LiveUpdate does not update Symantec Endpoint Protection Manager and Symantec Endpoint Protection Clients with ASTARO present in the environment.

Article:TECH146475  |  Created: 2010-12-17  |  Updated: 2012-05-14  |  Article URL http://www.symantec.com/docs/TECH146475
Article Type
Technical Solution


Environment

Issue



The Symantec Endpoint Protection Manager (SEPM) console does not appear to download virus definitions.

A proxy server and a firewall is present in the environment but never caused problems and nothing has been changes for a long time.

The proxy server - firewall is the 3rd party application "ASTARO Security Gateway".


Error



The Manager Console is not up to date.  An example:
 

Windows Latest Symantec Version: 2010-12-16 rev. 048 
Windows Latest Manager Version:  2010-12-29  rev. 012 


Review of the Log.Liveupdate details the following data:
 

progress Update: DOWNLOAD_FILE_FINISH: - NOTE - URL: "http://liveupdate.symantecliveupdate.com/sesm$20antivirus$20client$20win32_11.0.6100_german_livetri.zip", Full Download Path: "C:\ProgramData\Symantec\LiveUpdate\Downloads\sesm$20antivirus$20client$20win32_11.0.6100_german_livetri.zip" HR: 0x802A0026
 -> HR 0x802A0026 DECODE: E_HTTP_NOT_FOUND
 -> Progress Update: DOWNLOAD_BATCH_FINISH: HR: 0x0       , Num Successful: 0
 -> Progress Update: DOWNLOAD_BATCH_START: Files to download: 1, Estimated total size: 0
-> Progress Update: DOWNLOAD_FILE_START: URL: "http://liveupdate.symantecliveupdate.com/liveupdate$20mui_3.5.0.64_symalllanguages_livetri.zip", Estimated Size: 0, Destination Folder: "C:\ProgramData\Symantec\LiveUpdate\Downloads"
 -> CSendHttpRequest::SendRequest() successfully impersonated the COM client (revert on destroy).
 GMT -> HttpSendRequest (status 404): Request failed - File does not exist on the server.
 -> Progress Update: DOWNLOAD_FILE_FINISH: - NOTE - URL: "http://liveupdate.symantecliveupdate.com/liveupdate$20mui_3.5.0.64_symalllanguages_livetri.zip", Full Download Path: "C:\ProgramData\Symantec\LiveUpdate\Downloads\liveupdate$20mui_3.5.0.64_symalllanguages_livetri.zip" HR: 0x802A0026
-> HR 0x802A0026 DECODE: E_HTTP_NOT_FOUND
 -> Progress Update: DOWNLOAD_BATCH_FINISH: HR: 0x0       , Num Successful: 0
 -> Progress Update: TRIFILE_DOWNLOAD_END: Number of TRI files: "38"
 


Environment



ASTARO Firewall version earlier than 7.508

WINDOWS 2003 R2


Cause



An automatic update of ASTARO Firewall from version 7.xxx to version 7.508 (started on 15th of December 2010) created an additional rule (see the screen shoot)

 

Info about this rule from Astaro Internet Security:
 

Rule ID 17297 SPECIFIC-THREATS McAfee VirusScan on-access scanner long unicode filename handling buffer overflow attempt.

This blocks Symantec Endpoint Protection Manager from retrieving updated definitions through LiveUpdate for disseminating to client systems. This is a new rule delivered on Wednesday in u2d-ips-7-193.i686.rpm

You can find it on:

http://www.astaro.org/astaro-gateway-products/network-security-firewall-nat-qos-ips-more/34242-ips-false-positive-alert-blocks-symantec-av-defs.html

and

http://www.astaro.org/astaro-gateway-products/network-security-firewall-nat-qos-ips-more/34680-symantec-liveupdate.html

 


Solution



In order to download the updates without any issues just disable the rule (See the screen shot above).
 

Astaro is investigating this issue. A possible fix from Astaro will be included in the next update.

Note: Similar issue has been found in other 3rd party Firewalls. When diagnosing any LiveUpdate issues, it is important to ensure that any 3rd party proxy server / firewall application is allowing LU traffic. 




Article URL http://www.symantec.com/docs/TECH146475


Terms of use for this information are found in Legal Notices