Endpoint Protection

 View Only

  • 1.  Corporate AV and LiveUpdate

    Posted Apr 18, 2009 11:29 AM
    I'm having a couple of problems with Corporate AV and LiveUpdate that SEEM to be contradictory, so after scouring the KB I thought I'd ask here.

    We have AV Server (10.1.7.7001) running on an XP Pro machine and about 10 XP/Server 2003 clients running AV 10.1.7.7000. The Server is set to pull LiveUpdates from Symantec and the Clients pull updates from the Server.

    These problems also involve licensing but I thought it better to separate the threads so here's my question for this one:

    I just noticed that the definitions in the copy of AV running on the Server are stuck at 1/24/2009. I tried running LiveUpdate manually but I get the LU1814: LiveUpdate cannot retrieve the catalog file.... error. The QUESTION IS: all the CLIENT COMPUTERS (save for one, topic for another thread) are being updated fine from the Server. Their definition dates are current. So my guess is the Server IS pulling the update files but I get this error when I try LiveUpdate from the AV on the server itself.

    What could be going on? Is there a KB article on this?

    Any pointers would be appreciated.






  • 2.  RE: Corporate AV and LiveUpdate

    Broadcom Employee
    Posted Apr 20, 2009 02:40 AM

    hi,

    check using the xdb file on the sav server and see if it get resolved. there is KB on LU 1814, you may check the content

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2006042008465548

    Pete!



  • 3.  RE: Corporate AV and LiveUpdate

    Posted Apr 20, 2009 02:52 AM
    Try to implement a rapidlease on to Symantec AV Server


  • 4.  RE: Corporate AV and LiveUpdate

    Posted Apr 21, 2009 10:45 AM
    Thanks to you both but Ajitjha what's a "rapidlease"? I searched in the KB but couldn't find a reference to this term.


  • 5.  RE: Corporate AV and LiveUpdate

    Posted Apr 21, 2009 01:06 PM
     Here's info on what rapidrelease is

    to quote Symantec

     " Rapid release virus definitions have undergone basic quality assurance testing by Symantec Security Response. The primary focus of these definitions are the rapid detection of newly emerging threats and they may be augmented later with more robust detection capabilities. While Symantec Security Response makes every effort to ensure that all virus definitions function correctly, you should understand that rapid release-quality virus definitions do pose some risks such as the higher potential for false positives. Rapid release definitions are most useful for perimeter defenses or for all protection tiers as a means of mitigating fast spreading virus outbreaks. "

    http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=rr

    Hope this answers your question


  • 6.  RE: Corporate AV and LiveUpdate

    Posted Apr 21, 2009 01:13 PM
    The clients are getting the definitions from the Liveupdate if the server has old definitions.

    To confirm that, Unlock server group > Your server(Or server group, Wherever you configure it)>All tasks >Liveupdate

    Is the Symantec Liveupdate server configured?

    For the liveudpate schedule, Check in All Tasks> Virus Definitions Manager.

    For the server, LU1814 is a very common error. See if this solves it.

    http://service1.symantec.com/support/ent-security.nsf/docid/2006042008465548