Message: "SECURITY_PACKAGE_NOT_TRUSTED" in Log.LiveUpdate after running LiveUpdate

Article:TECH102772  |  Created: 2007-01-31  |  Updated: 2010-10-07  |  Article URL
Article Type
Technical Solution


After an unsuccessful LiveUpdate attempt, The Log.LiveUpdate file contains the following messages: "SECURITY_PACKAGE_NOT_TRUSTED" and, "E_PACKAGE_NOT_TRUSTED".


To determine what updates are available from the Symantec LiveUpdate servers, a LiveUpdate client downloads a series of files .tri files which contain pointers to the available content updates. These .tri files also contain a SHA1 hash of all of the content they point to.

Content is downloaded from the Symantec Public LiveUpdate servers in a compressed package. Usually this package is in either the zip or rar format. All content packages contain a digital signature signed by Symantec to verify authenticity. Content packages also contain a .grd file with a list of all of the files in that update package and their SHA1 hash. Once a content package is downloaded, it is extracted. LiveUpdate uses the signature file and the file file hashes in the .grd file to verify each of the pieces of content extracted from the package.

LiveUpdate will generate "SECURITY_PACKAGE_NOT_TRUSTED" and, "E_PACKAGE_NOT_TRUSTED" errors if it is unable to verify the signature and/or the file hashes of a downloaded content package, or the individual content files inside the update package.

Some possible reasons for this behavior are:

  1. A download/content update was improperly packaged
  2. A download/content update was not genuine
  3. A downloaded package was corrupted in transport
  4. An older, cached version of a content package was downloaded

The most typical cause of this behavior is a caching proxy server. Caching proxies will store copies of recently downloaded data from the Internet locally. If content is corrupted in transport from the Symantec LiveUpdate servers to the caching proxy, or if content has been updated since the cached version was initially downloaded, LiveUpdate will not be able to download valid copies of content updates.



To work around caching proxy issues, it is recommended to disable content caching for LiveUpdate content. Alternatively, if caching content from the Symantec LiveUpdate servers is necessary or required, the following configuration changes are recommended:

  1. Lower the amount of time cached files are kept on the proxy
  2. Clear the cached LiveUpdate content on the proxy when these errors occur
  3. Time LiveUpdate sessions to occur after scheduled proxy cache clearings

Legacy ID


Article URL

Terms of use for this information are found in Legal Notices