Video Screencast Help

Errors from Live Update

Created: 12 Feb 2008 • Updated: 21 May 2010 | 351 comments

Dear all,

We've been having problems updating to the latest signatures over here. We're getting the following event log entry:
Event Type:    Error
Event Source:    LiveUpdate
Event Category:    None
Event ID:    58
Date:        12/02/2008
Time:        10:31:39 AM
User:        NT AUTHORITY\SYSTEM
Computer:    MTPC-SANDROG
Description:
6006: LiveUpdate did not complete because the C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Tri512\liveupdt.grd file failed validation.

Run LiveUpdate again.


In the log file Log.LiveUpdate we get the following errors:
2/12/2008, 9:31:39 GMT -> EVENT - SERVER SELECTION SUCCESSFUL EVENT - LiveUpdate connected to server C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\CONTENTCACHE\{ECCC5006-EF61-4C99-829A-417B6C6AD963} at path C:\PROGRAM%20FILES\SYMANTEC%20ANTIVIRUS\CONTENTCACHE\%7BECCC5006-EF61-4C99-829A-417B6C6AD963%7D\2007122000 via a LAN connection. The server connection connected with a return code of 200, Successfully download TRI file
2/12/2008, 9:31:39 GMT -> Progress Update: UNZIP_FILE_START: Zip File: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Tri512\decomposer_1.0.0_symalllanguages_livetri.zip", Dest Folder: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Tri512"
2/12/2008, 9:31:39 GMT -> Progress Update: UNZIP_FILE_PROGRESS: Extracting file: "liveupdt.grd"
2/12/2008, 9:31:39 GMT -> Progress Update: UNZIP_FILE_PROGRESS: Extracting file: "liveupdt.sig"
2/12/2008, 9:31:39 GMT -> Progress Update: UNZIP_FILE_PROGRESS: Extracting file: "updecabi.zip.dat"
2/12/2008, 9:31:39 GMT -> Progress Update: SECURITY_SIGNATURE_ERROR: HR: 0x802A003A    GuardFile: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Tri512\liveupdt.grd"    ErrorMsg: CPkcs7SignedFile::verify(): C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Tri512\liveupdt.SIG: invalid signature for C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Tri512\liveupdt.grd.
2/12/2008, 9:31:39 GMT -> HR 0x802A003A DECODE: E_SIGNATURE_NOT_VERIFIED
2/12/2008, 9:31:39 GMT -> Progress Update: UNZIP_FILE_FINISH: Zip File: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Tri512\decomposer_1.0.0_symalllanguages_livetri.zip", Dest Folder: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Tri512", HR: 0x802A0037
2/12/2008, 9:31:39 GMT -> HR 0x802A0037 DECODE: E_MISSING_GUARD_FILE
2/12/2008, 9:31:39 GMT -> Progress Update: SECURITY_GENERAL_ERROR: HR: 0x802A0037    ErrorMsg1:     ErrorMsg2:
2/12/2008, 9:31:39 GMT -> HR 0x802A0037 DECODE: E_MISSING_GUARD_FILE
2/12/2008, 9:31:39 GMT -> Mini-TRI file C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Tri512\decomposer_1.0.0_symalllanguages_livetri.zip failed the authentication check.  LiveUpdate will ignore this Mini-TRI file and continue other processing updates.
2/12/2008, 9:31:39 GMT -> Due to authentication failure, C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\decomposer_1.0.0_symalllanguages_livetri.zip has been removed
2/12/2008, 9:31:39 GMT -> Progress Update: TRIFILE_DOWNLOAD_END: Number of TRI files: "1"


Did anyone else come across this issue, and if so, is there a fix yet?

Kind Regards
Sandro

Comments 351 CommentsJump to latest comment

DW1 IT Department's picture
I got the same one:
 

6006: LiveUpdate did not complete because the C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Tri771\liveupdt.grd file failed validation.

Run LiveUpdate again.

 

6001: LiveUpdate failed because the LiveUpdate package is corrupt. Internal authentication files are not present.

Please run LiveUpdate again. If the error persists, contact your network administrator or LiveUpdate provider.

 

Hope someone has got a fix!!

 

chigo58's picture

Mitigating solution to the errors - at least we stop messages in the Event Log for the time being till there is a fix.


knightstorm's picture

Symantec knows about this one and they are working on it - No fix ETA yet

Joe T's picture
I'm glad Symantec at least is aware and is working on it.  The errors started for me on 2/11/08 at 6:15 PM EST and is continuing to now. 
ADutch1's picture
Same here and it is actually impacting the performace of my clients... Of which I have 1200+
Symantec, I can't continue to work 24/7 on just Virus Protection... I am starting to believe that this product is a major ****** and Symantec is not admitting to it.

Mod Note: Please do not use any profanities in the the forums. For guidlines please see the Discussion Forums Terms and Conditions.


Thank you.



Message Edited by Optimus Prime on 02-15-2008 02:55 PM

wanting non-beta software's picture
The same issue. Setting things to an earlier version of the defs made no difference. The only way I stop it was to enable clients to manually launch Live Update. That stopped it, for the moment.
 
There is no way I would move forward with a rollout of this product beyond my pre-deployment testing group. The file server bug alone shows a serious lack of QA testing. Our renewal is coming up in a few months, I would rather spend my evaluating other products then fighting SEP11 to just get it working.
ADutch1's picture
The biggest Joke is that they just received PC Magazine endorsement for SEP 11.
I love the feedback and response I get from Symantec also... try calling them... Like I have hours to spend on the phone with some guy in India that doesn't even know how to configure the product...
Topline's picture
Same deal here...a whole list of events approx. every minute stating:

6001: LiveUpdate failed because the LiveUpdate package is corrupt. Internal authentication files are not present.

CPLACE's picture
I have been getting the same 55 and 58 Live Update errors every min since yesterday 2/11/08 on all 10 of my clients. I tried calling into support twice and was put on hold for an hour each time. I finally had to hang up because I have a job and need to use my phone. Gee, Symantec imagine that. Also, the lady told me it would be 15 minutes and an hour later......
 
Enough ranting. I just managed to stop the errors after changing my Communication Settings to PULL mode and set the interval to every 24 hours.
 
Maybe this will help someone else.
dfhbac0's picture
yes, I am getting this also.  Started at 2008-02-11 17:28 and is continuing.
 
awwbaw3's picture
Same thing.. 2008-02-11 Live Update event IDs 55 and 58 on over 80 cllient PCs. Windows XP Pro SP2 mostly... Logs showing a combined 4500 events of type 55 or 58 logged in the past day and a half. What is going on here???
Jonassth's picture
I also get this event error on all servers and clients :smileysad:
 
Event Type: Error
Event Source: LiveUpdate
Event Category: None
Event ID: 55
Date:  2008-02-13
Time:  08:05:58
User:  NT AUTHORITY\SYSTEM
Computer: SERVER02
Description:
6001: LiveUpdate failed because the LiveUpdate package is corrupt.  Internal authentication files are not present.
Please run LiveUpdate again.  If the error persists, contact your network administrator or LiveUpdate provider.
 
Event Type: Error
Event Source: LiveUpdate
Event Category: None
Event ID: 58
Date:  2008-02-13
Time:  08:05:58
User:  NT AUTHORITY\SYSTEM
Computer: SERVER02
Description:
6006: LiveUpdate did not complete because the C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Tri966\liveupdt.grd file failed validation.
Run LiveUpdate again.
youseeme's picture
Still happening this morning - same errors as posted above, any updates on this Symantec?
agpost's picture
Indeed. I have the same errors.  I heard that symantec is working on a fix, i hope so soon, cause our Nagios is driving us crazy. 
indie1982's picture

I got this from Symantec, however it didn't work. Then they asked me to run a file called SymBatchSEP that they sent me which made a 130MB log file. He didn't seem aware that other users were having the same problem!

First download the latest definitions according to this KB article, do not yet copy the file to the folder mentioned in the article ;

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007100820002048

Once its downloaded, follow thes steps;

Delete the folders:

C:\Program Files\Common Files\Symantec Shared\SymcData\sesmvirdef32
C:\Program Files\Common Files\Symantec Shared\SymcData\sesmvirdef64


Delete the contents of the LiveUpdate downloads folder.
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\

4. Copy the downloaded .jdb file to the folder mentioned in above KB article.

As mentioned in the article, the Manager will process the file and update the clients, after this you should not see the messages appear in the Event Viewer anymore.

chigo58's picture

eagerly awaiting something official from Symantec...perhaps a KB article or a solution posted on the forum

Mammut's picture
Same Error on our Machines, since weeks just troubles with SEP11.x.
ADutch1's picture
Symantec???? Any Update??? Is anybody checking this forum on their side?
Technologist's picture
We are also now getting these errors:
 

6001: LiveUpdate failed because the LiveUpdate package is corrupt. Internal authentication files are not present.

Please run LiveUpdate again. If the error persists, contact your network administrator or LiveUpdate provider.

AND

6006: LiveUpdate did not complete because the C:\ProgramData\Symantec\LiveUpdate\Downloads\Tri3\liveupdt.grd file failed validation.

Run LiveUpdate again.

====

The above is in our logs every 1- 2 minutes. PLEASE PROVIDE A FIX!!!!!!

 

Access Tech's picture
Yup same here one of our clients is having this issue, I dont even want to look at all the others to see if they are too :(
JTF's picture

Hey Guys,
I'm having the same issues but, I was able to free up some bandwidth until the issue is resolved.
Go to Clients--> Policies--> Communication Settings.
Change the client mode from Push to Pull and set your heartbeat interval to an hour or two.

This is not a fix! Just a way to stop the bog down of Push mode until the problem is fixed. I hope this helps you guys get through this mess. Just remember to set it back to Push mode (if that's what you used prior to this error)

crud! just realized someone mentioned this earlier in the thread. My apologies!



Message Edited by JTF on 02-13-2008 10:32 AM

Cuthbert's picture
Same problem here.
 
So tried running LUALL.EXE. Came up with an error LU1845 and a link to
 
 
Ran it (and crossed fingers!)
 
It didn't work.:smileysad:
 
Ah well.. worth a try
drroy's picture
I am an independent IT consultant working with about 35 client locations.  I have 7 clients running Endpoint Protection and ALL are having the same problem that everyone else here is having.
 
It strated at the same time, is producing the same error messages, and has locked up 3 of the 7 servers.
 
I tried calling Symantec tech support and after almost 3 hours on hold I spoke with someone who barely spoke English and was clearly unaware of this recent problem.  He flailed around and had me trying generic LiveUpdate fixes, none of which worked.
 
I very much appreciate the advice offered here on slowing down the damage by changing the Client Policy settings.  But that being said, it's time Symantec published a clear, concise fix to this mess.  I can't spend all day logging into servers in a desperate attempt to keep them running.  All of my servers are set to "Notify Only" on the Microsoft Updates, so it's not as if an update from someone else crashed Symantec's program.  This is clearly a Symantec issue start to finish.
 
PLEASE, PLEASE, would someone from Symantec post to this thread with an ETA on the fix, and then the fix itself?
CALOGERO SAPIA's picture
What they said ^
 
We've had nothing but problems with SEP
Goran's picture
I have the exact issue on my network. Here are the details. If anyone has any suggestions or answers please let me know. Much appreciated. I've also opened a case with Symantec on this issue.
I'm running Windows 2003 SP2 servers withe Windows XP SP2 machines. Running SEPM/SEP ver 11.0.1000.1375.
 
The following errors appear in the event log one per every hour:
Event Type: Error
Event Source: SescLU
Event Category: None
Event ID: 13
Date:  2/13/2008
Time:  7:58:15 AM
User:  N/A
Computer: server1
Description:
 LiveUpdate returned a non-critical error.  Available content updates may have failed to install.
 
The following errors appears in the event log every 5 to 10 minutes on another server:
Event Type: Error
Event Source: LiveUpdate
Event Category: None
Event ID: 55
Date:  2/13/2008
Time:  11:19:23 AM
User:  NT AUTHORITY\SYSTEM
Computer: server2
Description:
6001: LiveUpdate failed because the LiveUpdate package is corrupt.  Internal authentication files are not present.
Please run LiveUpdate again.  If the error persists, contact your network administrator or LiveUpdate provider.

Event Type: Error
Event Source: LiveUpdate
Event Category: None
Event ID: 58
Date:  2/13/2008
Time:  11:24:31 AM
User:  NT AUTHORITY\SYSTEM
Computer: server2
Description:
6006: LiveUpdate did not complete because the C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Tri93\liveupdt.grd file failed validation.
Run LiveUpdate again.

The above mentioned errors appear on all my workstations and servers.
One other thing that I have noticed is that on the Home Page of the SEM in the Virus Definitions Distribution section, the definitions are showing as old and do not refresh. If I click on it to get more detail I get the latest virus defintion updates. I'm not sure if this has something to do with it.

Agustin's picture

Hi all,

Well, i decide to take the hard way and seems to work, or at least i see no more messages in the event viewer.... and the liveupdate from the SEPM seems to work ok again....

I follow tihs note

http://service1.symantec.com/support/ent-security....

I'm still trying to fix the problem with the report page where the virusdef informed is not the correct.


Kinetic 2's picture
I hope they solve this problem soon.  FYI, this error will cause the harddrive of all clinets and servers to become full which will cause poor performance. You will eventually need to delete all the *.TMP files to free up hard drive space.  The files are located in C:\Program Files\Common Files\Symantec Shared\VirusDefs  Not all my clients had this problem, but a majority had over 1,200 temp files which took up between 4 to 8GB of hard drive space. 
ADutch1's picture
Agustin,
 
Wait till the definitions catch back up again with the latest one and you'll see the errors again. The complete uninstall and reinstall is just not feasible when you have 1200+ clients out there.
 
Still no acknowledgement from Symantec...
Steven Bright's picture
I'm having the exact same problem here.  What's up Symantec?



Message Edited by Steven Bright on 02-13-2008 10:46 AM

Brit Davis's picture
Same issue here. I have been working in IT for 12 years and never have felt this vulnerable, and this is a protection product that caused this feeling. Wow. Every single computer in my enterprise has been afflicted with this issue. At least I know I'm not alone but I hope somebody has a solution very quickly before this becomes a RIM-style outage.
 
-Brit
ADutch1's picture
I just asked JimW from Symantec (who is responding on other forum threads) why nobody from Symantec has responded yet...



Message Edited by ADutch1 on 02-13-2008 11:11 AM

JEB's picture
So Symantec are you planning on a reply? The errors have not gone away..
CaptainD's picture

I'm having the same issue. Just looking for a reply and potential fix for this issue and to bump the thread.

RonJ 2's picture
Got a new def file 2/13/2008 at 3:58pm est maybe it's fixed but I don't like the tight lipped lack of responses from Symantec.
JimW's picture
Hi,
 
I have escalated this issue to the team. When I get an update, I will post it here. Some times it takes a while to get information flowing in the right direction.
 
Regards,
 
JimW
 

Jim Waggoner Director Product Management, Symantec Endpoint Protection, Enterprise Security Group, Symantec

JimW's picture
This issue was caused by a corrupt posting of a decomposser update. Once it was discovered, the patch was pulled. This should not have impacted SEPM or the clients from receiving virus definition updates. If anyone is still getting the error, please let me know.
 
JimW

Jim Waggoner Director Product Management, Symantec Endpoint Protection, Enterprise Security Group, Symantec

Access Tech's picture
i am still having issues with this i sent you a PM, please respond I hoped to have this issue resolved by today.  I am still getting the errors however you are right the definitions are updating.
Brit Davis's picture
JimW,
 
Thanks for helping us out.
 
I am a little confused by your response, which makes it sound like we should not have had a problem. We do. Please do not leave the topic at this point.
 
All the clients have continued to receive new defs but the problem has not changed since the moment the bad defs were delivered to clients, which was approximately Monday 2/11 at 1:30 PM CST.
 
Can you please provide some more detail, like what defs were bad, which ones aren't and are supposed to fix the problem?
 
Thanks,
Brit
Steven Bright's picture
Thanks JimW for the update on this issue. I had realized that my clients were still receiving updates, but at the same time, all of my application logs were being filled with the error messages due to this which was preventing relevant data from being easily retrieved.
 
At the current moment, my clients are still logging the error messages, I will check back tomorrow to see if they have the lastest update and hopefully have stopped.
KC-SA's picture
JimW, you asked if anyone else was getting LiveUpdate errors still.
 
I am getting LiveUpdate error events 55 & 58 over & over in the event viewer.  I am as desperate for a solution to all these errors as is everyone else.
 
Not only am I getting this error, but also have all the other symptoms people are reporting, such as the boggy network traffic, slow PC boot times, etc. using the latest upgrade which took it to version "1000".
 
Thanks!
ADutch1's picture
I updated the clients with the new definition (2/13) and my clients are still showing endless errors in the log from LiveUpdate... Especially liveupdt.grd...
 
Fix please...
Goran's picture
JimW,
I'm also still getting the error messages showing up in the event log even after getting the new virus definition pattern.  
JTF's picture

If this helps anyone, it appeared as though the 2/13/2008 updates didn't fix the error messages initially but, I waited about 20 minutes and the error messages stopped. Keep checking the Event Viewer to verify the update didn't fix the errors because on my end, the errors have finally dissipated.


**Ignore this post. Error messages have returned from the dead**



Message Edited by JTF on 02-13-2008 05:44 PM

Maximus5684's picture
I was having this same issue since the 11th.  It just stopped this afternoon after I deleted all .tmp files and it downloaded version 100213w.
wanting non-beta software's picture
JimW,
 
I am still the LU 55 and 58 events on clients, even for a client that was installed this morning (9 AM PST).
 
Event Type: Error
Event Source: LiveUpdate
Event Category: None
Event ID: 58
Date:  2/13/2008
Time:  3:03:35 PM
User:  NT AUTHORITY\SYSTEM
Computer: MOSS64TEST
Description:
6006: LiveUpdate did not complete because the C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Tri992\liveupdt.grd file failed validation.
Run LiveUpdate again.
 
Even though clients contiue to get updates, this is definitely consuming resources on the clients and so is doing more than just filling event logs.
JimW's picture
Thank you for the update. I have passed this information off to the team. I am waiting for a response from them.
 
JimW

Jim Waggoner Director Product Management, Symantec Endpoint Protection, Enterprise Security Group, Symantec

Mammut's picture
the error 55+58 in the event viewer repeated every 2-3 minutes.
dfhbac0's picture
Same here.  Getting hundreds of entries in the application Event log.   I slowed it down yesterday by chaningng the heartbeat to 6hrs but it came back with a vengeance at 09:30 Central.  No idea why.
dfhbac0's picture
OK I think I've discovered where the 'extra' log entries are comingrom.  It's Symantec Information Foundation Mal Security attempting to run LiveUpdate every 2 minutes.  What next....
Curoli's picture
...and here.
 
Signatures appear to be current but logs are flooded.
JimW's picture
Trying one solution in house to see if it resolves the log flooding. Update to come soon.
 
JimW

Jim Waggoner Director Product Management, Symantec Endpoint Protection, Enterprise Security Group, Symantec

John Carroll 2's picture
Having exactly the same problems here. Obviously this is widespread and am totally appalled at Symantec burying their head in the sand on this one. Why is Symantec not catching the bull by the horns and admitting the problem and making some sort of effort to communicate with is users? Isn't that why these forums exist?
 
Symantec needs to remember that many of here are either corporate users or self employed supporting our own clients who put our bread and butter on the table and pay the mortgage. This problem could be the nail in the coffin for SEP for me.
 
This has to be the worst fully priced "corporate" product of this type I've encountered in my 20+ years in IT. I've had nothing but issues since day one and regret ever upgrading.
 
I am already seriously considering at this early stage to demand a refund for my upgrade fee based on the product "not being fit for purpose".
 
Regards.
 
John Carroll
 
neilill's picture
Yep we just caught sight of this one, WAN links being swamped with updates just looping.
 
I don't want to be on the phone to support for 1 hour plus again, already wasted more than a day of my life to them. Ever since this product went in we have had issues and agree with everyone that symantec have dropped the ball on this product. How can they have released a product like this.
 
Please hurry up with a fix
JimW's picture
We are working on posting a new decomposer package, in the mean time can you try rolling back to an earlier package version? In the Console go to, Policies> LiveUpdate>LiveUpdate Content>Edit the content policy>Security Definitions>Decomposer Signatures. Change to select a revision. it should be 2007-12-20.
 
This should stop the logging error.
 
Let me know if it works.
 
Regards,
 
JimW

Jim Waggoner Director Product Management, Symantec Endpoint Protection, Enterprise Security Group, Symantec

JimW's picture
If that does not work, try unchecking the Decomposer signature option in the Security Definition, LU policy.

Jim Waggoner Director Product Management, Symantec Endpoint Protection, Enterprise Security Group, Symantec

Steven Bright's picture
Jim, it appears that the only thing that stops the messages from showing up in the application log is to disable the Decomposer Signatures all together. While I am glad to have a solution to stop the numerous error messages from filling my logs, this is most certainly only a temporary fix that needs to be corrected immediately. I'm sure the Decomposer Signatures have their purpose and need to be updated regularly with the rest of the signature files.
 
And Jim, thanks for your assistance!



Message Edited by Steven Bright on 02-13-2008 08:24 PM

dfhbac0's picture
Going to Decomposer signatures to select a revision gives only one revision to select-- 2007-12-20 rev 000.
 
Therefore I unchecked Decomposer signatures.
 
On Mail Security I forced update at 2008-02-13 22:00 Central.  I have not seen any errors in the Server App Event log since 21:30 central though.
 
Last client log error was at 22:01 central.  Looking at this clients Symantec log it show that vursu defns were updated at 21:30 central.
 
I then changed heartbeat back to 15mins and did policy update on the client.
I'll wait a cycle and see what happens.  After that I will reselct decomposer signatures and see what happens.
Nayelli Tena's picture
the same problem here.. its impossible to speak with symantec's support. I changed comunication settings with pull mode with a heartbeat of 2 hours. at least the applicaiton event log is not flood any more.
 
still wondering.. How can Symantec released a product like this??? I've had a lot of issues with no solutions.. the same answer..  this issue is being investigated...
 
chigo58's picture

Guys - JimW is correct and we stopped the logs from flooding following similar advice very early on in the thread.
Check the first page of this thread...

Jim if possible keep us posted on this.

TY.

youseeme's picture
Hi all,
 
Still getting the errors this morning in the App logs... Unticking the decomposer sigs in the Live Update Content Policy has stopped the errors for now, thanks for the temporary fix.
jacota's picture

Hi,

On my side, rolling back Decomposer Definitions to 2007.12.20 doesn't fix the problem. But unckecking Updates of Decomposer Definitions successfully stops the error messages.


agpost's picture
Guys,
 
I was about to role this out to thousands of computers, now its only on 10 for a test. 
I cant role out such an old version of the defs...  When will this be fixed?  Still getting all those errors in the eventviewer.
John Carroll 2's picture
Disabling the Decomposer Signatures works here too.
 
Thanks to Jim from Symantec for the suggestion and for his attention on this.
 
Come on Symantec, get your house in order and get this sorted today!
 
Regards,
 
John Carroll
Burnin.Ape's picture
Hi All
 
Same problem here. Disabling the Decomposer signatures helped getting rid of the Event messages. But we're still have problems with our clients.
We're using MR1 on Windows2000 (i know, old os but i can't change it right now). rtvscan and Lucoms~1.exe get both 50% CPU time (CPU=2Cores with 2.4GHz). So it's impossible for our users to work. They don't have a percent for opening outlook and other apps.
I turned off the autoprotect filesystem, turned off every sysscan, but id doesn't changed anything.
 
Any ideas of getting the problem fixed?
 
Thanks and still waiting for a working product.
Tobias
dfhbac0's picture
I re-unchecked the decomposer signatures and can confirm that this stopped the error messages.
rfrohlich's picture

Confirmation that disabling Decomposer signatures has aleviated Event ID 55 & 58 client errors. 
Waiting for solution from Symantec.
Bump.

JimW's picture
A new decomposser package should be posted today on the LU servers. The team has the package and is running through certification tests.
 
JimW 

Jim Waggoner Director Product Management, Symantec Endpoint Protection, Enterprise Security Group, Symantec

Burnin.Ape's picture

Good News. Hope it fixes the problem. Our Clients need a short break :smileywink:

Technologist's picture
unchecking the signatures helped us as well. Looking forward to a permanent solution.
Screen_Name's picture

It worked for us as well.

Can we get a post on when the new defs are released so we can download and test them asap?

Thanks



Message Edited by Screen_Name on 02-14-2008 06:31 AM

JimW's picture
Yep, As soon as I am notified that they new decomposer engines are on the LU servers, I will post a message so that you can re-enable the download.
 
JimW

Jim Waggoner Director Product Management, Symantec Endpoint Protection, Enterprise Security Group, Symantec

JTF's picture

I'm very glad to hear that a solution is in the works. Standard Event ID 55/58's are showing up but, they are back to the heartbeat intervals (rather than every 1-2 minutes). I can't wait until this little bugger goes the way of the dodo.

Brit Davis's picture
Can you please ask the team to package the new defs in a nice heart-shaped box?
dskwork's picture
I want my money back. Most of my clients want their money back. This is one of the worst releases from Symantec since they bought and ruined the Veritas product line. I can only hope that they do not go after and buy the companies that make products that actually work and that on which I rely. Also, how come the prefered Language is a required field in this sign up? Can I request a prefered dialect? I am prepared to submit a bill for time spent on hold while waiting for support. 
RonJ 2's picture
JimW,
 
I am in the middle of a live trial considering switching from one of your major competitors.
 
If I can ask this question,  Why should I continue to consider SEP after seeing this error and the amount of problems from the end users of this product?
 
It is still a possibility but I would like to see your take on this question coming from the inside, SEP does alot and does it better than most of the competition so we will see.
 
Thanks
Ron
dskwork's picture
Now rolling back to SAV. Too many issues and too cryptic setup instructions. And to think I was just thankfull that I didn't have to completely remove all of SAV like every other update in Symantec's history required. The performance hit and now the logfile nightmare is too much.
Mike T's picture
Let's see: saving money on customer support + saving money on progammers+saving money on beta testing = SEPM
 
Like everybody said earlier, worst product in 20+ years of IT.  Microsoft BOB is no longer #1!  :smileyvery-happy:
 
 
JimW's picture
It comes down to a couple of questions.
 
1) Do we offer enough protection technologies to prevent the malware spread in your network.
The answer should be yes with the inclusion of antivirus, antispyware, two network based host intrustion engines, firewall, application control, device control, and the TruScan engine that detects unknown threats.
 
2) Does it work in my environment?
I am getting reports of successful implementations, but there are more issues being posted in these forums than I expected. In addition to the internal testing, we had a larger beta program this rev than in the last release of SAV/SCS.  We had three different beta programs that totaled over 15000 partipants, which is why I am surprised at the experience some have had in their environments.  We are concentrating resources in the engineering team to focus on the customer reported issues as well as increasing the level of documentation on the symantec site to help with work-arounds and product education. As seen thus far, MR1 included quite a few fixes that resolved problems posted in this forum and MR2 (our Windows 2008 release) will include even more fixes, including the performance enhancements targeted at the SMB customers.
 
If you want to chat more, send me your phone number. I am willing to listen and get your thoughts on how we can improve the product.
 
JimW
Endpoint Protection
Product Management

Jim Waggoner Director Product Management, Symantec Endpoint Protection, Enterprise Security Group, Symantec

southendsupporter's picture
Hi,
Just my 2pennurth
 
I'm very new to IT support and was thrown in the deep end with a new Exchange / Endpoint installation.
 
I had issues with Network Protection causing servers to virtually stop, issues with implementation on W2003 servers causing file shares to disappear and now this issue.
 
NOT impressed :(
 
And I can only join the chorus of 'oh where is the support ..... '. I have tried several times to call support and have given up ebery time after spending over an hour waiting.
 
Life is too short guys!
 
Anyhow, I look forward to seeing a post telling us that we can 'tick the box again'!!
Geoff
JEB's picture
JimW,
I thought the fix was coming out today, I did the 14th update and nada.. Is the fix coming out today?
Thanks
jb
JimW's picture
That is still the plan. An updated package has been created. The team is running through various certifications.
After that is done, it will get published and replicated out to the LU servers. Then it will be a short amount of time until its availble for download. I will continue to monitor this forum until I hear word that all is good.
 
JimW

Jim Waggoner Director Product Management, Symantec Endpoint Protection, Enterprise Security Group, Symantec

MAttM's picture
Hi JimW,
This is my first posting here but have been been following this problem with all the errors listed above - mine is now working due to the fixes listed.
 
I have been using and implementing Symantec AV products for many years and must admit this is by far the most complicated of them to implement. It is so different than the previous versions that it takes far too long to figure out how it all works - it is not intuitive at all, as your previous versions were.
 
However, my biggest complaint would be how come this LiveUpdt problem was not - is still not as far as I can see - even listed on any of your web sites as a problem?  Only in this Forum was I able (after the first day & 1/2 of searching) to find something on it.  I can only imagine this is multiplied by tens of thousands of users having these errors.  I have seen bad defs go out in the past years to be fixed within hours.
 
Anyway, I do thank you for your support and efforts in helping us all in finding a solution.
      MattM
Brit Davis's picture
My event log flooding magically stopped early this morning, about 20 minutes after 100213aj defs were hitting some client machines. Other client machines didn't load new defs but the flooding just stopped.
 
Just adding this as a data point for everybody.
 
-Brit
 
 
JimW's picture
I was so caught up with checking this forum and the engineering status that I did not check if a KB has been written.
 
The decomposer signatures are not definitions. They are the engines that allow scanning to search inside compressed files, such as zip, tar, cab, etc. Since the patch that was posted failed an integrity check, your system is still using the earlier version. Once a patch is posted you will get the updated engines allowing the On-Demand Scanner(ODS) to search though a greater number of compressed file formats.
 
Hope that helps.
 
JimW

Jim Waggoner Director Product Management, Symantec Endpoint Protection, Enterprise Security Group, Symantec

Access Tech's picture
ok so with todays update if it runs and pushes to the clients it should automatically fix the issue and it will stop?  Is there anything manually that we have to do?
 
Thanks
treyp's picture
OK Jim,
 
An update just published, but did not include this fix.  Any "official" word?
 
Thanks
Tomtw's picture
Can we sumarize this work around that will stop the events from being written to my logs?
txCowboy's picture
Just received the new defs (100214c) installed on all clients, enable Decomposer Signature, check event log and still receiving errors. I'll uncheck Decomposer and wait patently on this valentines day. 
JimW's picture
The updates for virus definitions are independent from the updates for decomposer signatures. Just keep it unchecked until I post a message that it is Live on the Symantec LU server. The team is still testing everything out.
 
JimW

Jim Waggoner Director Product Management, Symantec Endpoint Protection, Enterprise Security Group, Symantec