Support case 10375913 initiated. Took awhile: neither we nor Symantec couldn't find our "support ID" in their system.
Here is a little more info on what's transpiring, for posterity.
Symptoms of Symantec EndPoint Protection (SEP) LiveUpdate failure:
- Outdated definitions (older than 1-2 days)
- Failure to run a scheduled daily scan (supposed to run daily at 4am on our systems)
- Failure to initiate a full scan (nothing happens when starting a full or a "custom" scan)
- LiveUpdate reports downloading and updating definitions yet the definitions timestamp and version aren't updated, remain as they were
- (Optionally) "Virus and Spyware Protection is disabled" in SEP
- No errors or alerts in SEPM/CLU or other indications of SEP failing.
- "Symantec Endpoint Protection could not verify the integrity of one of its components" and other errors in system logs.
Systems get affected seemingly randomly, at a rate of 2-3 per week.
Screenshots:
As of today, two scheduled scans did not run and it's been two days since the last AutoUpdate ran.
Last definitions - three days old, last update - two days old.
Attempting to run a full scan does nothing (normally a new window with scan progress appears).
A scheduled scan is supposed to run daily at 4am.
Running LiveUpdate manually:
Signatures downloaded.
We're "up to date" now, allegedly.
Confirming that LiveUpdate ran.
...yet the definitions / signatures are still old.