The Symantec Endpoint Protection Manager does not update virus definitions successfully through LiveUpdate

Article:TECH183178  |  Created: 2012-03-07  |  Updated: 2014-08-14  |  Article URL http://www.symantec.com/docs/TECH183178
Article Type
Technical Solution


Issue



Virus definitions are out of date on the Symantec Endpoint Protection Manager (SEPM), and this is affecting the Symantec Endpoint Protection (SEP) clients to which it provides content.


 


Environment



Windows Server
Symantec Endpoint Protection 12.1


Cause



As a best practice, ensure that the SEPM is upgraded to the very latest release of Symantec Endpoint Protection 12.1.  
The issue causing the update issue may be resolved by the improved processing and enhanced features available in a software version later than what is running.

 

Most common reasons for update failure:

  • Symantec Endpoint Protection Manager definitions are corrupted;
  • LiveUpdate is unable to access / read the LiveUpdate catalogue file;
  • An incorrect or incompatible LiveUpdate client version is installed on the server;
  • A proxy server is preventing LiveUpdate to connect properly to Symantec LiveUpdate servers, or is modifying the files that must be used

Solution



Several important steps are illustrated in the short videos Troubleshooting Out-of-date Definitions on Clients (Part 1) and Troubleshooting Out-of-date Definitions on Clients (Part 2) on SymantecTV

 

What you need:

 1) Latest Certified Definitions from Symantec.
Please download the latest certified definitions from Symantec website at: http://www.symantec.com/security_response/definitions/download/detail.jsp?gid=sep
 

Download the definitions for Symantec Endpoint Protection Manager 12.1 (.jdb format). File may be saved as .zip, please rename the file to .jdb when the download is complete.

 2) LiveUpdate Installer shipped with the release of Symantec Endpoint Protection in use.
The file is located in the SEPM folder on the installation media.
The filename is lusetup.exe

 

Procedure:

 Step 1) Check the Symantec LiveUpdate version installed.

This can be done by locating the log.liveupdate file on the computer. The file should be in one of these locations:

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate
C:\ProgramData\Symantec\LiveUpdate

At the beginning of each LiveUpdate cycle, the LiveUpdate version will be shown. Check that the version is 3.3.1.23 or higher.
Please proceed to Step 4, if the correct version is shown.

 

Step 2) LiveUpdate Installer

Assume the wrong LiveUpdate version is installed on the system, locate the LiveUpdate installer shipped with your release of Symantec Endpoint Protection as per above.

 

Step 3) Remove LiveUpdate and install the correct version for SEP 12.1

- Uninstall "Symantec LiveUpdate" from the Windows Control Panel,
- Reboot the server,
- Install the LiveUpdate shipped with your release of Symantec Endpoint Protection.

 

Step 4) Cleanup the LiveUpdate Catalog and Re-register Symantec Endpoint Protection Manager with LiveUpdate.

Open a command prompt and change directory to the following path (or the relevant path for the current installation).
C:\Program Files\Symantec\Symantec Endpoint Protection Manager\bin

Type the following commands:

lucatalog -cleanup
lucatalog -forcedupdate

 

Step 5) Apply latest certified definitions.

Move the .jdb file previously downloaded into this folder (or the relevant folder for the installation)
C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\content\incoming

File will be processed, and within a few minutes virus definitions will be updated on the SEPM Console and to the respective clients.
Click “Refresh” on the Console home page, if this is not the case.

 

Step 6) Proxy Settings

 For environments with a corporate proxy, allow HTTP port 80 or FTP ports 20, 21 and port 443 connections to these hosts:

liveupdate.symantecliveupdate.com
liveupdate.symantec.com
update.symantec.com

Note that IP address obtained by DNS resolution, should not be used, as this may be subject to change due to system updates and load balancing. It is highly recommended that the provided host names are used.

Disable content caching and AV scan in the proxy for those connection to avoid corruption of the definition files.

 

Step 7) Monitor System

Allow 24 hours to verify that LiveUpdate is now working properly. Monitor the system for a few days to ensure that updates are downloaded and installed properly.


 





Article URL http://www.symantec.com/docs/TECH183178


Terms of use for this information are found in Legal Notices