Just going to post this in case anyone is seeing a similar issue 7 years later. Had the same problem occur with SEP Live Update on Server 2022, where Live Update was trying to query Google DNS instead of the DNS server specified in the network adapter. In my case, this was caused by a leftover registry key from a previosly deleted adapter. Under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces, the leftover adapter had a blank NameServer string value which caused SEP to default to Google DNS. Either adding the correct server ip to that NameServer string or just deleting the key associated with the leftover adapter solved the issue for me.
Original Message:
Sent: Feb 22, 2016 02:14 PM
From: MzSolo
Subject: Is LiveUpdate trying to access google for DNS setting?
Hello - i have a question from our Info Security Office.
So the ISO has found 148 offenses in total that occurred Sat. 2/20 from about 8:00AM to 8:30AM. Offenses #6250-6398.
For the few where I am able to read the flow payload, the query appears to be related to Symantec. Such as liveupdate.symantecliveupdate.com The destination for all of these appears to be Google (8.8.8.8 & 8.8.4.4).
Our question is why are all of these machines using Google's DNS service to get the DNS info on liveupdate.symantecliveupdate.com.?
Is there maybe something hard coded in the Symantec update that would cause this? Or was the local DNS service down during this time?
Any info would be appreceiated.