Endpoint Protection

After one of the recent updates (now SEPM server is 11.0.6300.803) this error "Event 13. LiveUpdate returned a non-critical error.  Available content updates may have failed to install." started to show up, though eventually SEPM server was able to update its definitions. Last week it wasn't able to update them for 5 days. I have searched the forums and found lucatalog -cleanup/update commands. This helped and those events 13 stopped to show up for some time. Now the problem is back, and those cleanup commands don't help this time. I have also found a topic describing how to clean corrupted definitions manually, but probably lucatalog command does the same (and probably does it better, well, it should). Also there are mentions and KB article about some faulty def update causing these errors in the past, but this is probably not the case anymore. Can i do something other than reinstalling the server and how can i prevent this from happening again?

Btw, it seems that i can't start a case in MySupport about SEP. SEP doesn't show up in products selection (only some Antivirus Service, but this is not my product)

is the SEPM updated with the latest definition ?

are the clients updated?

and more are you connect to internet directly or pass a proxy server? do you use GUP or LUA?

Best Regards.

Fatih

SEPM is not up to date (it shows 05.19 definitions), therefore clients are also not up to date, as they get their updates from SEPM. Server goes to internet through a firewall (Fortigate), proxy is not enabled. LiveUpdate is installed on SEPM server.

Hello,

Hope you have followed both the Symantec Articles below:

• Click Start, then Run.
• Type cmd, then click OK. This will bring up a command prompt.
• At the command prompt type cd and the path to lucatalog.exe. By default the command would be: 
  
  cd C:\Program Files\Symantec\Symantec Endpoint Protection Manager\bin
   
• Type lucatalog.exe -update

4. Register the SEP Client with LiveUpdate:

• Click Start > Settings > Control Panel.
• Click Add or Remove Programs.
• Click Symantec Endpoint Protection.
• Click Change.
• Click Next, select Repair, and click Next again.
• Click Install.
• Click Finish.

You can log a case on web portal by following Articles below.

QuickStart Guide - Create and Manage Support Cases in SymWISE

http://www.symantec.com/docs/HOWTO31132

How to update a support case and upload diagnostic files with MySupport

http://www.symantec.com/docs/TECH71023

Is it ok that LUSETUP on that page is for 32 bit Windows? I have SEP+SEPM on Windows Server 2008 64 bit.

Update. So i have uninstalled SEP client on that server. I had to restart first to be able to remove LiveUpdate also. After i have removed LiveUpdate, i then installed it again (from that link 3.3.0.96 32-bit version). Then i ran lucatalog -update command. It didn't show any error. Then i went to SEPM console. Definitions were still at 05.19 in SEPM. I didn't wait and went and ran the update manually (Download LiveUpdate Content). Took 40 minutes (probably huge amount of data and we also have weak international link). Now SEPM shows 2011-05-24 definitions and no errors in the error log so far.

So. Should i install SEP client again now? Doesn't it have a LiveUpdate client on itself and won't it overwrite my already existing LiveUpdate installation. It seems i can't export installation package without LU module. Btw, i will install exported package without NTP module, including everything else available for the server (antivirus, antispyware and proactive threat protection).

Though, i think maybe i should wait for a week or so without installing SEP client and watching how SEPM updates itself.

Hello,

I would recommend you to Install SEP back again on the server machine as it secures the Machines.

Once you install SEP, it will register itself with the Liveupdate Application Automatically during Installation phase.

The Installation Package will always be created with liveupdate, this is done so that incase, if the Liveupdate  application is not installed, it gets installed as well.

I would Recommend you not to Install PTP on the 2008 64 bit, because the PTP is not supported on 64 bit machines.

I have installed SEP client a few days ago and so far everything looks fine. SEPM is updating and also there was only one SescLu event in the logs since the reinstall of LiveUpdate.