Video Screencast Help

Cannot update SEPM antivirus signatures

Created: 18 Mar 2013 | 17 comments
Latest from Symantec: 03/17/2013 r24
Latest on Manager: 11/06/2012 r4

w3wp.exe also keep crashing, we are using IIS 6.0

 

I have tried many times to lucatalog -cleanup, lucatalog -forcedupdate and lucatalog -update.

 

 

Operating Systems:

Comments 17 CommentsJump to latest comment

.Brian's picture

What version of SEPM is this for?

Did you try to reinstall and re-register LiveUpdate?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

AjinBabu's picture

Hi,

Which version you are using on?

on Which OS version SEPM is running?

Mean time you can Update SEPM via .jdb

http://www.symantec.com/business/support/index?pag...

Regards

Ajin

Chetan Savade's picture

Hi,

Try to run liveupdate manually.

You must get some error, please provide the log.liveupdate.

Log.liveupdate could be found in -
Windows 2003: C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate
Windows 2008: C:\ProgramData\Symantec\LiveUpdate

Also check this article

Best practice for configuring LiveUpdate when installing a Symantec Endpoint Protection Manager and Symantec Endpoint Protection client on the same machine.'

http://www.symantec.com/docs/TECH102337

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Ambesh_444's picture

hi,

Please check space is available on sepm server or not and please keep UAC disabled and check.

Even check with these articles...

http://www.symantec.com/business/support/index?pag...

http://www.symantec.com/docs/TECH105924

 

 

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

Mithun Sanghavi's picture

Hello,

What version of SEPM 12.1 are you running?

Did you try Restarting the Server and also Running a Repair of the SEPM?

Were there any Proxy changes that were made on the server machine?

Could you Login to SEPM and check -

1) Proxy settings 

Go to Admin > Servers > Right Click on the Server name > Edit Server Properties > Proxy TAB

2) SEPM Liveupdate Settings

Go to Admin > Servers> Right Click on Local Site > Edit Site Properties > Liveupdate.

Also, check these Articles provided below:

Symantec Endpoint Protection Manager (SEPM) does not update virus definitions. Liveupdate not working on the Symantec Endpoint Protection Manager 12.1

http://www.symantec.com/docs/TECH183178

Symantec Endpoint Protection Manager (SEPM) 12.1 is not updating 32 or 64 bit virus definitions.

http://www.symantec.com/docs/TECH166923

How to update definitions for Symantec Endpoint Protection Manager (SEPM) using a .jdb file

http://www.symantec.com/docs/TECH102607

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SameerU's picture

Hi

What is the version of SEPM ?

Regards

 

supercharged-admin's picture

I can see it has downloaded to the inetpub\content directory and the SymCData.

And also followed

Symantec Endpoint Protection Manager (SEPM) 12.1 is not updating 32 or 64 bit virus definitions.

http://www.symantec.com/docs/TECH166923

LUALL runs fine.

But it looks like the really the problem is w3wp.exe under IIS is crashing. My guess is IIS needs to be normal to update SEPM status. But I have really no idea how to fix IIS w3wp.exe crashing problem (it's generating mdmp and hdmp files every few minutes). I try reboot, restart service etc.

 

Thanks in advanced.

Mithun Sanghavi's picture

Hello,

You are runnning the SEPM 12.1.671

Secondly, SEP 12.1 does not use IIS. It uses Apache.

In your case, I would suggest you to migrate the SEPM 12.1.671 to the Latest version of SEPM 12.1.2015.2015

Check these Articles:

Latest Symantec Endpoint Protection Releases - SEP 12.1 RU2 and SEP 11.0 RU7 MP3

Best practices for upgrading to Symantec Endpoint Protection 12.1.2

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

supercharged-admin's picture

 

I followed the techdoc

http://www.symantec.com/business/support/index?pag...

 

Sesmu.log showed the ClientMoniker url of 127.0.0.1:9090 but responose code not 0. But I dont know how to move on and clear it out.

03/19 10:54:46 [0df0:1ec4] INFO(Low)  spcVirDef32 AbstractLuContentHandler Found info for: Product: SEPM Virus Definitions Win32 v12.1 SeqData: 130318018 SeqName: CurDefs
03/19 10:54:46 [0df0:1ec4] INFO(Low)  spcVirDef32 AbstractLuContentHandler SeqTag: CurDefs
03/19 10:54:46 [0df0:1ec4] INFO(Med)  spcVirDef32 SesmLu SEQ.Num:
03/19 10:54:46 [0df0:1ec4] INFO(Med)  spcVirDef32 SesmLu 130318018
03/19 10:54:46 [0df0:1ec4] INFO(Med)  spcVirDef32 SesmLu Notifying server about new LiveUpdate content
03/19 10:54:46 [0df0:1ec4] INFO(Low)  spcVirDef32 ProductUtil ConfProp: scm.http.port=9090
03/19 10:54:46 [0df0:1ec4] INFO(Med)  spcVirDef32 SesmLu http://127.0.0.1:9090/servlet/ConsoleServlet?ActionType=ConfigServer&ClientMoniker={535CB6A4-441F-4e8a-A897-804CD859100E}&FilePath=C:\Program%20Files\Common%20Files\Symantec%20Shared\SymcData\spcVirDef32\20130318.018&Hash=E65A15A2E97FB0ABDB6D79FCFBBF2412&Language=SymAllLanguages&Product=SEPM%20Virus%20Definitions%20Win32%20v12.1&SequenceNum=130318018&SequenceTag=CurDefs&ServerMoniker={D2EE983B-0AB4-F6D4-00BE-1539CD0C259E}&SrcSequenceNum=121106004&Version=MicroDefsB.CurDefs&action=UploadLuContent

03/19 10:54:46 [0df0:1ec4] INFO(Low)  spcVirDef32 SesmLu <?xml version="1.0" encoding="UTF-8"?>
<Response ResponseCode="369360896"/>
0

Mithun Sanghavi's picture

Hello,

The Article you are following above is for SEP 11.x and not for SEP 12.1

I would request you to migrate to the Latest version of SEP 12.1 RU2 as suggested above.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Mike.S's picture

Just fixed similar problem in SEP 11.7 using SQL. (Server 2008r2,SQL 2008)

Had same symptoms - .JDB processed, new defs loaded in c:\programdata\symantec\definitions\symcdata\sesmvirdefXX.

Content would start to appear in \Program Files (x86)\symantec\symantec endpoint protection manager\inetpub\content\{moniker} but would then disappear.

Opened \program files (x86)\symantec\symantec endpoint protection manager\tomcat\logs\SesmLu.log to see what looks like sucessful processing of new definitions files (each file in .jdb listed individually)  with SesmLu last lines showing

[18bc:1af4] May 02 13, 10:42:56 AM INFO(Med)  ProductUtil: Response code: 0x0

[18bc:1af4] May 02 13, 10:42:56 AM INFO(Med)  SesmLu: Successfully notified the server of new content

[18bc:1af4] May 02 13, 10:42:56 AM INFO(Med)  SesmLu: Notified server about new LiveUpdate contentFound error errors in \program files (x86)\symantec\symantec endpoint protection manager\tomcat\logs\scm-server-0.log pointing to database. (SQL DB had capped growth) - 2013-05-01 11:20:17.993 SEVERE: Unknown ExceptionException adding file to server CE9D1A38A55F9BC6DA09A34E479A6058
com.sygate.scm.server.metadata.MetadataException: Could not allocate space for object 'dbo.BINARY_FILE' in database 'sem5' because the 'FG_CONTENT' filegroup is full. Create disk space by deleting unneeded files, dropping objects in the filegroup, adding additional files to the filegroup, or setting autogrowth on for existing files in the filegroup.

I had to open SQL studio, select properties of SEM5 DB, select files in properties, and set autogrowth of SEM5_CONTENT (FG_CONTENT) to unrestricted.

If your HD is not full, check to see DB size is not capped.

 

Hope this helps.

SameerU's picture

Hi

Can you please upgrade to latest version i.e. SEP 12.1 RU2 MP1

Regards

 

pete_4u2002's picture

increase the table space of the 'FG_CONTENT' using sql management studio

Mike.S's picture

Hi Sameer and Pete,

I can't upgrade to 12...

And as stated in post, I did have to manually change size limit of FG_CONTENT from initial 20GB to unrestricted growth.

SameerU's picture

Hi

What is the status of now

Regards