdate
Event Category:    None
Event ID:    55
Date:        11/27/2011
Time:        10:00:01 PM
User:        NT AUTHORITY\SYSTEM
Computer:    NRMC005
Description:
6001: LiveUpdate failed because the LiveUpdate package is corrupt.  Internal authentication files are not present.

Please run LiveUpdate again.  If the error persists, contact your network administrator or LiveUpdate provider.

????

This is what 6001 is The guard or signature file is missing from the TRI file.
 

https://www-secure.symantec.com/connect/blogs/live-update-number-which-will-help-you-determine-what-exactly-luxxxx-means

Thanks for the clarification.

So did something about your environment change back in May? My suspicion is that, based on '6001: LiveUpdate failed because the LiveUpdate package is corrupt.  Internal authentication files are not present.', is that perhaps a firewall, a proxy or some other gateway appliance or application, was put into place or enabled (or possibly even upgraded) that is scanning and modifying the content received from LiveUpdate.

You mentioned that the SSC is 'version 6'. From what I can find, this translates to Symantec Antivirus 9.x. If this is true and this is the version you are using, let me be frank: you are doing the security of your environment no favours by using a product that old--it can't handle the modern threat landscape, and it's not even supported anymore. Definitions are no longer certified for use with SAV 9.x (emphasis mine):

Symantec Antivirus 9.x will reach its End of Standard Support as of March 31, 2009. Virus definition updates for version 9.x will be discontinued on April 1, 2009. Please contact your account manager or reseller for information about our current shipping versions. (http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce)

sandra

You are correct Sandra.g..  I figured this out yesterday and it is due to the version of AV being outdated.  We will be upgrading to Endpoint 12.1 soon.

Hi

Try this might help.

http://www.symantec.com/business/support/index?page=content&id=TECH91335&actp=search&viewlocale=en_US&searchid=1292646719517.

Copying the most recent .jdb file, renamed to remove .zip extension, to C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\content\incoming fails

Glad to hear, and good luck migrating your environment!

sandra