Endpoint Protection

 View Only
  • 1.  symantec endpoint protection 14.3 update definition fail

    Posted Sep 21, 2022 07:43 AM
    Dear, 
    I found some computers can not update definition automatically successfully, although I have reinstall symantec software. How does symantec endpoint protection update definition work? Which port does the service use? Thanks a lot.


  • 2.  RE: symantec endpoint protection 14.3 update definition fail

    Broadcom Employee
    Posted Sep 22, 2022 06:34 PM

    It depends on what product you are using - on-premises SEP client (managed or unmanaged) or cloud-managed SES - and also upon your LiveUpdate configuration.

    If using default LiveUpdate, your clients would connect to a LiveUpdate server on HTTP 80 or HTTPS 443. Check LiveUpdate logging: C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Lue\Logs

    If your client is on-prem SEP and managed by a SEPM, it may be configured to get definitions only from the SEPM. Check your LiveUpdate policy configuration and connectivity to SEPM.





  • 3.  RE: symantec endpoint protection 14.3 update definition fail

    Posted Sep 28, 2022 08:08 AM
    Hi, Thanks,
    My client is type 2, is there log which I can check in client computer?
    Thanks a lot.

    If your client is on-prem SEP and managed by a SEPM, it may be configured
    to get definitions only from the SEPM. Check your LiveUpdate policy
    configuration and connectivity to SEPM.




  • 4.  RE: symantec endpoint protection 14.3 update definition fail

    Broadcom Employee
    Posted Sep 28, 2022 12:39 PM
    C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Lue\Logs\Log.Lue


  • 5.  RE: symantec endpoint protection 14.3 update definition fail

    Posted Sep 30, 2022 06:13 AM
    Thanks, I found it show messages below, what can I do to fix this?

    11899 2022/9/23 11:56:02 Information 120B0008 Using Group Update Provider
    type:Multiple Group Update Providers
    11900 2022/9/23 11:56:24 Error 1277030C New content update failed to
    download from Group Update Provider. Remote file path:
    http://192.6.1.192:2967/content/TempCache/{0A4513F4-5EC7-4ED2-B100-538C75C0D87A}/220914071/xdelta220914071_To_220922001.dax




  • 6.  RE: symantec endpoint protection 14.3 update definition fail

    Broadcom Employee
    Posted Sep 30, 2022 12:02 PM
    Edited by Ed Agoff Sep 30, 2022 12:02 PM
    This looks like on on-prem SEPM-managed SEP client; Group Update Providers are not yet a feature of cloud-managed SES clients (How SEP Policies differ in SES - LiveUpdate Settings). You need to adjust your LiveUpdate policy at SEPM to use a different GUP or different update source (Symantec LiveUpdate, internal LUA server, or SEPM). Or troubleshoot connectivity to this GUP (192.6.1.192). If you need further help, please open a case via our contacts at support.broadcom.com/security


  • 7.  RE: symantec endpoint protection 14.3 update definition fail

    Posted Sep 30, 2022 06:49 PM
    Hi,
    Thanks, would it be possible to copy definition file to the path of the
    local computer which's ip is 192.6.1.192? But I don't know where is the
    path in the computer.

    http://192.6.1.192:2967/content/TempCache/%7B0A4513F4-5EC7-4ED2-B100-538C75C0D87A%7D/220914071/xdelta220914071_To_220922001.dax