Symantec Mail Security for Microsoft Exchange, Administrator Alert: Virus definitions on server: ‘servername’ are ‘n’ days old. To remain protected ensure that Liveupdate is working properly

Article:TECH153185  |  Created: 2011-02-11  |  Updated: 2013-10-29  |  Article URL http://www.symantec.com/docs/TECH153185
Article Type
Technical Solution


Issue



 You receive an email from Symantec Mail Security for Microsoft Exchange indicating your virus definitions are out of date. The email contains the following text:

Virus definitions on server: ‘servername’ are ‘n’ days old. To remain protected ensure that LiveUpdate is working properly.


Error



  • Windows Application Event Log contains the following event:

 Log Name:      Application
Source:        Symantec Mail Security for Microsoft Exchange
Date:          5/12/2011 3:00:54 PM
Event ID:      404
Task Category: LiveUpdate/Rapid Release
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      2K8R2.Exchange2010.internal
Description:
Virus definitions are 6 days old. To remain protected ensure that Liveupdate is working properly.

 


Solution



Check the status of the SMSMSE virus definitions license

1. Open the SMSMSE console.
2. Navigate to Admin -> Licensing.
3. Under 'Licensing Information' Ensure the Virus Definitions feature's status shows 'Valid'. If not, install a new license. SMSMSE requires a valid Virus Definitions content license to update definitions.

Check the SMSMSE virus definition copy process

See the following article for details: Symantec Mail Security for Exchange (SMSMSE) continuously reports Windows application event ID 25 "Updated Virus Definitions" and is not using current virus definitions when multiple copy processes occur at the same time.

Check incorrect email notification

There are scenarios where SMSMSE reports virus defintion update failure even when the update was successful.  Check the following article for details: Email notification: 'Symantec Mail Security for Microsoft Exchange LiveUpdate alert' even though virus definitions are staying up to date.

Check the Log.LiveUpdate for errors

1. Navigate to one of the following locations:

Server 2003: C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate
Server 2008: C:\ProgramData\Symantec\LiveUpdate

2. Right click the file 'log.liveupdate' and choose Open with... 
3. Select 'Notepad' from the list.
4. Scroll to the bottom of the log, and look for the entry "PRODUCT UPDATE FAILED EVENT". Towards the end of this line you will see a LiveUpdate return code, in the format "The Update executed with a result code of 18XX". Make note of this return code.
5. Search the Symantec knowledge base for the return code, and follow the steps in the resulting document
6. If there are still  problems, contact Symantec Technical support and provide a copy of the log.liveupdate for analysis.

Adjustments available to notification settings

Threshold for Notification Check

1. Open the registry editor (Start -> Run, regedit).
2. Navigate to HKLM\Software\(on 64 bit systems Wow6432node)\Symantec\SMSMSE\6.5\Server\Components\LiveUpdateConfig.
3. Create a new DWORD value called 'DefsMonitorDaysThreshold'. Set the value to the number of days after which an email notification should be sent when definitions are out of date. The default and minimum value is 2. To disable notifications, set the value to 0.

* change the value to 0 without restarting OS can disable notifications, but if you want to enable the notifications again, change the value from 0 to other values , then restart the OS.( confirmed in my test environment).

Change Notification Send Interval

1. Open the registry editor (Start -> Run, regedit)
2. Navigate to HKLM\Software\(on 64 bit systems Wow6432node)\Symantec\SMSMSE\6.5\Server\Components\LiveUpdateConfig
3. Create a new DWORD value called 'DefsMonitorResendIntervalInHr'. Set the value to the number of hours between email notifications when definitions are out of date. The default  value is 6.

                 * without creating this value, the notifications will also be sent every 6 hours when definitions are out of date.

 Adjust Frequency of Notification

1. Open the registry editor (Start -> Run, regedit)
2. Navigate to HKLM\Software\(on 64 bit systems Wow6432node)\Symantec\SMSMSE\6.5\Server\Components\LiveUpdateConfig
3. Modify the value 'TimesPerDayInt' to match the number of times per day you'd like SMSMSE to check for out of date definitions. The default and minimum value is 1.

 

 

 




Article URL http://www.symantec.com/docs/TECH153185


Terms of use for this information are found in Legal Notices