Proactive Threat Protection shows disabled and does not update definitions after install

Article:TECH93621  |  Created: 2009-01-24  |  Updated: 2010-01-11  |  Article URL
Article Type
Technical Solution



Proactive Threat Protection (PTP) shows as disabled after install.

Proactive Threat Protection shows disabled directly after install
  • "Waiting for updates" may been seen in the client user interface where the definition date is normally found
  • Event ID 74: "TruScan has generated an error: code 11: description: Whitelist Failure" may be seen in the Application Event Log
  • Allowing the client to wait 24+ hours to update does not resolve issue


This can happen if the install package is corrupt or there is a communication issue between the client and Endpoint Protection Manager.


There are multiple possible solutions or work-arounds for this issue:


    1. Uninstall/reinstall just PTP feature

        1. Open the Control Panel
        2. Open Add or Remove Programs
        3. Highlight Symantec Endpoint Protection and click Change

        4. Click Next
        5. Be sure Modify is selected and click Next
        6. Click the drop-down menu next to Proactive Threat Protection and choose This feature will not be available

        7. The screen should now look similar to this:

        8. Click Next
        9. Click Install

    2. Uninstall/reinstall Symantec Endpoint Protection client

        1. Open the Control Panel
        2. Open Add or Remove Programs
        3. Highlight Symantec Endpoint Protection and click Remove

        4. If prompted with a message asking if you want to remove Symantec Endpoint Protection from your computer click Yes
        5. Reboot the computer once the uninstall is complete
        6. Install the client either locally with an install package exported from the Symantec Endpoint Protection Manager or roll it out remotely from the Manager itself

    3. Manually run the LUALL command on client

        1. Click Start, then Run
        2. Type LUALL
        3. Click OK

    4. Enable clients to run LiveUpdate on their own via LiveUpdate policy in Symantec Endpoint Protection Manager

        1. Open the Symantec Endpoint Protection Manager
        2. Click on the Clients tab
        3. Highlight the desired client group
        4. Click on the Policies tab on the right-hand side
        5. Under Location-specific Policies, across from the LiveUpdate policy, click on Tasks and then click on Edit Policy

        6. On the top-left click on Server Settings
        7. Check Use a LiveUpdate server

        8. If desired you can also set a schedule for these clients to run LiveUpdate. To do this do the following:
            1. Click on Schedule on the top-left
            2. Check Enable LiveUpdate Scheduling
            3. Then designate the desired schedule

        9. Click OK

Legacy ID


Article URL

Terms of use for this information are found in Legal Notices