Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrades.
Please accept our apologies in advance for any inconvenience this might cause.

12.1 Clients Not Getting Definition Updates

Created: 01 Aug 2011 | 21 comments

I have a test 12.1 Symantec Endpoint Protection system with a few clients.  None of the Windows clients have updated their definitions in more than a week.  The clients, though, show they are connecting to the management server.

LiveUpdate policy says to get the definition updates from the default management server.

Clients are running SEP 12.1.671.4971 on Windows 7 SP1 Enterprise 64-bit.  The SEP Manager shows they are all online, with "Last Time Status Changed" showing within the last hour or so.  However, the virus definitions are all reported as 07/22/2011 r23.  The SEP Manager reports it has 08/01/2011 r5 (matching the latest from Symantec).

Any ideas?


Comments 21 CommentsJump to latest comment

_Brian's picture

I would enable sylink logging on 1 or 2 of the clients and run sylink monitor and post the logs here for review.

Mick2009's picture

Hi Jnichols,


Is the SEPM also version SEP 12.1.671.4971? 


(A SEP 12.1 SEPM can supply definitions to SEP 11 clients if necessary, but a SEP 11 SEPM cannot supply SEP 12.1 defs.)


Thanks and best regards,



With thanks and best regards,


Paul Murgatroyd's picture

How long have the clients been built for?

Is it possible they are running on a trial license?

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed:

Rick Bywalski's picture

Can a ver 11 GUP update a 12.1 client.   My upgrade and test plan would not have my GUP's updated right away but I can always change that as long as I know.  


Paul Murgatroyd's picture


Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed:

Mithun Sanghavi's picture


Please Try The Steps Below:

1) Disable the UAC (User Account Control) from the Windows 7 SP1 machines and

2) Restart them and check if that Resolves your Issue?

Let us know if that works!!!

Mithun Sanghavi
Senior Consultant

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Rick Bywalski's picture

I am hoping that UAC is not an issue.   I know in my case that would be a deal breaker and push me to another vendor.   I am running UAC turned on with version 11 and not having any issues.

_Brian's picture

We have UAC turned on and have never had any issues in relation to SEP

jnichols's picture

SEPM is running 12.1.671.4971 as well.

We were running the "beta" with a trial license, which did expire.  When the 12.1.671.4971 version came out, I upgraded the SEPM server, licensed it, and sent the install packages to the clients (which worked fine).

Disabling UAC on my workstation did not help.

If I need to post a sylink log, how do I make one?


Paul Murgatroyd's picture

Is it just AV content that isn't updating, or all of it?

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed:

jnichols's picture

I believe all of it.  My workstation's SEP client shows:

Virus and Spyware Protection = Friday, July 22, 2011 r23

Proactive Threat Protection = Friday, July 01, 2011 r22

Network Threat Protection = Friday, July 22, 2011 r30

Paul Murgatroyd's picture

ok, that looks pretty old.

What happens if you run LiveUpdate locally on the client?

If these are clients you have upgraded I'm wondering if they are still pointing to the beta content servers

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed:

jnichols's picture

Clicking on the "LiveUpdate..." link in the SEP client does nothing.

Our LU policy only has "Use the default management server" checked under Windows Settings / Server Settings.

If I modify the LU policy to include "Use a LiveUpdate server", then click OK to save the changes, I see in the "Recent changes" window "Edited shared LiveUpdate Settings policy" with today's date and the current time.  However, when I go look at the "Details" tab for the client folder using that LU policy, the policy date listed still says "July 13, 2011 1:23:57 PM PDT".  Shouldn't a change to the LU policy result in a new policy date for the client folder?

In any event, the client still doesn't do anything when clicking on "LiveUpdate..." after changing the LU policy to include the use of a LU server.

zubeb's picture

Having the exact same issue.  I just upgraded to 12.1.  Any news on this?

UAKoops's picture

SEPM 12.1 on Server2008R2. Clients mostly XP-SP3. Ran SEP12.0 for a couple of months with no issues.

Since upgrading to 12.1 about half of my clients are falling behind on updates. It seems to happen at random with no pattern. I can run a local LU on the client and it will catch up, and usually (but not always) it will then resume getting updates from the server.

fordom's picture

That's ok on all my Windows 7 clients but...

None of the Windows XP clients have updated their definitions in more than 2 weeks.

Clicking on the "LiveUpdate..." link in the SEP client I can download and install updates.

Tay Jeng Chen's picture

I having the same problem...

Recently i upgraded SEPM from version 11 to 12.1 and 2 workstations (Win 7 & XP Pro SP2) from SEP 11 to 12.1 also and realised the AV definitions did not update in this particular workstations but on other workstations where SEP client running on version 11 did not facing such issue.



Tay Jeng Chen's picture

Please check on SEPM Console to see Windows Definitions -> Latest on Manager: same as Latest from Symantec.

if not please perform the following steps:-


This can be corrected by registering the SEPM with LiveUpdate.

To register SEPM with LiveUpdate:

  1. Click Start, then Run.
  2. Type cmd , click OK.
  3. At the command prompt type CD and the path to lucatalog.exe. By default the command would be:
    cd C:\Program Files\Symantec\Symantec Endpoint Protection Manager\bin
  4. Type lucatalog -cleanup
  5. Type lucatalog -update
  6. Run Live Update

Please give a try.





cyberdart's picture


i get same problem. i found this thread but not see the solution.
anybody has solved successfully?

WHairstonLOI's picture

Same issue here as well - has anyone come up with a fix?

I had an SEP 11 RU7 install on a Windows SBS 2008 LAN - worked fine - all clients got updates daily.

Upgraded SEPM to 12.1, then exported and linked new 12.1 client installers to the groups.

Workstations successfully upgraded to 12.1, but since initial upgrade, most have not updated any of the definitions. Only one machine (the last remaining Windows XP x86 workstation) continues to update - and it has not been rebooted since the update.

All workstations that do not update are either Vista x86 or Windows 7 x64.

I have tried turning off UAC and manually reinstalling the client on a couple of workstations, but no updates ever get installed. I see a message in the System Log each day stating that http://SERVER1:2967/...../ could not be downloaded.

Any help would be much appreciated!