Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Endpoint Protection 11.0.7: Virus Definitions Distribution - not update

Migration User

Migration UserOct 23, 2013 04:18 AM

 Sorry :)

  • 1.  Endpoint Protection 11.0.7: Virus Definitions Distribution - not update

    Posted Oct 22, 2013 05:56 AM

    Hi.

    Symantec Endpoint Protection 11.0.7, sometimes not download updates "Virus Definitions Distribution" and "Intrusion Prevention Signatures".

    For solutions: http://www.symantec.com/business/support/index?page=content&id=TECH104721&profileURL=https%3A%2F%2Fsymaccount-profile.symantec.com%2FSSO%2Findex.jsp%3FssoID%3D1382435200338UK5s0f4Gwt7v44ooXYv71845428hyNM0D04TX, usually helps and starts to download updates.
    But recently, SEP does not download updates for "Virus Definitions Distribution". With "Intrusion Prevention Signatures", no problem.

    Run a manual update: LUALL.EXE (C:\Program Files\Symantec\LiveUpdate) - there are no errors
     

     

    Show LiveUpdate Status one error:
    22     October 2013 г. 9:17:32 MSD: Antivirus and antispyware definitions Win64 11.0 MicroDefsB.CurDefs failed to update. [Site: SEP11] [Server: SEP11]
    What's the problem?
    Why SEP sometimes does not download updates

     


    Erros with SesmLu.log (C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\logs):
    [0f60:0794] окт 22 13, 12:09:11 INFO(Low) sesmVirDef64 DefaultDefUtilsContentHandler: CDefUtils::DirIsEmpty returns: failure.
    [0f60:0794] окт 22 13, 12:09:11 INFO(Low) sesmVirDef64 DefaultDefUtilsContentHandler: DuFileExists ( C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SESMVI~2\tmp43c6.tmp\virscant.dat ) returned failure.
    [0f60:0794] окт 22 13, 12:09:11 INFO(Med) sesmVirDef64 SesmLu: PostSession failed!
    [0f60:0794] окт 22 13, 12:09:11 INFO(Med) sesmVirDef64 SesmLu: http://127.0.0.1:9090/servlet/ConsoleServlet?ActionType=ConfigServer&ServerMoniker={53574EE0-2F8E-4a63-B90C-4B78E1BC704C}&action=LogContentFailed
    [0f60:0794] окт 22 13, 12:09:11 INFO(Med) sesmVirDef64 SesmLu: Successfully notified sever of failure.[i]
     


    LUALL.EXE (C:\Program Files\Symantec\LiveUpdate):
    [i]nitializing...
    Connecting to liveupdate.symantecliveupdate.com...
    Downloading catalog file (1 of 58), product up-to-date.
    Downloading catalog file (2 of 58), complete.
    Opening update list
    The digital signature found on the catalog file has been signed by Symantec Corporation.
    Processing update list
    Opening update list
    Processing update list
    Downloading catalog file (3 of 58), product up-to-date.
    Downloading catalog file (4 of 58), product up-to-date.
    ...
    Downloading catalog file (28 of 58), product up-to-date.
    Downloading catalog file (29 of 58), complete.
    Opening update list
    The digital signature found on the catalog file has been signed by Symantec Corporation.
    Processing update list
    Opening update list
    Processing update list
    Downloading catalog file (30 of 58), complete.
    Opening update list
    The digital signature found on the catalog file has been signed by Symantec Corporation.
    Processing update list
    Opening update list
    Processing update list
    Downloading catalog file (31 of 58), complete.
    Opening update list
    The digital signature found on the catalog file has been signed by Symantec Corporation.
    Processing update list
    Opening update list
    Processing update list
    Downloading catalog file (32 of 58), complete.
    Opening update list
    The digital signature found on the catalog file has been signed by Symantec Corporation.
    Processing update list
    Opening update list
    Processing update list
    Downloading catalog file (33 of 58), product up-to-date.
    Downloading catalog file (34 of 58), product up-to-date.
    Downloading catalog file (35 of 58), complete.
    Opening update list
    The digital signature found on the catalog file has been signed by Symantec Corporation.
    Processing update list
    Opening update list
    Processing update list
    Downloading catalog file (36 of 58), complete.
    Opening update list
    The digital signature found on the catalog file has been signed by Symantec Corporation.
    Processing update list
    Opening update list
    Processing update list
    Downloading catalog file (37 of 58), complete.
    Opening update list
    The digital signature found on the catalog file has been signed by Symantec Corporation.
    Processing update list
    Opening update list
    Processing update list
    ...
    Downloading catalog file (57 of 58), complete.
    Opening update list
    The digital signature found on the catalog file has been signed by Symantec Corporation.
    Processing update list
    Opening update list
    Processing update list
    Downloading catalog file (58 of 58), complete.
    Opening update list
    The digital signature found on the catalog file has been signed by Symantec Corporation.
    Processing update list
    Opening update list
    Processing update list
    The following updates have been found:
    > Antivirus and antispyware definitions Win32 11.0 MicroDefsB.CurDefs, 4379.8 KB
    > Antivirus and antispyware definitions Win64 11.0 MicroDefsB.CurDefs, 4379.4 KB
    Total Download 8759.1 KB
    Downloading Antivirus and antispyware definitions Win32 11.0 MicroDefsB.CurDefs (1 of 1), complete.
    Downloading Antivirus and antispyware definitions Win64 11.0 MicroDefsB.CurDefs (1 of 1), complete.
    Installing Antivirus and antispyware definitions Win32 11.0 MicroDefsB.CurDefs (1 of 1), complete.
    Installing Antivirus and antispyware definitions Win64 11.0 MicroDefsB.CurDefs (1 of 1), complete.
    LiveUpdate session is complete.



  • 2.  RE: Endpoint Protection 11.0.7: Virus Definitions Distribution - not update

    Broadcom Employee
    Posted Oct 22, 2013 06:03 AM

    may be corrupt defintion, you may want to run symhelp to check this.

    http://www.symantec.com/business/support/index?page=content&id=TECH103176



  • 3.  RE: Endpoint Protection 11.0.7: Virus Definitions Distribution - not update

    Posted Oct 22, 2013 07:25 AM

    As you posted the Sesmu.log file, I'm going to assume this is a SEPM update problem rather than a client one.

    Please review the below article for further troubleshooting steps, and perhaps post the log.liveupdate file too:

    http://www.symantec.com/docs/TECH105924



  • 4.  RE: Endpoint Protection 11.0.7: Virus Definitions Distribution - not update

    Posted Oct 22, 2013 07:45 AM

    Hi

    Please follow the link below to resovle the issue

    http://www.symantec.com/business/support/index?page=content&id=TECH211503

    Regards

     



  • 5.  RE: Endpoint Protection 11.0.7: Virus Definitions Distribution - not update

    Posted Oct 23, 2013 03:35 AM

    Hi.

    In this file (Log.LiveUpdate) all right C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Log.LiveUpdate:

    22.10.2013, 8:05:46 GMT -> Progress Update: DOWNLOAD_FILE_START: URL: "http://liveupdate.symantecliveupdate.com/liveupdate_3.3.0.102_english_livetri.zip", Estimated Size: 0, Destination Folder: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads"

    I do not understand what needs to be done

    But I do not understand why is not downloaded "Antivirus and antispyware definitions":

    Show LiveUpdate Status

    23 October  2013 г. 11:28:29 MSD:  LUALL.EXE finished running.  [Site: SEP11]  [Server: SEP11]
    23 October  2013 г. 11:28:29 MSD:  LiveUpdate succeeded.   [Site: SEP11]  [Server: SEP11]
    23 October  2013 г. 11:28:29 MSD:  LUALL.EXE successfully updated the content. Return code = 0.  [Site: SEP11]  [Server: SEP11]
    23 October  2013 г. 11:28:26 MSD:  Symantec Endpoint Protection Win64 11.0.7000.975 (English) is up-to-date.    [Site: SEP11]  [Server: SEP11]
    23 October  2013 г. 11:28:26 MSD:  Symantec Endpoint Protection Win32 11.0.7000.975 (English) is up-to-date.    [Site: SEP11]  [Server: SEP11]
    23 October  2013 г. 11:28:25 MSD:  TruScan proactive threat scan engine Win32 11.0 is up-to-date.    [Site: SEP11]  [Server: SEP11]
    23 October  2013 г. 11:28:25 MSD:  TruScan proactive threat scan commercial application list Win32 11.0 is up-to-date.    [Site: SEP11]  [Server: SEP11]
    23 October  2013 г. 11:28:25 MSD:  TruScan proactive threat scan whitelist Win64 11.0 is up-to-date.    [Site: SEP11]  [Server: SEP11]
    23 October  2013 г. 11:28:25 MSD:  Intrusion Prevention signatures Win64 11.0 was successfully updated.  [Site: SEP11]  [Server: SEP11]
    23 October  2013 г. 11:28:22 MSD:  TruScan proactive threat scan engine Win64 11.0 is up-to-date.    [Site: SEP11]  [Server: SEP11]
    23 October  2013 г. 11:28:22 MSD:  Submission Control signatures 11.0 is up-to-date.    [Site: SEP11]  [Server: SEP11]
    23 October  2013 г. 11:28:22 MSD:  TruScan proactive threat scan data 11.0 is up-to-date.    [Site: SEP11]  [Server: SEP11]
    23 October  2013 г. 11:28:22 MSD:  TruScan proactive threat scan whitelist Win32 11.0 is up-to-date.    [Site: SEP11]  [Server: SEP11]
    23 October  2013 г. 11:28:22 MSD:  TruScan proactive threat scan commercial application list Win64 11.0 is up-to-date.    [Site: SEP11]  [Server: SEP11]
    23 October  2013 г. 11:26:41 MSD:  Decomposer Win32 and Win64 11.0 is up-to-date.    [Site: SEP11]  [Server: SEP11]
    23 October  2013 г. 11:26:41 MSD:  Symantec Endpoint Protection Manager Content Catalog 11.0 is up-to-date.    [Site: SEP11]  [Server: SEP11]
    23 October  2013 г. 11:26:41 MSD:  TruScan proactive threat scan commercial application engine 11.0 is up-to-date.    [Site: SEP11]  [Server: SEP11]
    23 October  2013 г. 11:25:06 MSD:  Intrusion Prevention signatures Win32 11.0 was successfully updated.  [Site: SEP11]  [Server: SEP11]
    23 October  2013 г. 11:20:22 MSD:  LUALL.EXE has been launched.  [Site: SEP11]  [Server: SEP11]
    23 October  2013 г. 11:20:22 MSD:  Download started.  [Site: SEP11]  [Server: SEP11]



  • 6.  RE: Endpoint Protection 11.0.7: Virus Definitions Distribution - not update

    Posted Oct 23, 2013 03:46 AM

    Hi.

    My image does not coincide with that in the example:

    C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\conf\Catalina\localhost\ROOT.xml

    My file:

      <?xml version="1.0" encoding="UTF-8" ?>
    - <Context antiJARLocking="false" antiResourceLocking="false" crossContext="true" debug="0" privileged="true" reloadable="false">
      <Resource auth="Container" driverClassName="net.sourceforge.jtds.jdbc.Driver" factory="com.sygate.scm.pool.ScmDataSourceFactory" maxActive="150" maxIdle="50" maxWait="30000" name="jdbc/metadatabase" password="{DES}izN2ouC9pjw=" testOnReturn="true" type="javax.sql.DataSource" url="jdbc:jtds:sqlserver://v-sql.Company.com:1433/sem5;preparesql=2;lobBuffer=150000000" username="sem5" validationQuery="SELECT count(*) FROM CONNECTION_TEST" />
      </Context>

    File Example:

    <Resource auth="Container" driverClassName="net.sourceforge.jtds.jdbc.Driver" factory="com.sygate.scm.pool.ScmDataSourceFactory" maxActive="150" maxIdle="50" maxWait="30000" name="jdbc/metadatabase" password="<encrypted password>" testOnReturn="true" type="javax.sql.DataSource" url="jdbc:jtds:sqlserver://<serverhostname>:1433/sem5;instance=SQL;preparesql=2;packetSize=8192;" username="<sql username>" validationQuery="SELECT count(*) FROM CONNECTION_TEST"/>



  • 7.  RE: Endpoint Protection 11.0.7: Virus Definitions Distribution - not update

    Posted Oct 23, 2013 03:47 AM

    The article I posted has more instructions on troubleshooting SEPM LiveUpdate issues, and posting the full log.liveupdate so we can see what is happening would let us help you more (the excerpt your gave is not enough I'm afraid).

    I wouldn't worry too much about the LiveUpdate Status from within the SEPM console.  This only provides and overview, whereas the log.liveupdate and sesmlu.log files hold the detail.



  • 8.  RE: Endpoint Protection 11.0.7: Virus Definitions Distribution - not update

    Posted Oct 23, 2013 04:14 AM
      |   view attached

    File attachements can be added to posts by expanding the "File Attachments" section under the text box (see screenie)



  • 9.  RE: Endpoint Protection 11.0.7: Virus Definitions Distribution - not update

    Posted Oct 23, 2013 04:18 AM
      |   view attached

    Sorry :)

    Attachment(s)

    zip
    Logs_25.zip   860 KB 1 version


  • 10.  RE: Endpoint Protection 11.0.7: Virus Definitions Distribution - not update

    Posted Oct 23, 2013 05:05 AM

    Oddly enough, the log.liveupdate appears to suggest a successful update of the AV defs as below:

    23.10.2013, 7:28:28 GMT -> EVENT - PRODUCT UPDATE SUCCEEDED EVENT - Update available for Antivirus and antispyware definitions Win32 11.0 MicroDefsB.CurDefs - MicroDefsB.CurDefs - SymAllLanguages. Update for CurDefs takes product from update 131012006 to 131022008. Server name - liveupdate.symantecliveupdate.com, Update file - 1382483868jtun_nav2k8enncur25.m25, Signer - cn=Symantec Corporation,ou=Locality - Culver City,ou=Product Group - LiveUpdate,ou=SymSignature 2005,o=Symantec Corporation, package install code 0. The Update executed with a result code of 1800, => Success
    23.10.2013, 7:28:28 GMT -> EVENT - PRODUCT UPDATE SUCCEEDED EVENT - Update available for Antivirus and antispyware definitions Win64 11.0 MicroDefsB.CurDefs - MicroDefsB.CurDefs - SymAllLanguages. Update for CurDefs takes product from update 131010007 to 131022008. Server name - liveupdate.symantecliveupdate.com, Update file - 1382483868jtun_emt64nav2k8enccur25.m25, Signer - cn=Symantec Corporation,ou=Locality - Culver City,ou=Product Group - LiveUpdate,ou=SymSignature 2005,o=Symantec Corporation, package install code 0. The Update executed with a result code of 1800, => Success
     
    In which case, I'd suggest posting or reviewing the sesmlu.log file for events around the same time.


  • 11.  RE: Endpoint Protection 11.0.7: Virus Definitions Distribution - not update

    Posted Oct 23, 2013 06:56 AM

    Start the update again ("Show LiveUpdate Download" and "SesmLu" as an attachment)

    Show LiveUpdate Status:

    23 October 2013 г. 14:35:10 MSD:  LUALL.EXE finished running.  [Site: spbsav11]  [Server: spbsav11]
    23 October 2013 г. 14:35:10 MSD:  LiveUpdate succeeded.   [Site: spbsav11]  [Server: spbsav11]
    23 October 2013 г. 14:35:09 MSD:  LUALL.EXE successfully updated the content. Return code = 0.  [Site: spbsav11]  [Server: spbsav11]
    23 October 2013 г. 14:35:06 MSD:  Symantec Endpoint Protection Win64 11.0.7000.975 (English) is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
    23 October 2013 г. 14:35:05 MSD:  Symantec Endpoint Protection Win32 11.0.7000.975 (English) is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
    23 October 2013 г. 14:35:04 MSD:  TruScan proactive threat scan engine Win32 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
    23 October 2013 г. 14:35:04 MSD:  TruScan proactive threat scan commercial application list Win32 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
    23 October 2013 г. 14:35:04 MSD:  TruScan proactive threat scan whitelist Win64 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
    23 October 2013 г. 14:35:04 MSD:  Intrusion Prevention signatures Win64 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
    23 October 2013 г. 14:35:03 MSD:  TruScan proactive threat scan engine Win64 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
    23 October 2013 г. 14:35:03 MSD:  Submission Control signatures 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
    23 October 2013 г. 14:35:03 MSD:  TruScan proactive threat scan data 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
    23 October 2013 г. 14:35:03 MSD:  TruScan proactive threat scan whitelist Win32 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
    23 October 2013 г. 14:35:03 MSD:  TruScan proactive threat scan commercial application list Win64 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
    23 October 2013 г. 14:33:22 MSD:  Decomposer Win32 and Win64 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
    23 October 2013 г. 14:33:22 MSD:  Symantec Endpoint Protection Manager Content Catalog 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
    23 October 2013 г. 14:33:22 MSD:  TruScan proactive threat scan commercial application engine 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
    23 October 2013 г. 14:31:48 MSD:  Intrusion Prevention signatures Win32 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
    23 October 2013 г. 14:27:01 MSD:  LUALL.EXE has been launched.  [Site: spbsav11]  [Server: spbsav11]
    23 October 2013 г. 14:27:01 MSD:  Download started.  [Site: spbsav11]  [Server: spbsav11]

    Attachment(s)

    zip
    SesmLu_2.zip   34 KB 1 version


  • 12.  RE: Endpoint Protection 11.0.7: Virus Definitions Distribution - not update

    Posted Oct 23, 2013 09:33 AM

    I can see no errors in the sesmlu.log file you posted, but then again the time stamps seem to indicate these were for a different time frame than the log.liveupdate file anyway surprise

    Are you sure that contained all the latest events?

    If so, I'd suggest looking within the below folders on your SEPM to see if the VirusDefs files there (the ones the clients use) are also stuck, or if it's just a cosmetic issue:

    %programfiles%\symantec\symantec endpoint protection manager\inetpub\content\{1CD85...
    %programfiles%\symantec\symantec endpoint protection manager\inetpub\content\{C60DC...
     
    If the contents of these folders are also stuck, then I'd first suggest you go through updating the SEPM using the JDB file as per the article I posted earlier as we as described in the below one:
     
    http://www.symantec.com/docs/TECH102607
     
    Can you confirm you've checked your LiveUpdate settings in the SEPM Console's Site Settings to verify there haven't been any changes?


  • 13.  RE: Endpoint Protection 11.0.7: Virus Definitions Distribution - not update

    Posted Oct 24, 2013 04:30 AM

    Hi.

    Full sesmlu.log file the attachment

    Folders:

    %programfiles%\symantec\symantec endpoint protection manager\inetpub\content\{1CD85...
    %programfiles%\symantec\symantec endpoint protection manager\inetpub\content\{C60DC...

    in not empty (attachment)

    Tell me please, what should I do?

    Attachment(s)

    7z
    SesmLu.7z   234 KB 1 version


  • 14.  RE: Endpoint Protection 11.0.7: Virus Definitions Distribution - not update

    Posted Oct 24, 2013 08:22 AM

    I would try re-registering LiveUpdate if I were you (as suggested in the first article I linked, repeated below) as the more recent sesmlu.log file events are reporting missing hub defs:

    "ERROR sesmVirDef32 MicroDefs25DefUtilsContentHandler: DU_E_APPLY_PATCH at .\MicroDefs25DefUtilsContentHandler.cpp[345]"

    http://www.symantec.com/docs/TECH105924

    Or you could go a step further and reinstall LiveUpdate on the SEPM too:

    http://www.symantec.com/docs/TECH102609



  • 15.  RE: Endpoint Protection 11.0.7: Virus Definitions Distribution - not update

    Posted Oct 25, 2013 03:26 AM
      |   view attached

    Hi

    1. I re-registering (reinstal and LuCatalog.exe -update) LiveUpdate and has done everything to: http://www.symantec.com/business/support/index?page=content&id=TECH104721&locale=en_US,

    but now it is even worse:

    25 October 2013 г. 11:03:52 MSD:  Retry timestamp is over the maximum retry window, switching to regular schedule run.  [Site: SEV11]  [Server: SEV11]
    25 October 2013 г. 11:02:57 MSD:  LUALL.EXE finished running.  [Site: SEV11]  [Server: SEV11]
    25 October 2013 г. 11:02:57 MSD:  LiveUpdate failed.  [Site: SEV11]  [Server: SEV11]
    25 October 2013 г. 11:02:57 MSD:  LiveUpdate encountered one or more errors. Return code = 4.  [Site: SEV11]  [Server: SEV11]
    25 October 2013 г. 11:02:29 MSD:  LUALL.EXE has been launched.  [Site: SEV11]  [Server: SEV11]
    25 October 2013 г. 11:02:29 MSD:  Download started.  [Site: SEV11]  [Server: SEV11]

    2. I do not understand what it means to error:

    "ERROR sesmVirDef32 MicroDefs25DefUtilsContentHandler: DU_E_APPLY_PATCH at .\MicroDefs25DefUtilsContentHandler.cpp[345]"
     

    Files "Log.LiveUpdate" and "SesmLu.log" in the attachment

     

     

    Attachment(s)

    7z
    Log.LiveUpdate+SesmLu.log_.7z   66 KB 1 version


  • 16.  RE: Endpoint Protection 11.0.7: Virus Definitions Distribution - not update

    Posted Oct 25, 2013 03:49 AM

    as per this document ERROR sesmVirDef32 MicroDefs25DefUtilsContentHandler: DU_E_APPLY_PATCH at .\MicroDefs25DefUtilsContentHandler.cpp[345]" means its misisng hub

    http://www.symantec.com/business/support/index?page=content&id=TECH105924

    how is your liveupdate configured ? is it geeting from internet?

    or from Liveupdate administrator?

    check if your firewall is blocking the traffic

    http://www.symantec.com/business/support/index?page=content&id=TECH102059

    If you are using proxy make sure you have configured it

    http://www.symantec.com/business/support/index?page=content&id=TECH180166

     



  • 17.  RE: Endpoint Protection 11.0.7: Virus Definitions Distribution - not update

    Posted Oct 25, 2013 04:06 AM

    Your log.liveupdate is now returning error 1813, which suggests proxy auth issues as per the below article:

    http://www.symantec.com/docs/TECH129816

    Also, I already explained that the "DU_E_APPLY_PATCH" error suggested hub defs issues.  This is why I asked you to reinstall LiveUpdate.  This information is also in the very first article I linked.  I'd highly recommend going through the article to better understand the reasons behind the steps I'm suggesting.



  • 18.  RE: Endpoint Protection 11.0.7: Virus Definitions Distribution - not update

    Posted Oct 25, 2013 07:25 AM

    Sorry, my colleague has changed the configuration of ISA2006 Server is now back again. Updates to Intrusion Prevention Signature Distribution to download, and for Virus Definitions Distribution no.

    + why not have Show LiveUpdate Status points Antivirus and antispyware definitions

    Show LiveUpdate Status:

    25 October 2013 г. 15:17:00 MSD:  LiveUpdate succeeded.   [Site: spbsav11]  [Server: spbsav11]
    25 October 2013 г. 15:17:00 MSD:  LUALL.EXE finished running.  [Site: spbsav11]  [Server: spbsav11]
    25 October 2013 г. 15:17:00 MSD:  LUALL.EXE successfully updated the content. Return code = 0.  [Site: spbsav11]  [Server: spbsav11]
    25 October 2013 г. 15:16:56 MSD:  Symantec Endpoint Protection Win64 11.0.7000.975 (English) is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
    25 October 2013 г. 15:16:55 MSD:  Symantec Endpoint Protection Win32 11.0.7000.975 (English) is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
    25 October 2013 г. 15:16:54 MSD:  TruScan proactive threat scan engine Win32 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
    25 October 2013 г. 15:16:54 MSD:  TruScan proactive threat scan commercial application list Win32 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
    25 October 2013 г. 15:16:54 MSD:  TruScan proactive threat scan whitelist Win64 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
    25 October 2013 г. 15:16:54 MSD:  Intrusion Prevention signatures Win64 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
    25 October 2013 г. 15:16:54 MSD:  TruScan proactive threat scan engine Win64 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
    25 October 2013 г. 15:16:54 MSD:  Submission Control signatures 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
    25 October 2013 г. 15:16:54 MSD:  TruScan proactive threat scan data 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
    25 October 2013 г. 15:16:54 MSD:  TruScan proactive threat scan whitelist Win32 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
    25 October 2013 г. 15:16:54 MSD:  TruScan proactive threat scan commercial application list Win64 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
    25 October 2013 г. 15:15:21 MSD:  Decomposer Win32 and Win64 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
    25 October 2013 г. 15:15:21 MSD:  Symantec Endpoint Protection Manager Content Catalog 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
    25 October 2013 г. 15:15:21 MSD:  TruScan proactive threat scan commercial application engine 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
    25 October 2013 г. 15:13:52 MSD:  Intrusion Prevention signatures Win32 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
    25 October 2013 г. 15:12:54 MSD:  LUALL.EXE has been launched.  [Site: spbsav11]  [Server: spbsav11]
    25 October 2013 г. 15:12:54 MSD:  Download started.  [Site: spbsav11]  [Server: spbsav11]

     

    Attachment(s)

    7z
    Log.LiveUpdate+SesmLu.7z   157 KB 1 version


  • 19.  RE: Endpoint Protection 11.0.7: Virus Definitions Distribution - not update

    Posted Oct 25, 2013 11:32 AM

    The latest logs appears to suggest everything is working:

    log.liveupdate shows:

    25.10.2013, 11:16:58 GMT -> EVENT - PRODUCT UPDATE SUCCEEDED EVENT - Update available for Antivirus and antispyware definitions Win32 11.0 MicroDefsB.CurDefs - MicroDefsB.CurDefs - SymAllLanguages. Update for CurDefs takes product from update 131012006 to 131024019. Server name - liveupdate.symantecliveupdate.com, Update file - 1382681309jtun_nav2k8enncur25.m25, Signer - cn=Symantec Corporation,ou=Locality - Culver City,ou=Product Group - LiveUpdate,ou=SymSignature 2005,o=Symantec Corporation, package install code 0. The Update executed with a result code of 1800, => Success
    25.10.2013, 11:16:58 GMT -> EVENT - PRODUCT UPDATE SUCCEEDED EVENT - Update available for Antivirus and antispyware definitions Win64 11.0 MicroDefsB.CurDefs - MicroDefsB.CurDefs - SymAllLanguages. Update for CurDefs takes product from update 131010007 to 131024019. Server name - liveupdate.symantecliveupdate.com, Update file - 1382681309jtun_emt64nav2k8enccur25.m25, Signer - cn=Symantec Corporation,ou=Locality - Culver City,ou=Product Group - LiveUpdate,ou=SymSignature 2005,o=Symantec Corporation, package install code 0. The Update executed with a result code of 1800, => Success

    While sesmlu.log shows:

    [0e94:0a6c] окт 25 13, 03:14:23 INFO(Med) sesmVirDef64 SesmLu: http://127.0.0.1:9090/servlet/ConsoleServlet?ActionType=ConfigServer&ClientMoniker={1CD85198-26C6-4bac-8C72-5D34B025DE35}&FilePath=C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SESMVI~4\20131024.019&Hash=9F8DF699DC18BD0DF3B1394E8C605C4B&Language=SymAllLanguages&Product=SESM%20Virus%20Definitions%20Win64%20(x64)%20v11&SequenceNum=131024019&SequenceTag=CurDefs&ServerMoniker={53574EE0-2F8E-4a63-B90C-4B78E1BC704C}&SrcSequenceNum=&Version=MicroDefsB.CurDefs&action=UploadLuContent

    [0e94:0a6c] окт 25 13, 03:15:21 INFO(Med) sesmVirDef64 SesmLu: Successfully notified the server of new content

    [0e94:0a6c] окт 25 13, 03:15:40 INFO(Med) sesmVirDef32 SesmLu: http://127.0.0.1:9090/servlet/ConsoleServlet?ActionType=ConfigServer&ClientMoniker={C60DC234-65F9-4674-94AE-62158EFCA433}&FilePath=C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SESMVI~3\20131024.019&Hash=79D980A3EC959BD450671E4B8B34D65B&Language=SymAllLanguages&Product=SESM%20Virus%20Definitions%20Win32%20v11&SequenceNum=131024019&SequenceTag=CurDefs&ServerMoniker={7916E109-F6A1-4d5a-8F10-5D8CEFA18FDE}&SrcSequenceNum=&Version=MicroDefsB.CurDefs&action=UploadLuContent

    [0e94:0a6c] окт 25 13, 03:16:54 INFO(Med) sesmVirDef32 SesmLu: Successfully notified the server of new content

    So other bits to check then:

    • Disk space
    • DB size limits
    • Verify what you have selected under the Site Settings use the correct "Content Types to Download"


  • 20.  RE: Endpoint Protection 11.0.7: Virus Definitions Distribution - not update
    Best Answer

    Posted Oct 25, 2013 01:02 PM

    Looking at the screenshots that you have posted I see that your 64bit virus definitions are stuck at 10/10 and 32bit definitions are at 10/12. I am going to venture a guess that you are using SQL 2005. The reason I say this is the behavior matches exactly to the document below, which includes instructions on how to fix this SEPM side.

    http://www.symantec.com/docs/TECH211503

     



  • 21.  RE: Endpoint Protection 11.0.7: Virus Definitions Distribution - not update

    Posted Oct 28, 2013 02:46 AM
    Hi Guys, thank you. Without your advice, I would not have been able to solve. Thank you.
    Solution:     http://www.symantec.com/docs/TECH211503
    Thanks to all who responded to the rescue:

    pete_4u2002

    SMLatCST

    SameerU

    Rafeeq
     
    Cameron_W

    the solution proposed by the Cameron_W, then you need



  • 22.  RE: Endpoint Protection 11.0.7: Virus Definitions Distribution - not update

    Posted Oct 28, 2013 04:05 AM

    Hi Guys, thank you. Without your advice, I would not have been able to solve. Thank you.
    Solution: http://www.symantec.com/docs/TECH211503
    Thanks to all who responded to the rescue:

    pete_4u2002

    SMLatCST

    SameerU
    Rafeeq
    Cameron_W

    the solution proposed by the Cameron_W, then you need