Endpoint Protection

 View Only
Expand all | Collapse all

Windows 2000 no Antivirus definition update with SEPM 12.1

  • 1.  Windows 2000 no Antivirus definition update with SEPM 12.1

    Posted Nov 20, 2012 03:55 PM

    Hi,

     

    I've instaled SEP in some windows 2000 clients and servers after importing the version 11 package to the endpoint manager.

    The problem is that the AV definition is not being updated on these computers. One has stayed with the update of 04/18/2011 R18 and other a update from last 15 of November. 

    I've tryed to send an update contect command, but the AV definition doesn't update.

     

    Just to share that the instalation on these servers was not by push by a save package, and manual executed the package on these clients.

    Also, both of them are online on the manager and with update status changed of today. 

     

    what is missing? How can I troubleshoot the problem?

     

    Regards



  • 2.  RE: Windows 2000 no Antivirus definition update with SEPM 12.1

    Posted Nov 20, 2012 04:05 PM

    The problem may be that SEP 12.1 does not support Windows 2000.

    You can download and run the SEP Support Tool for verification:

    https://www.symantec.com/business/support/index?page=content&id=TECH170752

    But I've not seen it supported in 12.1



  • 3.  RE: Windows 2000 no Antivirus definition update with SEPM 12.1

    Posted Nov 20, 2012 04:08 PM

    Maybe I've missunderstood, but I thought that installing SEP 11, the manager will see the clients and update the virus.

    In fact, the manager (SEPM 12.1) see and monitors, but doesn't update the virus definitions.



  • 4.  RE: Windows 2000 no Antivirus definition update with SEPM 12.1

    Posted Nov 20, 2012 04:09 PM

    So the client is still on 11.x? Only the SEPM is at 12.1?



  • 5.  RE: Windows 2000 no Antivirus definition update with SEPM 12.1

    Posted Nov 20, 2012 04:12 PM

    Yes.

     

    I've followed this info:

    http://www.symantec.com/business/support/index?page=content&id=TECH174069



  • 6.  RE: Windows 2000 no Antivirus definition update with SEPM 12.1

    Posted Nov 20, 2012 04:14 PM

    Does C: have enough free space?

    Have you tried running LiveUpdate locally on the client itself?

    It's possible the defs are corrupt, you can try clearing them manually:

    https://www.symantec.com/business/support/index?page=content&id=TECH103176



  • 7.  RE: Windows 2000 no Antivirus definition update with SEPM 12.1

    Posted Nov 20, 2012 04:33 PM

    Strange, I've runned LU on the client, and updated the definitions... but on the manager the definitions that appear are from the 15th of november, and on the client appear that is from 19 of november. But the client is online on the manager.

     



  • 8.  RE: Windows 2000 no Antivirus definition update with SEPM 12.1

    Posted Nov 20, 2012 05:09 PM

    So which is out of date, SEPM or SEP clients?



  • 9.  RE: Windows 2000 no Antivirus definition update with SEPM 12.1

    Posted Nov 20, 2012 05:30 PM

    In SEP client, it is up to date, with the latest Virus definitions. But in the list of clients in SEPM, it displays an old virus definition for that same client, and it seems that doesn't update.

    In fact the problem seems to be in SEPM, as it doesn't update to the correct info of definitions that the client has.



  • 10.  RE: Windows 2000 no Antivirus definition update with SEPM 12.1

    Posted Nov 20, 2012 05:34 PM

    Ok, so it seems to be more of a cosmetic issue.

    If you force the client to check in with the SEPM by right clicking the icon and selecting "update policy" it still doesn't show up to date?

    Follow the directions in this article:

    http://www.symantec.com/business/support/index?page=content&id=TECH167284

    It's not the exxact issue but slighly similar, perhaps the DB needs to be cleaned up



  • 11.  RE: Windows 2000 no Antivirus definition update with SEPM 12.1

    Posted Nov 20, 2012 05:46 PM

    Sorry, I wrote this up while a whole other conversation was taking place--take it or leave it  smiley

    ---

    Which version of 12.1 are you using, and which version of 11.x?

    When you did the manual installation of 11.x, was it while physically present at the server, or over a terminal connection (just curious)?

    One has stayed with the update of 04/18/2011 R18 and other a update from last 15 of November.

    If I had to guess, the only reason the second one updates is that it was able to run LiveUpdate and connect to the Symantec LiveUpdate servers.

    You haven't made any changes to the LiveUpdate Content policy for the group these clients are in, have you, to exclude content? (Policies > LiveUpdate > LiveUpdate Content tab)

    Are your 12.1 clients updating correctly? Is your SEPM fully updated (Admin > Servers > Local Site > under Tasks, click Show LiveUpdate Downloads and look to see what the revision is; I believe that the Virus and Spyware definitions entry are designed to be backwards-compatible with 11.x).

    If all looks up to date on the SEPM side, it's either communication problems or possibly definition corruption. Before trying the steps in the above document, it's often just as effective to apply the Intelligent Updater, which can usually handily replace any definition component that might be corrupted. You can download the file from this page--you will want the one that applies to 32-bit systems (should be the first link).

    Beyond this, troubleshooting this is probably going to take an examination of sylink debug logging or the LiveUpdate log to determine why the update's failing.

    sandra



  • 12.  RE: Windows 2000 no Antivirus definition update with SEPM 12.1

    Posted Nov 20, 2012 06:46 PM

     

    Which version of 12.1 are you using, and which version of 11.x?

    12.1.1101.401

    11.0.7000.975

     

    When you did the manual installation of 11.x, was it while physically present at the server, or over a terminal connection (just curious)?

    One of them was through VNC (this one is appearing in SEPM with definitions from 2011), and the other in the console of hyper-v (and in SEPM with definitions of the last 15, but locally on the client in fact with the 19th). But both using a package created by the SEPM (client deployement->option save package when adding client; created the exe and executed it in the client)

     

    One has stayed with the update of 04/18/2011 R18 and other a update from last 15 of November.

    If I had to guess, the only reason the second one updates is that it was able to run LiveUpdate and connect to the Symantec LiveUpdate servers.

    You haven't made any changes to the LiveUpdate Content policy for the group these clients are in, have you, to exclude content? (Policies > LiveUpdate > LiveUpdate Content tab)

    I've enabled the possibility to use the management server and liveupdate (an exception for the Windows 2000 servers, as the other clients don't have this option enabled)

     

    Are your 12.1 clients updating correctly? Is your SEPM fully updated (Admin > Servers > Local Site > under Tasks, click Show LiveUpdate Downloads and look to see what the revision is; I believe that the Virus and Spyware definitions entry are designed to be backwards-compatible with 11.x).

     

    The clients with 12.1 are updated to the last one on the server, that is from today (20-11-2012 r17)

     

    If all looks up to date on the SEPM side, it's either communication problems or possibly definition corruption. Before trying the steps in the above document, it's often just as effective to apply the Intelligent Updater, which can usually handily replace any definition component that might be corrupted. You can download the file from this page--you will want the one that applies to 32-bit systems (should be the first link).

    Beyond this, troubleshooting this is probably going to take an examination of sylink debug logging or the LiveUpdate log to determine why the update's failing.

    How to check these logs on the clients?



  • 13.  RE: Windows 2000 no Antivirus definition update with SEPM 12.1

    Posted Nov 20, 2012 06:53 PM

     

    How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry

    http://www.symantec.com/business/support/index?page=content&id=TECH104758



  • 14.  RE: Windows 2000 no Antivirus definition update with SEPM 12.1

    Posted Nov 21, 2012 04:50 AM

    I've activated the log, but I can't understand anything that is wrong.

    I've also found that a client in windows 2000 that is not connected to the internet can't update, because it doesn't get the information from the server manager, but connects to it.



  • 15.  RE: Windows 2000 no Antivirus definition update with SEPM 12.1

    Posted Nov 21, 2012 11:55 AM

    Thanks for the info. So it sounds like both are connected (green dot), one can update but the reporting information isn't making it back to the SEPM, and another is not able to update from the SEPM. Does that sound about right? (VNC and Hyper-V console for installation should be just fine.)

    The sylink debug logging is typically reviewed by Support, who know how to interpret what's written there. If you have the logging on during a heartbeat (right-click SEP client shield > click Update Policy) then attach the resulting log file to this thread, I'm sure someone would take a look at it. If the issues are as I described them above, make sure you indicate which problem is happening on which log.

    sandra



  • 16.  RE: Windows 2000 no Antivirus definition update with SEPM 12.1
    Best Answer

    Posted Nov 21, 2012 07:28 PM

    Ok,

     

    so, after some tests, using some tools used here, but with no success I've made a re-install using the push solution.

    So in resume.

    Made the .exe file using the third option when adding the clients, and executed the package on the clients with windows 2000. The AV installed correctly, but didn't updated the AV definitions.

    So, next step was to add the client, but now, through push option, and the AV was re-installed ok, and definitions are being updated.

    Also, I couldn't install through push the first time for w2000 computers. But after installing the package manually, it was possible to use the push.

    Problem solved.