Endpoint Protection

I have a test 12.1 Symantec Endpoint Protection system with a few clients.  None of the Windows clients have updated their definitions in more than a week.  The clients, though, show they are connecting to the management server.

LiveUpdate policy says to get the definition updates from the default management server.

Clients are running SEP 12.1.671.4971 on Windows 7 SP1 Enterprise 64-bit.  The SEP Manager shows they are all online, with "Last Time Status Changed" showing within the last hour or so.  However, the virus definitions are all reported as 07/22/2011 r23.  The SEP Manager reports it has 08/01/2011 r5 (matching the latest from Symantec).

Any ideas?

Thanks!

I would enable sylink logging on 1 or 2 of the clients and run sylink monitor and post the logs here for review.

Hi Jnichols,

Is the SEPM also version SEP 12.1.671.4971? 

(A SEP 12.1 SEPM can supply definitions to SEP 11 clients if necessary, but a SEP 11 SEPM cannot supply SEP 12.1 defs.)

Thanks and best regards,

Mick

How long have the clients been built for?

Is it possible they are running on a trial license?

Can a ver 11 GUP update a 12.1 client.   My upgrade and test plan would not have my GUP's updated right away but I can always change that as long as I know.  

yes

Hello,

Please Try The Steps Below:

1) Disable the UAC (User Account Control) from the Windows 7 SP1 machines and

2) Restart them and check if that Resolves your Issue?

Let us know if that works!!!

I am hoping that UAC is not an issue.   I know in my case that would be a deal breaker and push me to another vendor.   I am running UAC turned on with version 11 and not having any issues.

We have UAC turned on and have never had any issues in relation to SEP

SEPM is running 12.1.671.4971 as well.

We were running the "beta" with a trial license, which did expire.  When the 12.1.671.4971 version came out, I upgraded the SEPM server, licensed it, and sent the install packages to the clients (which worked fine).

Disabling UAC on my workstation did not help.

If I need to post a sylink log, how do I make one?

Thanks!

Is it just AV content that isn't updating, or all of it?

I believe all of it.  My workstation's SEP client shows:

Virus and Spyware Protection = Friday, July 22, 2011 r23

Proactive Threat Protection = Friday, July 01, 2011 r22

Network Threat Protection = Friday, July 22, 2011 r30

ok, that looks pretty old.

What happens if you run LiveUpdate locally on the client?

If these are clients you have upgraded I'm wondering if they are still pointing to the beta content servers

Clicking on the "LiveUpdate..." link in the SEP client does nothing.

Our LU policy only has "Use the default management server" checked under Windows Settings / Server Settings.

If I modify the LU policy to include "Use a LiveUpdate server", then click OK to save the changes, I see in the "Recent changes" window "Edited shared LiveUpdate Settings policy" with today's date and the current time.  However, when I go look at the "Details" tab for the client folder using that LU policy, the policy date listed still says "July 13, 2011 1:23:57 PM PDT".  Shouldn't a change to the LU policy result in a new policy date for the client folder?

In any event, the client still doesn't do anything when clicking on "LiveUpdate..." after changing the LU policy to include the use of a LU server.

Anything else to check?

Having the exact same issue.  I just upgraded to 12.1.  Any news on this?

SEPM 12.1 on Server2008R2. Clients mostly XP-SP3. Ran SEP12.0 for a couple of months with no issues.

Since upgrading to 12.1 about half of my clients are falling behind on updates. It seems to happen at random with no pattern. I can run a local LU on the client and it will catch up, and usually (but not always) it will then resume getting updates from the server.

That's ok on all my Windows 7 clients but...

None of the Windows XP clients have updated their definitions in more than 2 weeks.

Clicking on the "LiveUpdate..." link in the SEP client I can download and install updates.

I having the same problem...

Recently i upgraded SEPM from version 11 to 12.1 and 2 workstations (Win 7 & XP Pro SP2) from SEP 11 to 12.1 also and realised the AV definitions did not update in this particular workstations but on other workstations where SEP client running on version 11 did not facing such issue.

Please check on SEPM Console to see Windows Definitions -> Latest on Manager: same as Latest from Symantec.

if not please perform the following steps:-

1.Solution

This can be corrected by registering the SEPM with LiveUpdate.

To register SEPM with LiveUpdate:

1. Click Start, then Run.
2. Type cmd , click OK.
3. At the command prompt type CD and the path to lucatalog.exe. By default the command would be:
   cd C:\Program Files\Symantec\Symantec Endpoint Protection Manager\bin
4. Type lucatalog -cleanup
5. Type lucatalog -update
6. Run Live Update

Please give a try.

hi,

i get same problem. i found this thread but not see the solution.
anybody has solved successfully?

Same issue here as well - has anyone come up with a fix?

I had an SEP 11 RU7 install on a Windows SBS 2008 LAN - worked fine - all clients got updates daily.

Upgraded SEPM to 12.1, then exported and linked new 12.1 client installers to the groups.

Workstations successfully upgraded to 12.1, but since initial upgrade, most have not updated any of the definitions. Only one machine (the last remaining Windows XP x86 workstation) continues to update - and it has not been rebooted since the update.

All workstations that do not update are either Vista x86 or Windows 7 x64.

I have tried turning off UAC and manually reinstalling the client on a couple of workstations, but no updates ever get installed. I see a message in the System Log each day stating that http://SERVER1:2967/...../full.zip could not be downloaded.

Any help would be much appreciated!