Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Troubleshooting LiveUpdate Issues with Symantec Endpoint protection

Created: 13 May 2009 • Updated: 05 Jul 2011 | 65 comments
Language Translations

User Translations

Machine Translations

Aniket Amdekar's picture
+44 44 Votes
Login to vote

Question/Issue: Troubleshooting liveupdate issues

Symptoms: Virus Definitions not updating

Solution:
This document will help you to understand in which direction you need to troubleshoot.

imagebrowser image

You can refer to the flowchart below to isolate the issue you are facing. There are explanatory points at the bottom of the document to elaborate a bit more on that subject.

Troubleshoot Communication issue:

1. Make sure that you are able to browse to the websites below:

a. Liveupdate.symantecliveupdate.com
b. Liveupdate.symantec.com
c. Symantec.com
2. Make sure that the perimeter firewall has exceptions for the websites above
3. Run a packet capture and contact support for analysis

Check Connectivity between SEP & SEPM:

1. Do a Secars test to Test Connectivity between SEP and SEPM
Testing Communication from an Endpoint Protection client to the Endpoint Protection Manager
[ http://service1.symantec.com/support/ent-security.... ]
2. Get the sylinkmonitor logs to check the communication for any errors
SylinkWatcher and SylinkMonitor - tools for real-time debugging of SPA 5.x and SEP 11.x
http://service1.symantec.com/support/ent-security....

Remove corrupt definitions
1. How to clear out corrupted definitions for a Symantec Endpoint Protection Client [ http://service1.symantec.com/support/ent-security.... ]

Check if SEPM has Latest Definitions:

1. Open SEPM->Admin->Servers->Local Site
2. Show Liveupdate Downloads
3. Make sure that the date for 32 bit and 64 Definitions for ‘Virus & Spyware Definitions’ is up-to-date.

Comments 65 CommentsJump to latest comment

shaun_b's picture

That flowchart is awesome. well  done.

+5
Login to vote
FrozenThoughts's picture

This Flow Chart has a logical structure to troubleshoot the Issue.... nice one.. like it very much....

+4
Login to vote
hjlubansky's picture

I started updating a small company with 4 unmanaged PCs running SAV 10.1.5.5000.  The first PC I tried uninstalled SAV client successfully, then restarted to install SEP client 11.0.4, no errors, ran update but only updated Proactive to current date, not AV-AS or Network modules.  The Liveupdate thinks that all modules are up-to-date.  I don't know if I should reinstall the client or what?  I will see if this happens on all 4 PCs and report back. 

+3
Login to vote
gpolson's picture
I checked on Symantec about the problem of end point protection creating .tmp files every time a trojan or threat is detected in XP. The attached link has the solution, which talks about Large amounts of temp files are being created in the xfer_tmp or /xfer folder and are being detected as threats.
 
The solution is listed in the below link:
 
 
 
However, I worked with my compnay admin and the instruction don't allow access to the files to be deleted. so, far it has created 77,000 plus files of 49 Megbytes!!!!
 
Any solutions?
 
George
+1
Login to vote
SKlassen's picture

hjlubansky:  Did you reboot again after installing SEP?  Not all components can be updated until after a post-install reboot.

+3
Login to vote
Mohammad Ashkaibi's picture

A very helpful flowchart. Many thanks.
But what about replacing "sylink.xml" when corrupted? I think this can fit somewhere in the chart.

+2
Login to vote
JimmyR's picture

I have remote sites so am trying to update the clients using GUP's locally, when I have the clients connecting to the SEPM they update virus DEFS ok, as soon as I turn on GUP's at site they do not get the latest definitions.

I have tried entering the GUP's using FQDN's and IP addresses with no results.

The remote GUP's are also my WSUS servers are there any known conflicts? The firewalls are all switched off and the wsus servers use a different port number to communicate.

Is there an error log I can check on the clients that will give me more detailed information other than the basic logs in SEP, view logs, client management, system log on the clients?

Please help
KR
Jamie

+1
Login to vote
Aniket Amdekar's picture

A few things to consider about GUPs:

1. The GUP computer should be in the same group as the machines it is supposed to Update
2. You make sure that the policy is configured correctly and the computers have received it.
3. At a client side, you can confirm that the new GUP configuration is published or not, by confirming the presense of the following registry keys:

UseMasterClient is set to 1
MasterClientPort: GUP port
MasterClientHost: IP address of GUP machine

Location:   HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\LiveUpdate
4. Make sure that the machine acting as a  GUP has latest definitions & has a folder by the name: SharedDefs in C:\program files\symantec\symantec endpoint protection\ folder.

Also, please refer to the document below for mor information on GUP:

Best practices for Group Update Provider (GUP)
http://service1.symantec.com/support/ent-security....

Symantec Endpoint Protection 11.0 Group Update Provider (GUP)
http://service1.symantec.com/support/ent-security....

How to configure GUP bandwidth throttling in Symantec Endpoint Protection 11.0 MR4?
http://service1.symantec.com/support/ent-security....

Hope this helps,

Cheers,
Aniket

+6
Login to vote
Mufazzalr's picture

Hi!
Our network uses SEP 11. Clients are configured to get update from server through GUP agents. All the systems also get the latest updates, but a majority of the systems don't reflect as updated on the server.

Please assist with some solution.

Regards
Mufazzal

+1
Login to vote
AravindKM's picture

Pls create a thread in the form section so that it will attraction of more people.

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

0
Login to vote
Paul Mapacpac's picture

Nice article, will definitely bookmark this. But sir, can you also post Error Codes list and explanation?

+2
Login to vote
Nirav Mistry's picture

Brilliant work Aniket, keep it up.

Nirav Mistry

0
Login to vote
Mufazzalr's picture

Hi!
Our network uses SEP 11. Clients are configured to get update from server through GUP agents. All the systems also get the latest updates, but a majority of the systems don't reflect as updated on the server. Please assist with some solution.

Regards
Mufazzal

+1
Login to vote
SAM_SHAIKH's picture

Really Appreciated :-).

Thanks and keep posting such excellent documents.

Rgrds,
SAM

+1
Login to vote
Nourbakhsh's picture

Very Nice Improvements, but i hope the Removing Clients Remotely from SEPM will add.

+1
Login to vote
focus's picture

We have recently installed microsoft7.
We are running Norton Ghost 14.0
We get an error message which says:

End point protection is not compatible with this version of windows.

Any assistance would be greatly appreciated :)

+1
Login to vote
Vikram Kumar-SAV to SEP's picture

You just need to give permission on C:\WINDOWS\WinSxS folder for administrator..
And you need to enable the Buil-in  administrator and login using that..I have successfully installed SEP on few Win7.It works fine..
Do not install PTP and NTP yet as it is officially not supported by Symantec..So you wont get support on it..

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

+1
Login to vote
Mufazzalr's picture

Hi!
Our network uses SEP 11. Clients are configured to get update from server through GUP agents. All the systems also get the latest updates, but a majority of the systems don't reflect as updated on the server. Please assist with some solution.

Regards
Mufazzal

+1
Login to vote
loganjf's picture

The only issues that I have come across with SEPM and WSUS is that when you install the SEPM and WSUS on the same server, make sure that you install into a seperate site. Issue with installing it to the same site is that depending on what product you install first, will be the one that will be broken.

We already had WSUS v3 installed on some of our servers. Installed SEPM and then wondered why we had WSUS errors. We found out that the content section for WSUS in IIS was actually directed to the path for SEP content updates.

So if you install SEPM, install to own website not default.

Other things you may also have to think about outside this is:

On a Windows 2008 server and using the Network Policy Server and you have SEPM installed, the NPS may not work correctly and you may also have issues with WSUS updates/BITTS. This is because we found SEPM hogging the port these use. Once we stopped and disabled the SEPM service WSUS and BITTS were ok after a reboot. This may have been caused because of installing to the default port of 8014 but not sure. Does anyone else have the same issue and whether this has now been resolved as part of SEP11 MR4 MP2 ?

Regards,

Jon Logan
Network Design Engineer
Unisys Australia

+2
Login to vote
Raghuraam's picture

Really Appreaciated : )

Best Regards

RrV

0
Login to vote
vjfurio@cs.com's picture

Brand new computer-installed Endpoint

Tried to update in order to begin set up--Keeps freezing and does not complete the update.  Two "mistakes" reported--"Fix all" or Detail do not work either.

Error codes: 536805375

Downloaded Endpoint Support Tool (HTTP) but need to know how to run it--Where do I access it?

Victoria

+3
Login to vote
Paul Mapacpac's picture

Download the SEP Support Tool from here:

http://www.symantec.com/techsupp/home_homeoffice/p...

Run it, select appropriate scenario then run.

+3
Login to vote
Ajit Jha's picture

Good Article

Regard's

Ajit Jha

Technical Consultant

ASC & STS

+2
Login to vote
mvg's picture

this information its pretty cool!

very good article

+2
Login to vote
CryptBala's picture

The FlowChart is good give more tips on Error Codes that will be really good..

Balasubramaniyam 
+4
Login to vote
DDMSN09's picture

Have a site - 1000 users. Have to manually update within Console Manager to get the updates, does not happen on it's own. WSUS and SEPM on same server, different sites. Have run tool and found a few IIS issues, but nothing serious. Have updated SEPM to 11.0.4202.75. Clients updating over the next week. Clients now reflecting correct information in Console with the upgrade to Management Console. But still LU does not automatically update and clients do not update until you manually run LU on console. Clients are pulling from MC. Don't have a warm fuzzy on WSUS and SEPM on same system, but it looks to be set up correctly. Clients do get the updates and ran all the tests. They connect. Just doesn't seem to happen unless you manually update and also use Windows Scheduler. Any thoughts?

+1
Login to vote
Aniket Amdekar's picture

"and also use Windows Scheduler" ...did you mean that you created a scheduled task to launch liveupdate?

In case this issue is related to permissions. Because, when you run liveupdate manually, it uses the account with which you have logged on. However, when liveupdate runs automatically, it uses the System account. If system account does no have enough rights, then you can face a similar issue.

Cheers,
Aniket

+1
Login to vote
n.murday@mc-vision.net's picture

hi There
am having a problem to update my virus def version on my SEP v11 server

i have download a .jdb extension file from symantec version and uploaded it as it is explained

but none of my client are able to take update from the server

please let me know if u have had this problem and what has been the solution

best regards
nethy

+1
Login to vote
Aniket Amdekar's picture

Hi,

Thanks for writing.

The JDB file will only update the antivirus and antispyware part of the SEPM. The definitions for the other components need to be downloaded from SEPM only.

Did you follow the flowchart above? Where do you think is the problem?

CHeers,
Aniket

+1
Login to vote
Simpson Homer's picture

I hope this would help in the troubleshooting...

+1
Login to vote
Manoranjan's picture

The FlowChart is nice. It gives more tips on Error. 
And whole article is very good.

+1
Login to vote
Jib22's picture

I have two xp and one vista computers...I installed unmanaged endpoint 11 mr4 the Antivirus and Antispyware Protection, Proactive Threat Protection and Network Threat Protection...All three showing  green but th Network Threat Protection show greeen  but the Definitions displayin waiting for updates...
I reinstalled the software more than one, disable windows firewall...Still waitin for updates and this is all three and I'm running unmanaged......Thanks for your assistance

+1
Login to vote
John_Prince's picture

Are you sure it is Network Threat Protection showing "Waiting for updates..." and not Proactive Threat Protection?

Is it a 64 bit operating system?

Remote Product Specialist, Business Critical Services, Symantec

+1
Login to vote
iniyasha's picture

i don't use symantec endpoint  protection

0
Login to vote
Optimus Prime's picture

Flowchart above is my guideline right now since we are having a problem in SEPM since the last virus def it got was August 8, at thesame time Clients are giving us an offline status in SEP client.

;-)

0
Login to vote
simontam's picture

It does give system admin good way to trace problem. Thanks a lot!

+1
Login to vote
FCS Financial's picture

I have gone through the trouble shooting chart, which was great by the way, communiction test OK. Do I have to do the 'remove corrupt definitions' process of all 95 of my clients?

+1
Login to vote
Aniket Amdekar's picture

Do it on One client. If after removing the corrupt definitions, that client gets the virus definitions, then we have the solution.
The next thing to fogure out would be a best strategy to do it all the clients.

let me know if this step works for you.

Cheers,
Aniket

+1
Login to vote
fnordgren's picture

It would be nice to know what options we have to fix corrupt definitions on many machines. About 30% of our client  base seems to be problematic as well, and we have little interest in doing it manually.

What options do we have to fix SEP issues remotely?

+1
Login to vote
Gdude's picture

...Now if we could get ACERT to publish a (SIPR) LiveUpdate troublshooting guide that would be fantastic.

+1
Login to vote
Aniket Amdekar's picture

Hello Guys,

Thank you all for your responses. The flowchart above, has been published as a Knowledgebase article. It can be accessed using the link below:

http://service1.symantec.com/SUPPORT/ent-security....

Best,
Aniket

+4
Login to vote
Soylent's picture

I wanted to add that I had a long issue where LiveUpdate was failing on my SEPM server. Turns out that my Windows 2003 server's Internet Explorer proxy settings were incorrect.

But it wasn't easy as that. It never is, is it?

The proxy settings were incorrect ONLY when Internet Explorer was being run as the SYSTEM account, so the only way I could fix this was to run IE as SYSTEM and change the proxy settings.

Just FYI :)

0
Login to vote
mhbzr's picture

Great work.this will help me in many issues.

0
Login to vote
rudi.bss's picture

I plan use distribution centers for client updates which reside on our WAN network that will receive update data from LUA. When I distribute for the first time and check the activity monitor, there's about 400 MB data must be transfered to distribution centers. How to manage this issue, because the data size is too large for our WAN network. I only chose SESC Virus definition Win32B, Symantec Security Content A1 and B1, Symantec Known Appl, ans SESC IPS Signature Win32.

+1
Login to vote
Anshuman's picture

Inspite of having all the settings proper we are still not able to get latest definition updates. No errors are received. The server doesn't return any error. It simply says there are no updates.

Following is the  log-

October 2, 2009 9:04:24 AM GMT+05:30:  LiveUpdate retry succeeded.  [Site: CT1]  [Server: antivirus]
October 2, 2009 9:04:24 AM GMT+05:30:  LUALL.EXE finished running.  [Site: CT1]  [Server: antivirus]
October 2, 2009 9:04:24 AM GMT+05:30:  LUALL.EXE finished.  There were no new content updates. Return code = 1.  [Site: CT1]  [Server: antivirus]
October 2, 2009 9:04:07 AM GMT+05:30:  Symantec Endpoint Protection Win64 11.0.4202.75 (English) is up-to-date.    [Site: CT1]  [Server: antivirus]
October 2, 2009 9:04:04 AM GMT+05:30:  Symantec Endpoint Protection Win32 11.0.4202.75 (English) is up-to-date.    [Site: CT1]  [Server: antivirus]
October 2, 2009 9:04:00 AM GMT+05:30:  TruScan proactive threat scan engine Win32 11.0 is up-to-date.    [Site: CT1]  [Server: antivirus]
October 2, 2009 9:04:00 AM GMT+05:30:  TruScan proactive threat scan commercial application list Win32 11.0 is up-to-date.    [Site: CT1]  [Server: antivirus]
October 2, 2009 9:03:59 AM GMT+05:30:  TruScan proactive threat scan whitelist Win64 11.0 is up-to-date.    [Site: CT1]  [Server: antivirus]
October 2, 2009 9:03:59 AM GMT+05:30:  Intrusion Prevention signatures Win64 11.0 is up-to-date.    [Site: CT1]  [Server: antivirus]
October 2, 2009 9:03:58 AM GMT+05:30:  TruScan proactive threat scan engine Win64 11.0 is up-to-date.    [Site: CT1]  [Server: antivirus]

I have allowed  a specific client to fetch updates directly from Symantec liveupdate server. In that case the client is able to get the latest updates. But SEPM server doesn't.

Please suggest on this.

+1
Login to vote
lernebo's picture

Hi-

This is a great article, however, it is geared to the Technician, or the Adminstrator. We have an infrastructure of over 8500 clients, mostly mobile. We ran SAV for 4 years with almost no issues with Live Update getting definitions on the clients.

We currently have a limited pilot program of SEP11 MR4MP2 of which  27 are on mobile devices and have experienced Live Update almost a dozen times. This is not a SEP issue, but an issue with the Shared Technology client Live Update, and how SEP utilizes LU.

A significant change was made in SEP from going from weekly (or daily for some customers) Live Updates, to multiple daily Live Updates. After a specific number of missed updates, the Live Update client in SEP changes from the mini def update to get the full definition download from Live Update. This is what is happening and is what is appearing as "corrupted definitions". The definitions are not corrupted, the catalog file is only checking for 4 updates instead of 14 or more, and reports that the definitions are current. This is an issue with the Live Update component.

We have seen this as a repeatable process and can repeat this on-demand. If a client is not connected to the Network for a period of time (shut off, etc,) and then brought up in a state that happens to use one of out NLA settings, and is known to be outside of our corporate LAN, the Live Update will fail.  We can bring the device in to the corporate LAN and all of the sudden the SEP client updates with no problem, even though we have 2 SEPM's in the DMZ specifically to give updates to our mobile clients.

This will not work for the average user. This is a defect that needs to ba addressed by Symantec. The consumer versions Norton 360 and NIS do not have this problem with Live Update.

We will not be rolling out SEP to any mobile devices until this issue is address and FIXED, and not with a work around. We will only roll this out to well connected clients.

+1
Login to vote
Jamesnithyan's picture

Hi Aniket,

     Really it's wonderful flow chart.

                     i want to ask you your opinion for SEP unistallation and Reinstallation for updation Issue. How could be it's useful.

Most of the people doing Reinstallation SEP if not get update.

+1
Login to vote
Aniket Amdekar's picture

Hi,

Re-installation should only be an alternative of you have ruled out all other cause mentioned in the flowchart. Re-installation should be considered a last resport, instead of a useful troubleshooting step.

Best,
Aniket

+1
Login to vote
jeff smith 1945's picture

Event

Date 10/19/2009          source: service control Manager

Time: 11:42:23 AM        Category: None

Type: Error                      Event ID: 7000

User: N/A           

Computer: WEP9853

Description:
______________________________________________________________________________
The Extend WG Protocol Driver Service failed to start due to the following error:
The system cannot find the File Specified.

For more information, See help and Support at http://go.microsoft.com/fwlink/events.asp 
______________________________________________________________________________
I went to this web site and all I found was a bunch of really upset and frustrated people who would like an answer to the reason for this error.

Please help as this site could not

Thanks

Jeff
I too would like to get the answer as It;s happening with a lot of my computers in the network

+1
Login to vote
phuoc's picture

HI,
Cant update policy between SEP and SEPM
On the SEP-> Trouble Shooting->Trouble shooting data-export i receive the contents blow


Engines
-------
SymEvent:  12.4.0.24
Auto-Protect Kernel Driver:  10.2.2.5
Auto-Protect User Mode Interface:  10.2.2.6
LiveUpdate:  3.3.0.61
NAVAPI:  4.2.0.8
Common Client:  106.3.6.2
Decomposer:  3.15.3
Tamper Protection:  3.3.3.14
Eraser:  7143426.196620

Definitions
-----------
Definitions Pattern:  3210800 r48 (109172)
SyKnAppS:  1.5.0 (80929016)
SyKnAppS:  MicroDefsB.CurDefs (100331016)
COH:  6.1.0 (80820001)
IPS Serial Number:

Symantec Endpoint Protection
----------------------------
Debug log settings: 

Client Management
-----------------
Debug log settings:  Debug=Off

User
----
Name:  its103
Domain:  APS-VN
SID:  S-1-5-21-1730409823-12986777-3423478974-1143

Groups
------
PDMS Grp (APS-VN):  Mandatory, Enabled By Default, Enabled
LOCAL:  Mandatory, Enabled By Default, Enabled
Administrators (BUILTIN):  Mandatory, Enabled By Default, Enabled, Owner
Everyone:  Mandatory, Enabled By Default, Enabled
Users (BUILTIN):  Mandatory, Enabled By Default, Enabled
Domain Users (APS-VN):  Mandatory, Enabled By Default, Enabled
INTERACTIVE (NT AUTHORITY):  Mandatory, Enabled By Default, Enabled
Authenticated Users (NT AUTHORITY):  Mandatory, Enabled By Default, Enabled
CAE Grp (APS-VN):  Mandatory, Enabled By Default, Enabled

Privileges
----------
SeBackupPrivilege (Back up files and directories): 
SeRestorePrivilege (Restore files and directories): 
SeShutdownPrivilege (Shut down the system): 
SeDebugPrivilege (Debug programs): 
SeIncreaseQuotaPrivilege (Adjust memory quotas for a process): 
SeSystemEnvironmentPrivilege (Modify firmware environment values): 
SeChangeNotifyPrivilege (Bypass traverse checking):  Enabled By Default, Enabled
SeRemoteShutdownPrivilege (Force shutdown from a remote system): 
SeUndockPrivilege (Remove computer from docking station):  Enabled
SeSecurityPrivilege (Manage auditing and security log): 
SeTakeOwnershipPrivilege (Take ownership of files or other objects): 
SeLoadDriverPrivilege (Load and unload device drivers):  Enabled
SeManageVolumePrivilege (Perform volume maintenance tasks): 
SeSystemProfilePrivilege (Profile system performance): 
SeImpersonatePrivilege (Impersonate a client after authentication):  Enabled By Default, Enabled
SeSystemtimePrivilege (Change the system time): 
SeCreateGlobalPrivilege (Create global objects):  Enabled By Default, Enabled
SeProfileSingleProcessPrivilege (Profile single process): 
SeIncreaseBasePriorityPrivilege (Increase scheduling priority): 
SeCreatePagefilePrivilege (Create a pagefile): 

Operating System
----------------
Windows XP Professional
5.1.2600 Service Pack 2 (Build 2600)
 

Computer
--------
Number of processors:  2
Intel(R) Pentium(R) 4 CPU 2.80GHz

Memory
------
Physical (total/available):  1,022/275 MB
Virtual    (total/available):  2,047/1,955 MB

Drive Space -- Total (GB)/Free (GB)
-----------------------------------
C:  37.3/26.0
D:  37.3/8.9
General Information
-------------------
Server:  Offline
Group:  Global\APS USB Limited
Location:  Default
Location awareness:  Enabled
Security policy compliance:  Disabled
SNAC status:  Not Licensed
Policy serial number:  0297-12/07/2009 11:22:21 015

Please tell me how to fix this

(Network communication OK)

+1
Login to vote
phuoc's picture

HI,
Cant update policy between SEP and SEPM
On the SEP-> Trouble Shooting->Trouble shooting data-export i receive the contents blow


Engines
-------
SymEvent:  12.4.0.24
Auto-Protect Kernel Driver:  10.2.2.5
Auto-Protect User Mode Interface:  10.2.2.6
LiveUpdate:  3.3.0.61
NAVAPI:  4.2.0.8
Common Client:  106.3.6.2
Decomposer:  3.15.3
Tamper Protection:  3.3.3.14
Eraser:  7143426.196620

Definitions
-----------
Definitions Pattern:  3210800 r48 (109172)
SyKnAppS:  1.5.0 (80929016)
SyKnAppS:  MicroDefsB.CurDefs (100331016)
COH:  6.1.0 (80820001)
IPS Serial Number:

Symantec Endpoint Protection
----------------------------
Debug log settings: 

Client Management
-----------------
Debug log settings:  Debug=Off

User
----
Name:  its103
Domain:  APS-VN
SID:  S-1-5-21-1730409823-12986777-3423478974-1143

Groups
------
PDMS Grp (APS-VN):  Mandatory, Enabled By Default, Enabled
LOCAL:  Mandatory, Enabled By Default, Enabled
Administrators (BUILTIN):  Mandatory, Enabled By Default, Enabled, Owner
Everyone:  Mandatory, Enabled By Default, Enabled
Users (BUILTIN):  Mandatory, Enabled By Default, Enabled
Domain Users (APS-VN):  Mandatory, Enabled By Default, Enabled
INTERACTIVE (NT AUTHORITY):  Mandatory, Enabled By Default, Enabled
Authenticated Users (NT AUTHORITY):  Mandatory, Enabled By Default, Enabled
CAE Grp (APS-VN):  Mandatory, Enabled By Default, Enabled

Privileges
----------
SeBackupPrivilege (Back up files and directories): 
SeRestorePrivilege (Restore files and directories): 
SeShutdownPrivilege (Shut down the system): 
SeDebugPrivilege (Debug programs): 
SeIncreaseQuotaPrivilege (Adjust memory quotas for a process): 
SeSystemEnvironmentPrivilege (Modify firmware environment values): 
SeChangeNotifyPrivilege (Bypass traverse checking):  Enabled By Default, Enabled
SeRemoteShutdownPrivilege (Force shutdown from a remote system): 
SeUndockPrivilege (Remove computer from docking station):  Enabled
SeSecurityPrivilege (Manage auditing and security log): 
SeTakeOwnershipPrivilege (Take ownership of files or other objects): 
SeLoadDriverPrivilege (Load and unload device drivers):  Enabled
SeManageVolumePrivilege (Perform volume maintenance tasks): 
SeSystemProfilePrivilege (Profile system performance): 
SeImpersonatePrivilege (Impersonate a client after authentication):  Enabled By Default, Enabled
SeSystemtimePrivilege (Change the system time): 
SeCreateGlobalPrivilege (Create global objects):  Enabled By Default, Enabled
SeProfileSingleProcessPrivilege (Profile single process): 
SeIncreaseBasePriorityPrivilege (Increase scheduling priority): 
SeCreatePagefilePrivilege (Create a pagefile): 

Operating System
----------------
Windows XP Professional
5.1.2600 Service Pack 2 (Build 2600)
 

Computer
--------
Number of processors:  2
Intel(R) Pentium(R) 4 CPU 2.80GHz

Memory
------
Physical (total/available):  1,022/275 MB
Virtual    (total/available):  2,047/1,955 MB

Drive Space -- Total (GB)/Free (GB)
-----------------------------------
C:  37.3/26.0
D:  37.3/8.9
General Information
-------------------
Server:  Offline
Group:  Global\APS USB Limited
Location:  Default
Location awareness:  Enabled
Security policy compliance:  Disabled
SNAC status:  Not Licensed
Policy serial number:  0297-12/07/2009 11:22:21 015

Please tell me how to fix this

(Network communication OK)

+1
Login to vote
rajniolihan's picture

hi...

i have installed symantec in server. there i am getting Off status for Proactive threat protection.

Kindly give me solution ASAP.

Regards

Rajni Chaudhary

+1
Login to vote
Aniket Amdekar's picture

Hi,

Proactive Threat Protection component is not supported on Server operating systems.

It is recommended to install only AV AS part of the product on servers.

Regards,

Aniket

+1
Login to vote
Angelique28's picture

Aniket,

Two thumbs up for you! Pretty helpful indeed!!!

Angel

+1
Login to vote
sriramjayanthg's picture

Hi Aniket,

I have a problem with updating antivirus in SEP 11 managed.your flow chart is awsome but i did'nt understand the term remove corrupt definitions and update content (Live update issue->SEP Client->managed->a few clients updating definitions->remove corrupt definitions and update content) where can i find those corrupt definitions and what i have to update.

Thanks,

Sriramjayanth

0
Login to vote
prajith_prabhakar@mindtree.com's picture

Hi,

The issue am facing is ,Machine is online to SEPM server ,connectivity is fine.But when am running luall.exe it completes with the message that,all componentes are up to date please check regularly for updates.... even though the machine is running with old virus definitions

Please help t oresolve this issue.

Regards,

Prajith

0
Login to vote
srivatsan3103's picture

Flow chart is very nice . it is very useful for trouble shooting.

Regards

Srivatsan.S

0
Login to vote
Santhosh k's picture

This Flow Chart has a logical structure to troubleshoot the Issue.... nice one..

Thank you very much

0
Login to vote
gilbert08's picture

Such a nice logical approach in troubleshooting the issue. Good flow chart

0
Login to vote
gilbert08's picture

What I could suggest is before you proceed with any troubleshooting better to download the latest rapid release definition or .jdb files so even your troubleshooting took a lot of time your network will still be safe

+1
Login to vote
Chetan Savade's picture

Good Article.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote