Endpoint Protection

I've re-installed SEPM 11.0.7, and from a 'new' install I still don't get anti-virus definitions downloading.  Ive scoured for information to correct this issue.

I've:

    Re-installed SEPM already

    Re-installed LiveUpdate, re-ran LuCatalog.exe --cleanup LuCatalog.exe --update, still no dice

    Manually updating the JDB seems to put the files in the Inetpub/Content folders, but they dissappear after a while

    Running LiveUpdate by itself doesn't seem to show the definitions as part of the download package

    SyLink debug doesn't show the moniker for the Antivirus definitions in the content index:

I'd really love to avoid installing 12.1 as it is year-end and we are barred from making major changes to our environment.

When did this start? Can you post the log.liveupdate file?

Have you tried the steps here:

http://www.symantec.com/docs/TECH166923

http://www.symantec.com/docs/TECH91335

are you using proxy in your network? have you configured SEPM to use proxy?

Hi,

Thank you for posting in Symantec community.

Are you able to access liveupdate.symantecliveupdate.com through Internet Explorer?

Refer this article:

How to determine whether your firewall is blocking LiveUpdate

http://www.symantec.com/docs/TECH139451

Had refer this article to clear corrupt definitions?

https://www-secure.symantec.com/connect/articles/how-clear-corrupt-virus-definitions-sepm

post the liveupdate log from the SEPM.

I would also suggest downloading and running the SymHelp tool to check for issues:

Symantec Help (SymHelp) Download

http://www.symantec.com/docs/TECH170752

Troubleshooting computer issues with the Symantec Help support tool

http://www.symantec.com/docs/HOWTO80839

There is something wrong with the downloading of signatures. We have 5 managers and not one of them got updated, even after Liveupdate stated that all the definitions are up to date.

I had to download the JDB and add it on all my manager Servers manaully

yes, download the jdb file to update, there seems to be some issue with LU.

Hi

There is issue with Symantec liveupdate server that Virus Definitions showing Monday, Dec 16 and later definitions have not been posted, SEP Management Consoles will show definitions up to Dec 16 as available, this issue is currently been investigated, as a workaround you can download the rapid release .jdb and manually update the SEPM

Please find the link to download the definitions

ftp://ftp.symantec.com/AVDEFS/symantec_antivirus_corp/rapidrelease/sequence/

Regards

I have the same problem here. LU does not download new definitions.

I imported the JDB File wich got processed, but the new definitions still didn't show up in SEPM.

The incoming folder is now empty, SEPM status message wrote that the rapidupdate was succesfull, but there are no new definitions.

Any hints? This software is starting to annoy me.

Are you using SQL 2005 database?

Nope.

We're using a clustered Microsoft SQL 2008 R2 Enterprise.

Hello Everyone,

Issue appears to be resolved at this point please run liveupdate through SEPM to get latest definitions.

Note: Symantec is aware of this issue & we have few customers reported.

As the issue is intermittent you may choose to update the definitions using .JDB file.

How to update definitions for Symantec Endpoint Protection Manager (SEPM) using a .jdb file:

http://www.symantec.com/docs/TECH102607

Issue appears to be resolved at this point please run liveupdate through SEPM to get latest definitions.

Still no update over SEPM for me.

Update with JDB does not work either, as mentioned above.

So I tried to follow that article:

http://www.symantec.com/business/support/index?page=content&id=TECH166923&locale=en_US

I deleted all revisions and watched the folders in inetpub as they get recreated, but as before SEPM stops at the folder "131204032". The last update SEPM gets is from december 5th.

Hi,

JDB file should update SEPM successfully.

It's been how many days SEPM has not updated?

What's the error when you run liveupdate manually or through SEPM console?

At first there was no error at all, just a "no updates found for SEP" and a "LiveUpdate succeeded".

Now, after deleting all the revisions like mentionend in the TECH article i get an error stating: "Symantec Endpoint Protection could not update Virus and Spyware definitions"

As mentioned before, all the Revisions till 5th december got downloaded again. It just stops there.

Here's the LiveUpdate Log file.  I don't see the AV definitions monikers being updated, I have used LuCatalog.exe --cleanup and LuCatalog.exe --update to no effect.

In SEPM Admin>Servers 'Show LiveUpdate Downloads' I do not see the definitions listed.

I ran SymHelp and it showed corrupt definitions on the SEP Client, but not SEPM.  I re-installed the client and can confirm the client is getting the latest definitions.

LiveUpdate still appears to put the definitions inside of the Inetpubd/content directory, but it gets removed after a while.

Attachment(s)

Log.LiveUpdate_26.txt   3.55 MB 1 version

Hello Brad Newbold,

as you can see in the thread I had exactly the same problem. I contacted Symantec support and gave them all the SEPM logfiles. They redirected me to following article: http://www.symantec.com/business/support/index?page=content&id=TECH106075 wich solved the problem for me.

We used 30 Revisions but the default value of the filegroup of 20.000 MB wasn't enough. We set it to 30k now and everything is workling again. I hope this helps you to fix your problem.

Good Luck

Is there any update?

yes please, I also got the same issue with the definition not updating.

Do you face it as an intermittent issue or it's been a permanent issue?