Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Endpoint Protection Live Update not updating WIN32 Definitons. WIN64 Up-to-date.

Created: 10 Nov 2007 • Updated: 24 Aug 2010 | 22 comments

    I am having a slight problem with my SEPM.  When I click on Admin --> Local Site --> Show LiveUpdate Downloads it shows everything is updating as it should be with the exception of the "Antivirus and antispyware definitions Win32 11.0 MicroDefsB.CurDefs"  It is stuck at Revision 2007-10-25 rev. 021.  The download time was October 26, 2007 3:51:32 AM EDT.  Any idea what I am doing wrong or what I need to delete or change?  All the clients are updating fine from the server, with the exception of the Win32 definitons.  My Win64 is up-to-date with Content Type: Antivirus and antispyware definitions Win64 11.0 MicroDefsB.CurDefs / Revision: 2007-11-10 rev. 007 / Download Time: November 10, 2007 12:28:50 PM EDT.  It usually runs at 3:00am, however, I just tried to run it to solve the problem.  Any ideas?

Thanks!

Discussion Filed Under:

Comments 22 CommentsJump to latest comment

Alex Conduit's picture
We are experiencing a similar problem.  Live updated (when run through Endpoint Protection Manager), has the following entry in the update log window: "Antivirus and antispyware definitions Win32 11.0 MicroDefsB.CurDefs failed to updated."  All other definitions have updated properly.
 
Clearing out the live update content cache & manually running a live update on the server resulted in latest version (Monday, 12 November 2007 r25) showing as installed on the Symanted Endpoint Protection client - but still not available via Endpoint Protection Manager.
 
Any assistance that can be provided would be appreciated - Protection Manager is running in Windows Server 2003 R2 SP2
NED CIPOLLINI's picture
I have randomly had the same problem.   If I run a manual update from SEPM>Admin>Local Site>Download Liveupdate Content, the W32 defs get updated.  For me it is specifically the AV/AS W32 defs only that don't update.  I don't get a Liveupdate error at 3am either that the W32 defs failed to update, only that the current defs are up to date.
 
SEPM running on Windows 2003 R1 SP2 no other applications installed other than SEP with the embedded DB.



Message Edited by NED CIPOLLINI on 11-13-2007 01:07 PM

Alex Conduit's picture
I think we may have managed to resolve this issue: went to intelligent updater site (http://www.symantec.com/avcenter/defs.download.html) - followed instructions to update SEPM with new defintions. SEPM successfully pushed new definitions out to clients.
 
Logs show that Live Update downloaded a more recent WIN32 definiton file later in the day - this has also been pushed out to clients.
 
It would appear that (for some reason) pushing through the updates manually cleared whatevern problem was preventing Live Update from installing the WIN32 updates.
NED CIPOLLINI's picture
I did the same last week and it's been working since.  This still bothers me as it has happened twice in testing of SEP.  I would like to know what the root cause of this problem is since I didn't see any errors of any kind relating to definitions.  Also I would like to have email notification when the SEPM downloads a new definition so I know if I need to "fix" it again.
Kim from Belgium's picture

I had the same problem in a testenvironment.
I have used the IntelliUpdater and now all is fine again.

I will try to escalate this to Symantec to find out what the root cause is and it can be "fixed" or prevented in 11.1


SyP2's picture

We have the same problem, but Intelligent Updater also fails to update :(
Did you have any success with escalating the problem?

Cheers,
SyP

Tex 2's picture

I have found a work around for this.  Probably not the best solution, but I ended up uninstalling and reinstalling the Symantec Endpoint Protection Manager and rejoining all the workstations.  Hope this helps.  I haven't had any problems thus far since I have reinstalled it.  I wonder if it was an issue with a definitions update?

-Tex

Hollender's picture
Have the same problem and reinstalling doesn't sounds like the solution.
 
What to do?
AussieRyan's picture
Hi Everyone
 
I had the same problem a few weeks ago. I logged the call with symantec and after 2 different techs and about 6 hours on the phone i got a solution.
 
It is
 

Step 1:-->  Connect to ftp://ftp.symantec.com/AVDEFS/symantec_antivirus_corp/jdb/

 

Step 2-->   Save the latest definition file on the Desktop.

 

Step 3--> Paste this definition file in the (default) location C:\Prog~Files\Symantec Endpoint Protection Manager\data\inbox\content\incoming - (Obviously on your server)

 

It seems to unjam the processing queue for 32bt def and then from then on it has updated on clockwork as it should.

 

Hope this helps!

Hollender's picture
Ok tried this and it seems like it has done something to the update issue.
Now the next problem is that out of 48 clients only 20 can be seen.
One of the missing clients is the server it self?
 
What about this?
Tex 2's picture

AussieRyan, I did what you said to in your reply and it worked, but my WIN32 defs are still not updating when SEPM runs live update.   Have your's got stuck since you did that work around?  This is the second time my WIN32 defs have got stuck since I reinstalled my SEPM.  Any thoughts?

Thanks,
Tex

Hollender's picture
I found the "raw" solution in another thread.
 
On the "non-responding" clients, stop the SescLU.exe process.
 
The process restarts imidiatly but after a few minutes the client is back online and has new definitions.
 
I then used the PSTool (PSKill.exe) to kill the process on remote computers. (I could see in the list which ones to kill)
 
Still we still need a REAL fix from Symantec on this AND many other issues, but Symantec is totaly dead on this subject.
Tex 2's picture

Is that for just the clients?  I need a fix for my SEPM.  It's the manager that is not updating.  All the clients are updating perfectly from the Symantec Endpoint Protection Manager.  If this continues I might see what I can do to down grade to Symantec AV 10.

Any thoughts?

Thanks,
Tex

Hollender's picture
For the server I downloaded first the Symantec intelligent updater from their site.
When the client still weren't updating or getting online I downloaded the one from the FTP site mentioned earlier.
 
This updated the server but to get the client online/updating the killing process worked.
Tex 2's picture

Ok, I will try to be more clear this time.

My server is not downloading the defs from Symantec when the server's live update runs.  Well, let me clarify that, it's downloading all the updates, except for the WIN32 defs.

The clients are updating perfectly.

Symantec -----[WIN32 Defs]-----> Server (This is not working)

Server ------[Recently downloaded defs]------> Clients (This is working)

Hope this helps to clear things up.

AussieRyan's picture
Hi Tex
 
The fix i mentioned earlier was for the Server. If you go to Admin, Servers, Click the local site, and then go down to tasks and Click Show liveUpdate Downloads you can see what the currently downloaded defintions are. The fix i mentioned earlier should only update the Antivirus and antispyware definitions Win32 11.0 MicroDefsB.CurDefs to the date relevent to the file you have downloaded.
 
In respoense to an earlier post. In approx 1 month I have had to manually force an update twice using the aformentioned approach in an earlier post.
 
For you clients to receive the updated file they should only have to check in with the server and grab the update.
 
For your clients it is also worth checking your policy for Liveupdate.
Go to policies, then to LiveUpdate, then click the LiveUpdate content Tab.
Edit the policy and go into Security Definitions. By default the setting is set to use latest available.
If this is selected and not working I would edit the policy to select a revision (for test purposes) and select a previous revision.
 
If this doesnt work but your server has downloaded and installed the latest defs I would suggest it is a problem with your clients not talking to your server. Not your server not havin the correct defs.
Alex Conduit's picture
I had thought that I'd managed to resolve our issues with SEP, but it seems not.  Since my last posting, I have had to manully push through the Win32 updates at least 5 times. 
 
It appears that SEPM runs along for a few days with no problems, then I notice that SEPM does not have the latest Win32 virus defs.  Running LiveUpdate shows the following error "Antivirus and antispyware definitions Win32 11.0 MicroDefsB.CurDefs failed to update"
 
While I can resolve the problem by manually downloading the jdb file, that is hardly an acceptable solution.  The whole point of having an automatic update facility, is that it should be automatic!!
 
I've noticed (from other posts) that people are also having problems with the Win64 defs - mine have always been up to date - but perhaps sods law is at work & people are only having problems with the definition files that they actually need.
 
Has anybody had any joy getting an actual fix for this issue from Symantec - or at the least has Symantec accepted that there product has a problem that they are going to fix??? :manmad:
BrendanKnowles's picture

Hi Alex,

It has been ages since you reported this, but I have the same issue. Did you find a permanent fix?

Cheers,
Brendan

MiltonIT's picture
 

AussieRyan's suggestion WORKED!   YAAAAY!

I put the latest file from the FTP site into the Incoming folder on the server, and within half an hour my 500 clients were updated!  My clients all stopped updating a month ago for no known reason, no changes made anywhere, although a random dozen still updated.  I tried manually updating the clients and the server, made sure LiveUpdate was still working normally, ensured I was on the latest version of SEPM & LUA, verified all of my policies were correct, but still nothing.  I was in a panic because I thought I would have to manually reinstall on all of those clients (although, that didn't work either .. new installs would all update to the month-old defs and stop there).  

I don't know if they'll update on their own tomorrow, but this is a FANTASTIC relief.  Thank you!!

--Melissa

Modzog's picture

Hi guys,

I got the same problem here. Win32 Defs not updating. It says either everything is up to date of failed to update.
I thought that upgrading to MR4 helps but it didnt.
I dont want to reinstall. All earlier mentioned fixes worked only temporarily or not at all.
Has anyone found working pemanent solution ?

Thanks

muhammadjafar's picture

in my enviornment the clients are communicated with manger but manger is not updating the definations, if anybody have any solution please tell me

jafar

AravindKM's picture

pls create a separate thread for your problem.Since this thread is very old most of the people may ignore it. 

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind