Endpoint Protection

 View Only
Expand all | Collapse all

Anyone else seeing these increased alert messages

  • 1.  Anyone else seeing these increased alert messages

    Posted Mar 13, 2021 09:47 AM
    We receive random alerts via email about endpoint issue.  THe message is: Live Update or Auto Upgrade via LU Failed on An Endpoint

    But when we check,  the endpoint is fully updated and no upgrades needed.

    There seems to be delay in the client and backend Symantec services communicating.  What is odd is that the timestamp for the messages are within a few minutes of when the endpoint last communicated or ran RU successful.  It is like the backend system pulls the trigger too soon to send the message but no issue is really present.

    About a 2 weeks ago we had the issue with the icon staying greened up but that has since cleared, I suspect Symantec has some other glitch as we would see these messages about 1 or 2 every few days.  Now we see 3-10 everyday.

    Anyone experiencing this?

    Mark Johnson

    ------------------------------
    Continental Motors
    ------------------------------


  • 2.  RE: Anyone else seeing these increased alert messages

    Broadcom Employee
    Posted Mar 16, 2021 03:00 PM
    Hi Mark,

    We are looking into tuning this alert rule to reduce noise.

    ------------------------------
    Product Management
    Broadcom
    ------------------------------



  • 3.  RE: Anyone else seeing these increased alert messages

    Posted Mar 31, 2021 05:22 PM
    Edited by Taylor Iuliucci Apr 01, 2021 02:12 PM

    I actually have to click my messages twice to see the message, it gives me a notification that i have a new one, and i really do have a new one, but when i click messages nothing is there until i click it a second time.



  • 4.  RE: Anyone else seeing these increased alert messages

    Posted Apr 21, 2021 06:45 PM
      |   view attached
    I started receiving these messages for a bunch of different machines starting yesterday. Does it resolve on it's own or is there something I need to do?


  • 5.  RE: Anyone else seeing these increased alert messages

    Posted Apr 22, 2021 10:16 AM

    These messages for us had subsided for a while for us but we have noticed these are starting to tick back up again.

     

    Broadcom support stated at that time they were working on the triggers to reduce the number of false positive alerts.

     

    Mark J.

     






  • 6.  RE: Anyone else seeing these increased alert messages

    Posted Apr 29, 2021 10:22 AM
    We have been receiving over 75 of these since last night.  We check the Pcs and they are all good.  Can someone advise from Broadcom?

    Overseas support is not helpful as they just follow the "knowledge" tree and aren't at a support level to really work the issue.

    ------------------------------
    Continental Motors
    ------------------------------



  • 7.  RE: Anyone else seeing these increased alert messages

    Posted Apr 29, 2021 11:16 AM
    BTW - When I look at the details in SEP we use the cloud based SEP enterprise I see many notices of: 

    "An update for Intrusion Prevention Signatures from LiveUpdate failed to install. Error: File not found on server (223)"

    So it seems like the Broadcom update servers are having trouble and missing some files to push under live update.


    ------------------------------
    Continental Motors
    ------------------------------



  • 8.  RE: Anyone else seeing these increased alert messages

    Posted May 03, 2021 10:56 AM
    Yeah I'm seeing the same.  And given that I manage a fair numbe rof SES customers, I am getting these lovely alerts on just about all accounts.  Thankfully nobody has a high volume of machines, but at this point I figure it's a matter of time before they fix what's wrong.  If it gets really bad, I'll set an Outlook rule to delete any emails with those specific keywords, and maybe check my Delete Items folder to see when the volume starts to drop.  I believe I even have most customers to only send this LU-failed alert "on  1 device, 24 hours, rate limit 6".  So I can't imagine how annoying this would be otherwise.


  • 9.  RE: Anyone else seeing these increased alert messages

    Posted May 03, 2021 01:28 PM
    We have been receiving similar messages since last evening. So far received app 20 messages.
    Dont know how to control or stop them.

    Please help remedy the sitautaiton.



  • 10.  RE: Anyone else seeing these increased alert messages

    Posted May 07, 2021 03:33 PM
    I'm also having many of these alerts for a bit more than a week now. The updates end up working after a couple of retries but it's very unstable and it spams our emails with these alert messages. 
    Is our only option to disregard these alerts ? We opened a support ticket about this but we're making no progress

    ------------------------------
    Notarius
    ------------------------------



  • 11.  RE: Anyone else seeing these increased alert messages

    Posted May 07, 2021 03:40 PM

    Maybe John Owen is able to assist as overseas support unfortunately is below par compared to other vendors.

     






  • 12.  RE: Anyone else seeing these increased alert messages

    Posted May 13, 2021 09:40 AM
    Below par? It's absolutely unusable for any deep technical investigation, they are just guys trained to suggest "reinstall the software and let's see".
    They are disconnected from the product engineer too, no communication.
    Additionally, after Broadcom acquisition, they removed our country local support (Italy) and outsourced it in India, to maybe the cheapest company there.
    That's a way to make more margins, keep or increase support fees, and just reduce support costs basically slashing it at the expense of quality. Not a far sighted way to add value.
    The last time I've contacted them, the advices of the support engineer lead to a destroyed and unusable server (luckly I had a snapshot). They are untrained to go "under the hood" in case of faults, it's just a front end to receive call.
    Let's see how the software engineering part now goes (not good the last two release - with SQL Express - a lot of bugs).

    ------------------------------
    Ace It
    ------------------------------



  • 13.  RE: Anyone else seeing these increased alert messages

    Posted May 13, 2021 10:22 AM

    I agree with your assessment.  Each time I open a case they want to do a WebEx to see what the issue is because they are unable to visualize the issue based upon the case detail and screenshots proved.

     

    I have yet to have anyone on the front line provide a real solution it usually has to be escalated or as you mention "uninstall and reinstall and that should work".

     

    Luckily, Broadcom staff such as John Owen who monitor these forums have been the saving grace to help with resolution or at least confirm the glitch is known, unlike the front line that usually state they are unware of any reported bug(s) making it seem like I am the only one experiencing the issue. 

     

    That is why I post to these forums to prove the issue is not unique to only me and my 300+ units.

     

    Mark J.

     

     






  • 14.  RE: Anyone else seeing these increased alert messages

    Posted May 13, 2021 10:50 AM
    Exactly.
    Don't get me started on the webex way of handling the case. Each time, even if the issue is known or it is already documented by logs or several screenshots, they want to connect to webex to "see" the issue, with lost time reproducing it, and this ends with a guy from India connecting from home to give "support" (basically suggesting a re-install or similar, without going deep in logs or investigating the machine/dbms) and sometimes even with a mediocre audio/internet setup, leading also to difficulty in communication.

    Basically they handle a server-side, possibly multi-component, support case like one would handle a Office365 case problem for a housewife that can't access the email because of capslock. This is the level :)

    Based on these experience, the impression given to me, as customer, is that Broadcom outsourced the first support line to a cheap company located in India, accustomed to provide support to households, not companies with ICT depts, using support guys working from home, with cheap and not standardized audio setup, with efficiency metrics based not on the cases solved but on the "minutes with the customer".

    The support quality is indeed decreased, but our annual fee is the same.
    Let's see know the software quality goes... after Broadcom acquisition I don't really know - for lack of transparency - if they "purged" most/some the original devs.

    This of course are considerations related to Broadcom as a multinational company, not of course aimed to the effort and appreciated quality feedback that singular Broadcom employees give to this forum.

    ------------------------------
    Ace It
    ------------------------------



  • 15.  RE: Anyone else seeing these increased alert messages

    Broadcom Employee
    Posted May 07, 2021 04:19 PM
    Are these new alerts or old alerts from the event last week?  The FP is fixed and the publishing issue is resolved. You will need to run LiveUpdate and have them complete for the alerts to stop.

    ------------------------------
    John Owens
    Strategic Support Engineer | Symantec Enterprise Division (SED)
    Symantec
    United States
    ------------------------------



  • 16.  RE: Anyone else seeing these increased alert messages

    Broadcom Employee
    Posted May 07, 2021 04:19 PM
    Also, please specify what you are running. SES or SEP On Prem?  What was your case number?

    ------------------------------
    John Owens
    Strategic Support Engineer | Symantec Enterprise Division (SED)
    Symantec
    United States
    ------------------------------



  • 17.  RE: Anyone else seeing these increased alert messages

    Posted May 10, 2021 09:53 AM

    Hi John,

    I was receiving these alerts from April 29th to May 7th. On some of our endpoints, LiveUpdate would fail once, run successfully a couple of hours later and then fail again the day after. So we did run LiveUpdate successfuly while the issues was ongoing.
    To answer your other questions, we use SEP and the case number is Case#32685013.

    I do have some good new today though. I did not receive any of these alerts since last friday May 7th at 10:43 AM eastern time.
    I'm glad you're trying to help but it looks like the issue might be resolved now.

    Do you have any idea what could've happened and how we can avoid this in the future ? If you look at our support case you can see we did a lot of debugging on our end. We provided LiveUpdate logs where we found timeout errors and screenshot proof that our Firewall was not blocking traffic.




  • 18.  RE: Anyone else seeing these increased alert messages

    Broadcom Employee
    Posted May 13, 2021 10:07 PM
    There was an issue concerning missing LiveUpdate content that was corrected on our end. It most likely caused some of those alerts. For cloud managed agents, we will be tuning the alert rules to reduce some of the noise. The alert rule configuration in the cloud console allows you to limit the number of alert emails sent per day.

    ------------------------------
    Product Management
    Broadcom
    ------------------------------



  • 19.  RE: Anyone else seeing these increased alert messages

    Posted May 14, 2021 08:17 AM
    I've been having issues with clients at two sites not being able to connect to LiveUpdate at HTTPS://liveupdate.symantecliveupdate.com.

    The ISP's where I have seen problems connecting are ATT and Suddenlink.

    I had to use a proxy to connect out via a different ISP to get updates.

    Over seas support is blaming my local network. There appears to be an issue with Symantec's CDN.

    My case is 32691162.