Symanec Protection Suites

  • Private Community

  • 1.  LiveUpdate encountered one or more errors. Return code = 4.

    Posted Feb 01, 2011 01:42 PM

    Hi All,

     

    i am having issues installing latest defintions on SEPM with liveupdate. When i try to Downlaod liveupdate Content manually i get the following error: 'LiveUpdate encountered one or more errors. Return code = 4.'

    I am currently updating AV definitions with the .jdb file and all clients are updated but this doesnt update Proactive and Network threat protection.

    This is my log.liveupdate file:

    2/1/2011, 17:19:03 GMT -> Progress Update: PATCH_DOWNLOADING_START: Number of patches: 4
    2/1/2011, 17:19:03 GMT -> GetUpdates: SESC Virus Definitions Win32 v11, MicroDefsB.CurDefs, SymAllLanguages ==> 1296568737jtun_nav2k8en110131035.m25
    2/1/2011, 17:19:03 GMT -> GetUpdates: SESC IPS Signatures Win32, 11.0, SymAllLanguages ==> 1296256591jtun_sescwps110128003.x86
    2/1/2011, 17:19:03 GMT -> GetUpdates: Symantec Security Content B1, MicroDefsB.CurDefs, SymAllLanguages ==> 1296571079jtun_the_cal110201007.zip
    2/1/2011, 17:19:03 GMT -> GetUpdates: Symantec Security Content A1, MicroDefsB.CurDefs, SymAllLanguages ==> 1296570907jtun_the_110201007.zip
    2/1/2011, 17:19:03 GMT -> Progress Update: DOWNLOAD_BATCH_START: Files to download: 4, Estimated total size: 5177738
    2/1/2011, 17:19:03 GMT -> Update file 1296568737jtun_nav2k8en110131035.m25 may be divided into bandwidth reducing segments.
    2/1/2011, 17:19:03 GMT -> Progress Update: DOWNLOAD_SEGMENT_BATCH_START: Downloading segmented file 1296568737jtun_nav2k8en110131035.m25.full.zip (size 147668) instead of update file http://liveupdate.symantecliveupdate.com/1296568737jtun_nav2k8en110131035.m25 (size 182523)
    2/1/2011, 17:19:03 GMT -> Progress Update: DOWNLOAD_SEGMENT_FILE_START: Downloading segment file http://liveupdate.symantecliveupdate.com/segments/1296568737jtun_nav2k8en110131035.m25.seg1.zip instead of update 1296568737jtun_nav2k8en110131035.m25: file size 147668
    2/1/2011, 17:19:03 GMT -> Progress Update: DOWNLOAD_FILE_START: URL: "1296568737jtun_nav2k8en110131035.m25", Estimated Size: 147668, Destination Folder: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads"
    2/1/2011, 17:19:48 GMT -> CSendHTTPRequest::SendRequest - Timed out while communicating with server.
    2/1/2011, 17:19:48 GMT -> Progress Update: DOWNLOAD_FILE_FINISH: - NOTE - URL: "1296568737jtun_nav2k8en110131035.m25", Full Download Path: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1296568737jtun_nav2k8en110131035.m25.seg1.zip" HR: 0x802A0045
    2/1/2011, 17:19:48 GMT -> HR 0x802A0045 DECODE: E_UNABLE_TO_REACH_SERVER
    2/1/2011, 17:19:48 GMT -> Progress Update: DOWNLOAD_SEGMENT_FILE_END: Downloaded file http://liveupdate.symantecliveupdate.com/segments/1296568737jtun_nav2k8en110131035.m25.seg1.zip instead of update 1296568737jtun_nav2k8en110131035.m25: file size 147668
    2/1/2011, 17:19:48 GMT -> Progress Update: DOWNLOAD_SEGMENT_BATCH_FAILED: Download of segmented file 1296568737jtun_nav2k8en110131035.m25.full.zip (size 182523) failed.  LiveUpdate will download the full update file http://liveupdate.symantecliveupdate.com/1296568737jtun_nav2k8en110131035.m25 (size 147668)
    2/1/2011, 17:19:48 GMT -> Progress Update: DOWNLOAD_SEGMENT_BATCH_END: Downloaded segmented file 1296568737jtun_nav2k8en110131035.m25.full.zip (size 147668) instead of update file http://liveupdate.symantecliveupdate.com/1296568737jtun_nav2k8en110131035.m25 (size 182523)
    2/1/2011, 17:19:48 GMT -> Progress Update: DOWNLOAD_BATCH_FINISH: HR: 0x802A0045, Num Successful: 0
    2/1/2011, 17:19:48 GMT -> HR 0x802A0045 DECODE: E_UNABLE_TO_REACH_SERVER
    2/1/2011, 17:19:48 GMT -> EVENT - SESSION END FAILED EVENT - The LiveUpdate session ran in Silent Mode. LiveUpdate found 4 updates available, of which 0 were installed and 4 failed to install.  The LiveUpdate session exited with a return code of 1835, The LiveUpdate server failed to respond in a reasonable amount of time.

     

    I have tried the following:

    #  

    register the SEPM with LiveUpdate.  lucatalog -update

    Deleted the contents of the All Users\App Data\Symantec\LiveUpdate\Downloads

    Ran SEPM repair from Add/Remove Programs
     
     
    disabled enchaned IE security. ran live update.
     

    increased timeout settings on seetings.liveupdate file

    PREFERENCES\INTERNET_CONNECT_TIMEOUT=180
    PREFERENCES\INTERNET_READ_DATA_TIMEOUT=180

    #

    I was able to downlaod the generic test to ensure that my firewall is not preventing from downloading live updates:

    Download the below file from Symantec web site to check the Firewall is not blocking the Zip files

    http://liveupdate.symantecliveupdate.com/livetri.zip

    Downloaded livetri.zip file will contain 3 files

    Check the below 3 files are in the livetri.zip to ensure that the files are not blocked by the system Firewall.

     Liveupdt.sig

    Liveupt.tri

    Liveupt.grd

    If you find the 3 files in the zip file and also make sure that the files are not empty, if so then those files are not blocked by Firewall. Firewall will show an error if the files are modified by the Firewall. If all the files are present in the zip and the files are not modified then the Firewall is not blocking the LiveUpdate and try continuing with LiveUpdate

     

    #

    Uninstalled liveupdate from add/remove programs.

    Deleted liveupdate folder from   C:/docuents and settings/all users/application data/Symantec   and   C:/Program files/Symantec

    downloaded liveupdate 3.3 after deleting the liveupdate folder and re-installed

    Once installed, registered it with SEPM

    1. Open a command prompt browse to:
    C:\Program Files\Symantec\Symantec Endpoint Protection Manager\bin
    2. Type lucatalog -update and press Enter.

     

     

    I am out of ideas!!!

     

     



  • 2.  RE: LiveUpdate encountered one or more errors. Return code = 4.

    Posted Feb 01, 2011 02:11 PM

    Check this - Symantec Endpoint Protection Manager (SEPM) reports error "LiveUpdate finish with Return code = 4" and LU error 1875, 1845, 1853, 1806 are present in Log.LiveUpdate.

    http://www.symantec.com/business/support/index?page=content&id=TECH91261&actp=search&viewlocale=en_US&searchid=1296587382078

     

    Best,

    Thomas



  • 3.  RE: LiveUpdate encountered one or more errors. Return code = 4.
    Best Answer

    Posted Feb 02, 2011 11:45 AM

    So after throwing everything but the kitchen sink at this issue and pulling my hair out i have finally fixed the issue. The problem is with ASTARO Security Gateway and the following rule that it is blocking.

    Rule ID 17297 SPECIFIC-THREATS McAfee VirusScan on-access scanner long unicode filename handling buffer overflow attempt.

    You will see this as you of your entries in your TOP10 Attack Rules.

    Solution: Disable this rule ID 17297on your Astaro Firewall.

     

     

    The generic test to ensure that your firewall is not preventing you from downloading live updates is to ensure you can first download the following zip which i could.

    http://liveupdate.symantecliveupdate.com/livetri.zip
     

    So that took me off the scent that it was a firewall issue. However after intense research i finally came across the solution which coincided with an update on the firewall the same time live-updates stopped working.

     

    Hope this helps other Astaro/SEPM users.

    Please see below document:

    http://www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=TECH146475