Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Endpoint Protection 11.0.7: Virus Definitions Distribution - not update

Created: 22 Oct 2013 • Updated: 27 Oct 2013 | 21 comments
This issue has been solved. See solution.

Hi.

Symantec Endpoint Protection 11.0.7, sometimes not download updates "Virus Definitions Distribution" and "Intrusion Prevention Signatures".

For solutions: http://www.symantec.com/business/support/index?page=content&id=TECH104721&profileURL=https%3A%2F%2Fsymaccount-profile.symantec.com%2FSSO%2Findex.jsp%3FssoID%3D1382435200338UK5s0f4Gwt7v44ooXYv71845428hyNM0D04TX, usually helps and starts to download updates.
But recently, SEP does not download updates for "Virus Definitions Distribution". With "Intrusion Prevention Signatures", no problem.

Run a manual update: LUALL.EXE (C:\Program Files\Symantec\LiveUpdate) - there are no errors
 

Show LiveUpdate Status one error:
22 October 2013 г. 9:17:32 MSD: Antivirus and antispyware definitions Win64 11.0 MicroDefsB.CurDefs failed to update. [Site: SEP11] [Server: SEP11]
What's the problem?
Why SEP sometimes does not download updates

Erros with SesmLu.log (C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\logs):
[0f60:0794] окт 22 13, 12:09:11 INFO(Low) sesmVirDef64 DefaultDefUtilsContentHandler: CDefUtils::DirIsEmpty returns: failure.
[0f60:0794] окт 22 13, 12:09:11 INFO(Low) sesmVirDef64 DefaultDefUtilsContentHandler: DuFileExists ( C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SESMVI~2\tmp43c6.tmp\virscant.dat ) returned failure.
[0f60:0794] окт 22 13, 12:09:11 INFO(Med) sesmVirDef64 SesmLu: PostSession failed!
[0f60:0794] окт 22 13, 12:09:11 INFO(Med) sesmVirDef64 SesmLu: http://127.0.0.1:9090/servlet/ConsoleServlet?ActionType=ConfigServer&ServerMoniker={53574EE0-2F8E-4a63-B90C-4B78E1BC704C}&action=LogContentFailed
[0f60:0794] окт 22 13, 12:09:11 INFO(Med) sesmVirDef64 SesmLu: Successfully notified sever of failure.[i]
 

LUALL.EXE (C:\Program Files\Symantec\LiveUpdate):
[i]nitializing...
Connecting to liveupdate.symantecliveupdate.com...
Downloading catalog file (1 of 58), product up-to-date.
Downloading catalog file (2 of 58), complete.
Opening update list
The digital signature found on the catalog file has been signed by Symantec Corporation.
Processing update list
Opening update list
Processing update list
Downloading catalog file (3 of 58), product up-to-date.
Downloading catalog file (4 of 58), product up-to-date.
...
Downloading catalog file (28 of 58), product up-to-date.
Downloading catalog file (29 of 58), complete.
Opening update list
The digital signature found on the catalog file has been signed by Symantec Corporation.
Processing update list
Opening update list
Processing update list
Downloading catalog file (30 of 58), complete.
Opening update list
The digital signature found on the catalog file has been signed by Symantec Corporation.
Processing update list
Opening update list
Processing update list
Downloading catalog file (31 of 58), complete.
Opening update list
The digital signature found on the catalog file has been signed by Symantec Corporation.
Processing update list
Opening update list
Processing update list
Downloading catalog file (32 of 58), complete.
Opening update list
The digital signature found on the catalog file has been signed by Symantec Corporation.
Processing update list
Opening update list
Processing update list
Downloading catalog file (33 of 58), product up-to-date.
Downloading catalog file (34 of 58), product up-to-date.
Downloading catalog file (35 of 58), complete.
Opening update list
The digital signature found on the catalog file has been signed by Symantec Corporation.
Processing update list
Opening update list
Processing update list
Downloading catalog file (36 of 58), complete.
Opening update list
The digital signature found on the catalog file has been signed by Symantec Corporation.
Processing update list
Opening update list
Processing update list
Downloading catalog file (37 of 58), complete.
Opening update list
The digital signature found on the catalog file has been signed by Symantec Corporation.
Processing update list
Opening update list
Processing update list
...
Downloading catalog file (57 of 58), complete.
Opening update list
The digital signature found on the catalog file has been signed by Symantec Corporation.
Processing update list
Opening update list
Processing update list
Downloading catalog file (58 of 58), complete.
Opening update list
The digital signature found on the catalog file has been signed by Symantec Corporation.
Processing update list
Opening update list
Processing update list
The following updates have been found:
> Antivirus and antispyware definitions Win32 11.0 MicroDefsB.CurDefs, 4379.8 KB
> Antivirus and antispyware definitions Win64 11.0 MicroDefsB.CurDefs, 4379.4 KB
Total Download 8759.1 KB
Downloading Antivirus and antispyware definitions Win32 11.0 MicroDefsB.CurDefs (1 of 1), complete.
Downloading Antivirus and antispyware definitions Win64 11.0 MicroDefsB.CurDefs (1 of 1), complete.
Installing Antivirus and antispyware definitions Win32 11.0 MicroDefsB.CurDefs (1 of 1), complete.
Installing Antivirus and antispyware definitions Win64 11.0 MicroDefsB.CurDefs (1 of 1), complete.
LiveUpdate session is complete.

Operating Systems:

Comments 21 CommentsJump to latest comment

SMLatCST's picture

As you posted the Sesmu.log file, I'm going to assume this is a SEPM update problem rather than a client one.

Please review the below article for further troubleshooting steps, and perhaps post the log.liveupdate file too:

http://www.symantec.com/docs/TECH105924

PokulMan's picture

Hi.

In this file (Log.LiveUpdate) all right C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Log.LiveUpdate:

22.10.2013, 8:05:46 GMT -> Progress Update: DOWNLOAD_FILE_START: URL: "http://liveupdate.symantecliveupdate.com/liveupdate_3.3.0.102_english_livetri.zip", Estimated Size: 0, Destination Folder: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads"

I do not understand what needs to be done

But I do not understand why is not downloaded "Antivirus and antispyware definitions":

Show LiveUpdate Status

23 October  2013 г. 11:28:29 MSD:  LUALL.EXE finished running.  [Site: SEP11]  [Server: SEP11]
23 October  2013 г. 11:28:29 MSD:  LiveUpdate succeeded.   [Site: SEP11]  [Server: SEP11]
23 October  2013 г. 11:28:29 MSD:  LUALL.EXE successfully updated the content. Return code = 0.  [Site: SEP11]  [Server: SEP11]
23 October  2013 г. 11:28:26 MSD:  Symantec Endpoint Protection Win64 11.0.7000.975 (English) is up-to-date.    [Site: SEP11]  [Server: SEP11]
23 October  2013 г. 11:28:26 MSD:  Symantec Endpoint Protection Win32 11.0.7000.975 (English) is up-to-date.    [Site: SEP11]  [Server: SEP11]
23 October  2013 г. 11:28:25 MSD:  TruScan proactive threat scan engine Win32 11.0 is up-to-date.    [Site: SEP11]  [Server: SEP11]
23 October  2013 г. 11:28:25 MSD:  TruScan proactive threat scan commercial application list Win32 11.0 is up-to-date.    [Site: SEP11]  [Server: SEP11]
23 October  2013 г. 11:28:25 MSD:  TruScan proactive threat scan whitelist Win64 11.0 is up-to-date.    [Site: SEP11]  [Server: SEP11]
23 October  2013 г. 11:28:25 MSD:  Intrusion Prevention signatures Win64 11.0 was successfully updated.  [Site: SEP11]  [Server: SEP11]
23 October  2013 г. 11:28:22 MSD:  TruScan proactive threat scan engine Win64 11.0 is up-to-date.    [Site: SEP11]  [Server: SEP11]
23 October  2013 г. 11:28:22 MSD:  Submission Control signatures 11.0 is up-to-date.    [Site: SEP11]  [Server: SEP11]
23 October  2013 г. 11:28:22 MSD:  TruScan proactive threat scan data 11.0 is up-to-date.    [Site: SEP11]  [Server: SEP11]
23 October  2013 г. 11:28:22 MSD:  TruScan proactive threat scan whitelist Win32 11.0 is up-to-date.    [Site: SEP11]  [Server: SEP11]
23 October  2013 г. 11:28:22 MSD:  TruScan proactive threat scan commercial application list Win64 11.0 is up-to-date.    [Site: SEP11]  [Server: SEP11]
23 October  2013 г. 11:26:41 MSD:  Decomposer Win32 and Win64 11.0 is up-to-date.    [Site: SEP11]  [Server: SEP11]
23 October  2013 г. 11:26:41 MSD:  Symantec Endpoint Protection Manager Content Catalog 11.0 is up-to-date.    [Site: SEP11]  [Server: SEP11]
23 October  2013 г. 11:26:41 MSD:  TruScan proactive threat scan commercial application engine 11.0 is up-to-date.    [Site: SEP11]  [Server: SEP11]
23 October  2013 г. 11:25:06 MSD:  Intrusion Prevention signatures Win32 11.0 was successfully updated.  [Site: SEP11]  [Server: SEP11]
23 October  2013 г. 11:20:22 MSD:  LUALL.EXE has been launched.  [Site: SEP11]  [Server: SEP11]
23 October  2013 г. 11:20:22 MSD:  Download started.  [Site: SEP11]  [Server: SEP11]

SMLatCST's picture

The article I posted has more instructions on troubleshooting SEPM LiveUpdate issues, and posting the full log.liveupdate so we can see what is happening would let us help you more (the excerpt your gave is not enough I'm afraid).

I wouldn't worry too much about the LiveUpdate Status from within the SEPM console.  This only provides and overview, whereas the log.liveupdate and sesmlu.log files hold the detail.

PokulMan's picture

Hi.

My image does not coincide with that in the example:

C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\conf\Catalina\localhost\ROOT.xml

My file:

  <?xml version="1.0" encoding="UTF-8" ?>
- <Context antiJARLocking="false" antiResourceLocking="false" crossContext="true" debug="0" privileged="true" reloadable="false">
  <Resource auth="Container" driverClassName="net.sourceforge.jtds.jdbc.Driver" factory="com.sygate.scm.pool.ScmDataSourceFactory" maxActive="150" maxIdle="50" maxWait="30000" name="jdbc/metadatabase" password="{DES}izN2ouC9pjw=" testOnReturn="true" type="javax.sql.DataSource" url="jdbc:jtds:sqlserver://v-sql.Company.com:1433/sem5;preparesql=2;lobBuffer=150000000" username="sem5" validationQuery="SELECT count(*) FROM CONNECTION_TEST" />
  </Context>

File Example:

<Resource auth="Container" driverClassName="net.sourceforge.jtds.jdbc.Driver" factory="com.sygate.scm.pool.ScmDataSourceFactory" maxActive="150" maxIdle="50" maxWait="30000" name="jdbc/metadatabase" password="<encrypted password>" testOnReturn="true" type="javax.sql.DataSource" url="jdbc:jtds:sqlserver://<serverhostname>:1433/sem5;instance=SQL;preparesql=2;packetSize=8192;" username="<sql username>" validationQuery="SELECT count(*) FROM CONNECTION_TEST"/>

SMLatCST's picture

File attachements can be added to posts by expanding the "File Attachments" section under the text box (see screenie)

attach.JPG
SMLatCST's picture

Oddly enough, the log.liveupdate appears to suggest a successful update of the AV defs as below:

23.10.2013, 7:28:28 GMT -> EVENT - PRODUCT UPDATE SUCCEEDED EVENT - Update available for Antivirus and antispyware definitions Win32 11.0 MicroDefsB.CurDefs - MicroDefsB.CurDefs - SymAllLanguages. Update for CurDefs takes product from update 131012006 to 131022008. Server name - liveupdate.symantecliveupdate.com, Update file - 1382483868jtun_nav2k8enncur25.m25, Signer - cn=Symantec Corporation,ou=Locality - Culver City,ou=Product Group - LiveUpdate,ou=SymSignature 2005,o=Symantec Corporation, package install code 0. The Update executed with a result code of 1800, => Success
23.10.2013, 7:28:28 GMT -> EVENT - PRODUCT UPDATE SUCCEEDED EVENT - Update available for Antivirus and antispyware definitions Win64 11.0 MicroDefsB.CurDefs - MicroDefsB.CurDefs - SymAllLanguages. Update for CurDefs takes product from update 131010007 to 131022008. Server name - liveupdate.symantecliveupdate.com, Update file - 1382483868jtun_emt64nav2k8enccur25.m25, Signer - cn=Symantec Corporation,ou=Locality - Culver City,ou=Product Group - LiveUpdate,ou=SymSignature 2005,o=Symantec Corporation, package install code 0. The Update executed with a result code of 1800, => Success
 
In which case, I'd suggest posting or reviewing the sesmlu.log file for events around the same time.
PokulMan's picture

Start the update again ("Show LiveUpdate Download" and "SesmLu" as an attachment)

Show LiveUpdate Status:

23 October 2013 г. 14:35:10 MSD:  LUALL.EXE finished running.  [Site: spbsav11]  [Server: spbsav11]
23 October 2013 г. 14:35:10 MSD:  LiveUpdate succeeded.   [Site: spbsav11]  [Server: spbsav11]
23 October 2013 г. 14:35:09 MSD:  LUALL.EXE successfully updated the content. Return code = 0.  [Site: spbsav11]  [Server: spbsav11]
23 October 2013 г. 14:35:06 MSD:  Symantec Endpoint Protection Win64 11.0.7000.975 (English) is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
23 October 2013 г. 14:35:05 MSD:  Symantec Endpoint Protection Win32 11.0.7000.975 (English) is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
23 October 2013 г. 14:35:04 MSD:  TruScan proactive threat scan engine Win32 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
23 October 2013 г. 14:35:04 MSD:  TruScan proactive threat scan commercial application list Win32 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
23 October 2013 г. 14:35:04 MSD:  TruScan proactive threat scan whitelist Win64 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
23 October 2013 г. 14:35:04 MSD:  Intrusion Prevention signatures Win64 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
23 October 2013 г. 14:35:03 MSD:  TruScan proactive threat scan engine Win64 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
23 October 2013 г. 14:35:03 MSD:  Submission Control signatures 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
23 October 2013 г. 14:35:03 MSD:  TruScan proactive threat scan data 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
23 October 2013 г. 14:35:03 MSD:  TruScan proactive threat scan whitelist Win32 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
23 October 2013 г. 14:35:03 MSD:  TruScan proactive threat scan commercial application list Win64 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
23 October 2013 г. 14:33:22 MSD:  Decomposer Win32 and Win64 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
23 October 2013 г. 14:33:22 MSD:  Symantec Endpoint Protection Manager Content Catalog 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
23 October 2013 г. 14:33:22 MSD:  TruScan proactive threat scan commercial application engine 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
23 October 2013 г. 14:31:48 MSD:  Intrusion Prevention signatures Win32 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
23 October 2013 г. 14:27:01 MSD:  LUALL.EXE has been launched.  [Site: spbsav11]  [Server: spbsav11]
23 October 2013 г. 14:27:01 MSD:  Download started.  [Site: spbsav11]  [Server: spbsav11]

Show LiveUpdate Downloads1.JPG
AttachmentSize
SesmLu.zip 34.99 KB
SMLatCST's picture

I can see no errors in the sesmlu.log file you posted, but then again the time stamps seem to indicate these were for a different time frame than the log.liveupdate file anyway surprise

Are you sure that contained all the latest events?

If so, I'd suggest looking within the below folders on your SEPM to see if the VirusDefs files there (the ones the clients use) are also stuck, or if it's just a cosmetic issue:

%programfiles%\symantec\symantec endpoint protection manager\inetpub\content\{1CD85...
%programfiles%\symantec\symantec endpoint protection manager\inetpub\content\{C60DC...
 
If the contents of these folders are also stuck, then I'd first suggest you go through updating the SEPM using the JDB file as per the article I posted earlier as we as described in the below one:
 
http://www.symantec.com/docs/TECH102607
 
Can you confirm you've checked your LiveUpdate settings in the SEPM Console's Site Settings to verify there haven't been any changes?
PokulMan's picture

Hi.

Full sesmlu.log file the attachment

Folders:

%programfiles%\symantec\symantec endpoint protection manager\inetpub\content\{1CD85...
%programfiles%\symantec\symantec endpoint protection manager\inetpub\content\{C60DC...

in not empty (attachment)

Tell me please, what should I do?

1CD.JPG C60.JPG
AttachmentSize
SesmLu.7z 234.57 KB
SMLatCST's picture

I would try re-registering LiveUpdate if I were you (as suggested in the first article I linked, repeated below) as the more recent sesmlu.log file events are reporting missing hub defs:

"ERROR sesmVirDef32 MicroDefs25DefUtilsContentHandler: DU_E_APPLY_PATCH at .\MicroDefs25DefUtilsContentHandler.cpp[345]"

http://www.symantec.com/docs/TECH105924

Or you could go a step further and reinstall LiveUpdate on the SEPM too:

http://www.symantec.com/docs/TECH102609

PokulMan's picture

Hi

1. I re-registering (reinstal and LuCatalog.exe -update) LiveUpdate and has done everything to: http://www.symantec.com/business/support/index?page=content&id=TECH104721&locale=en_US,

but now it is even worse:

25 October 2013 г. 11:03:52 MSD:  Retry timestamp is over the maximum retry window, switching to regular schedule run.  [Site: SEV11]  [Server: SEV11]
25 October 2013 г. 11:02:57 MSD:  LUALL.EXE finished running.  [Site: SEV11]  [Server: SEV11]
25 October 2013 г. 11:02:57 MSD:  LiveUpdate failed.  [Site: SEV11]  [Server: SEV11]
25 October 2013 г. 11:02:57 MSD:  LiveUpdate encountered one or more errors. Return code = 4.  [Site: SEV11]  [Server: SEV11]
25 October 2013 г. 11:02:29 MSD:  LUALL.EXE has been launched.  [Site: SEV11]  [Server: SEV11]
25 October 2013 г. 11:02:29 MSD:  Download started.  [Site: SEV11]  [Server: SEV11]

2. I do not understand what it means to error:

"ERROR sesmVirDef32 MicroDefs25DefUtilsContentHandler: DU_E_APPLY_PATCH at .\MicroDefs25DefUtilsContentHandler.cpp[345]"
 

Files "Log.LiveUpdate" and "SesmLu.log" in the attachment

AttachmentSize
Log.LiveUpdate+SesmLu.log_.7z 66.83 KB
Rafeeq's picture

as per this document ERROR sesmVirDef32 MicroDefs25DefUtilsContentHandler: DU_E_APPLY_PATCH at .\MicroDefs25DefUtilsContentHandler.cpp[345]" means its misisng hub

http://www.symantec.com/business/support/index?page=content&id=TECH105924

how is your liveupdate configured ? is it geeting from internet?

or from Liveupdate administrator?

check if your firewall is blocking the traffic

http://www.symantec.com/business/support/index?page=content&id=TECH102059

If you are using proxy make sure you have configured it

http://www.symantec.com/business/support/index?page=content&id=TECH180166

SMLatCST's picture

Your log.liveupdate is now returning error 1813, which suggests proxy auth issues as per the below article:

http://www.symantec.com/docs/TECH129816

Also, I already explained that the "DU_E_APPLY_PATCH" error suggested hub defs issues.  This is why I asked you to reinstall LiveUpdate.  This information is also in the very first article I linked.  I'd highly recommend going through the article to better understand the reasons behind the steps I'm suggesting.

PokulMan's picture

Sorry, my colleague has changed the configuration of ISA2006 Server is now back again. Updates to Intrusion Prevention Signature Distribution to download, and for Virus Definitions Distribution no.

+ why not have Show LiveUpdate Status points Antivirus and antispyware definitions

Show LiveUpdate Status:

25 October 2013 г. 15:17:00 MSD:  LiveUpdate succeeded.   [Site: spbsav11]  [Server: spbsav11]
25 October 2013 г. 15:17:00 MSD:  LUALL.EXE finished running.  [Site: spbsav11]  [Server: spbsav11]
25 October 2013 г. 15:17:00 MSD:  LUALL.EXE successfully updated the content. Return code = 0.  [Site: spbsav11]  [Server: spbsav11]
25 October 2013 г. 15:16:56 MSD:  Symantec Endpoint Protection Win64 11.0.7000.975 (English) is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
25 October 2013 г. 15:16:55 MSD:  Symantec Endpoint Protection Win32 11.0.7000.975 (English) is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
25 October 2013 г. 15:16:54 MSD:  TruScan proactive threat scan engine Win32 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
25 October 2013 г. 15:16:54 MSD:  TruScan proactive threat scan commercial application list Win32 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
25 October 2013 г. 15:16:54 MSD:  TruScan proactive threat scan whitelist Win64 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
25 October 2013 г. 15:16:54 MSD:  Intrusion Prevention signatures Win64 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
25 October 2013 г. 15:16:54 MSD:  TruScan proactive threat scan engine Win64 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
25 October 2013 г. 15:16:54 MSD:  Submission Control signatures 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
25 October 2013 г. 15:16:54 MSD:  TruScan proactive threat scan data 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
25 October 2013 г. 15:16:54 MSD:  TruScan proactive threat scan whitelist Win32 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
25 October 2013 г. 15:16:54 MSD:  TruScan proactive threat scan commercial application list Win64 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
25 October 2013 г. 15:15:21 MSD:  Decomposer Win32 and Win64 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
25 October 2013 г. 15:15:21 MSD:  Symantec Endpoint Protection Manager Content Catalog 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
25 October 2013 г. 15:15:21 MSD:  TruScan proactive threat scan commercial application engine 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
25 October 2013 г. 15:13:52 MSD:  Intrusion Prevention signatures Win32 11.0 is up-to-date.    [Site: spbsav11]  [Server: spbsav11]
25 October 2013 г. 15:12:54 MSD:  LUALL.EXE has been launched.  [Site: spbsav11]  [Server: spbsav11]
25 October 2013 г. 15:12:54 MSD:  Download started.  [Site: spbsav11]  [Server: spbsav11]

1.JPG
AttachmentSize
Log.LiveUpdate+SesmLu.7z 157.12 KB
SMLatCST's picture

The latest logs appears to suggest everything is working:

log.liveupdate shows:

25.10.2013, 11:16:58 GMT -> EVENT - PRODUCT UPDATE SUCCEEDED EVENT - Update available for Antivirus and antispyware definitions Win32 11.0 MicroDefsB.CurDefs - MicroDefsB.CurDefs - SymAllLanguages. Update for CurDefs takes product from update 131012006 to 131024019. Server name - liveupdate.symantecliveupdate.com, Update file - 1382681309jtun_nav2k8enncur25.m25, Signer - cn=Symantec Corporation,ou=Locality - Culver City,ou=Product Group - LiveUpdate,ou=SymSignature 2005,o=Symantec Corporation, package install code 0. The Update executed with a result code of 1800, => Success
25.10.2013, 11:16:58 GMT -> EVENT - PRODUCT UPDATE SUCCEEDED EVENT - Update available for Antivirus and antispyware definitions Win64 11.0 MicroDefsB.CurDefs - MicroDefsB.CurDefs - SymAllLanguages. Update for CurDefs takes product from update 131010007 to 131024019. Server name - liveupdate.symantecliveupdate.com, Update file - 1382681309jtun_emt64nav2k8enccur25.m25, Signer - cn=Symantec Corporation,ou=Locality - Culver City,ou=Product Group - LiveUpdate,ou=SymSignature 2005,o=Symantec Corporation, package install code 0. The Update executed with a result code of 1800, => Success

While sesmlu.log shows:

[0e94:0a6c] окт 25 13, 03:14:23 INFO(Med) sesmVirDef64 SesmLu: http://127.0.0.1:9090/servlet/ConsoleServlet?ActionType=ConfigServer&ClientMoniker={1CD85198-26C6-4bac-8C72-5D34B025DE35}&FilePath=C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SESMVI~4\20131024.019&Hash=9F8DF699DC18BD0DF3B1394E8C605C4B&Language=SymAllLanguages&Product=SESM%20Virus%20Definitions%20Win64%20(x64)%20v11&SequenceNum=131024019&SequenceTag=CurDefs&ServerMoniker={53574EE0-2F8E-4a63-B90C-4B78E1BC704C}&SrcSequenceNum=&Version=MicroDefsB.CurDefs&action=UploadLuContent

[0e94:0a6c] окт 25 13, 03:15:21 INFO(Med) sesmVirDef64 SesmLu: Successfully notified the server of new content

[0e94:0a6c] окт 25 13, 03:15:40 INFO(Med) sesmVirDef32 SesmLu: http://127.0.0.1:9090/servlet/ConsoleServlet?ActionType=ConfigServer&ClientMoniker={C60DC234-65F9-4674-94AE-62158EFCA433}&FilePath=C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SESMVI~3\20131024.019&Hash=79D980A3EC959BD450671E4B8B34D65B&Language=SymAllLanguages&Product=SESM%20Virus%20Definitions%20Win32%20v11&SequenceNum=131024019&SequenceTag=CurDefs&ServerMoniker={7916E109-F6A1-4d5a-8F10-5D8CEFA18FDE}&SrcSequenceNum=&Version=MicroDefsB.CurDefs&action=UploadLuContent

[0e94:0a6c] окт 25 13, 03:16:54 INFO(Med) sesmVirDef32 SesmLu: Successfully notified the server of new content

So other bits to check then:

  • Disk space
  • DB size limits
  • Verify what you have selected under the Site Settings use the correct "Content Types to Download"
Cameron_W's picture

Looking at the screenshots that you have posted I see that your 64bit virus definitions are stuck at 10/10 and 32bit definitions are at 10/12. I am going to venture a guess that you are using SQL 2005. The reason I say this is the behavior matches exactly to the document below, which includes instructions on how to fix this SEPM side.

http://www.symantec.com/docs/TECH211503

If I was able to help resolve your issue please mark my post as solution.

SOLUTION
PokulMan's picture
Hi Guys, thank you. Without your advice, I would not have been able to solve. Thank you.
Solution: http://www.symantec.com/docs/TECH211503
Thanks to all who responded to the rescue:

pete_4u2002

SMLatCST

SameerU

 

the solution proposed by the Cameron_W, then you need

PokulMan's picture

Hi Guys, thank you. Without your advice, I would not have been able to solve. Thank you.
Solution: http://www.symantec.com/docs/TECH211503
Thanks to all who responded to the rescue:

pete_4u2002

SMLatCST

SameerU
Rafeeq
Cameron_W

the solution proposed by the Cameron_W, then you need