Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

How to force update the Virus Defs. companywide ?

Migration User

Migration UserSep 28, 2010 10:07 AM

Coud you also paste the catalina.out?

  • 1.  How to force update the Virus Defs. companywide ?

    Posted Sep 26, 2010 08:58 PM

    Hi Everyone,

    How to manually force update all of the virus Definition in SEP 11 MR6 MP1 ?

    I have perform the live update download using Start | run | "luall"

    but then the definition is not yet pushed to the clients ?

    see the following status:

    Thanks



  • 2.  RE: How to force update the Virus Defs. companywide ?

    Broadcom Employee
    Posted Sep 26, 2010 09:04 PM

    The SEP client can get the definitions from SEPM by default. 

    If you want to manually update the definition on client, choose the client group and run the command 'Update Content'.

    And, on the other hand, you can try to verify the communication between the SEPM and SEP which the definitions not updated. Maybe the communication between these SEP clients and SEPM were lost.



  • 3.  RE: How to force update the Virus Defs. companywide ?

    Broadcom Employee
    Posted Sep 27, 2010 12:06 AM

    Thumbs up to Yang, however the client will get the updates from the SEPM only based on the configured HeartBeat.



  • 4.  RE: How to force update the Virus Defs. companywide ?

    Posted Sep 27, 2010 10:27 AM

    Hey guys,

     

    Well Pete and Yang are actually right...but what Yang said would be the best option here.

    Albert,

    Sometimes it takes a while to deploy the new virus defs to the clients, would you mind to check the number again and see if they changed?

     

    Take care

    JB



  • 5.  RE: How to force update the Virus Defs. companywide ?

    Posted Sep 27, 2010 10:34 AM

    The time is more in this case as the clients need to take 13 days defs (comparing symantec defs and your manager definitions)

    this is the cause for the delay.



  • 6.  RE: How to force update the Virus Defs. companywide ?

    Posted Sep 27, 2010 10:45 AM

    To remind you, the "Update Content" command will only prompt the client to launch LiveUpdate.  It does not prompt the clients to connect or heartbeat into the SEPM.

    In the screenshot you've provided, the "Windows Latest Manager version" says 9/13.   This means the SEPM itself is failing to update--so the clients are not updating, and the ones that are updated beyond 9/13, they are probably running LiveUpdate independently.

    What happens if you run LUALL on the SEPM itself?  Any error messages?

    sandra



  • 7.  RE: How to force update the Virus Defs. companywide ?

    Posted Sep 27, 2010 03:44 PM

    I have seen exactly what it looks like your seeing from time time.  I just reboot my SEPM server and it starts pushing out the update.



  • 8.  RE: How to force update the Virus Defs. companywide ?

    Posted Sep 27, 2010 04:49 PM

    You could create a simple Windows batch file, that will copy and launch/update the virus defs from the latest intelligent updater file. If only 23 computers need, the batch could be very simple using PSexec. 

     

    Something like this might to the trick:

     

    @ECHO OFF
    REM ** NAME OF WORKSTATION**
    copy c:\temp\iu.exe \\workstation\C$\windows\temp
    ECHO Updating NAME OF WORKSTATION virus def files, Please wait...
    c:\temp\psexec \\workstation c:\windows\temp\iu.exe /q
    del \\workstation\C$\windows\temp\defs.exe
     
    Pretty crude, but could work in a pinch and be run remotely.
     
    Mike 


  • 9.  RE: How to force update the Virus Defs. companywide ?

    Posted Sep 27, 2010 06:31 PM

    nope, even worst now:

    After the system restart I got Event ID Error like the following:

     

    Event Type: Error
    Event Source: semsrv
    Event Category: None
    Event ID: 4096
    Date: 9/28/2010
    Time: 8:29:24 AM
    User: N/A
    Computer: SEP-mgmt-Server01
    Description:
    The Java Virtual Machine has exited with a code of 2, the service is being stopped.


  • 10.  RE: How to force update the Virus Defs. companywide ?
    Best Answer

    Broadcom Employee
    Posted Sep 28, 2010 12:01 AM

    you may need to repair the SEPM by going to add/remove program , click on  Symantec Endpoint Protection Manager ---> click on change  and select repair.



  • 11.  RE: How to force update the Virus Defs. companywide ?

    Posted Sep 28, 2010 12:29 AM

    Paste/attach the scm-server-0.log which is present in Program Files \Symantec\Symantec Endpoint Protection Manager\tomcat\logs



  • 12.  RE: How to force update the Virus Defs. companywide ?

    Posted Sep 28, 2010 10:07 AM

    Coud you also paste the catalina.out?



  • 13.  RE: How to force update the Virus Defs. companywide ?

    Posted Sep 28, 2010 10:17 AM

    I have not encountered "a code of 2" when it comes to Java Virtual Machine errors, nor could I find a KB article.  If you repair the SEPM--a recommendation I would second, as this worked for another user--be sure that you're doing so either while local to the computer, or in a remote session that's console.

    See why console is important:  "Product corruption or failure appears during an installation or migration while using an improperly configured remote session."

    sandra



  • 14.  RE: How to force update the Virus Defs. companywide ?

    Posted Oct 06, 2010 11:18 PM

    strangely enough, after i do the "repair" of the installation it seems that it works fine again plus the proxy credentials in the settings

     

     

    October 7, 2010 2:14:58 PM EST:  LUALL.EXE finished running.  [Site: MYDOMAIN Site]  [Server: SEP-Server01]
    October 7, 2010 2:14:58 PM EST:  LiveUpdate succeeded.   [Site: MYDOMAIN Site]  [Server: SEP-Server01]
    October 7, 2010 2:14:56 PM EST:  LUALL.EXE finished.  There were no new content updates. Return code = 1.  [Site: MYDOMAIN Site]  [Server: SEP-Server01]
    October 7, 2010 2:14:52 PM EST:  Symantec Endpoint Protection Win64 11.0.6100.645 (English) is up-to-date.    [Site: MYDOMAIN Site]  [Server: SEP-Server01]
    October 7, 2010 2:14:52 PM EST:  Symantec Endpoint Protection Win32 11.0.6100.645 (English) is up-to-date.    [Site: MYDOMAIN Site]  [Server: SEP-Server01]
    October 7, 2010 2:14:51 PM EST:  TruScan proactive threat scan engine Win32 11.0 is up-to-date.    [Site: MYDOMAIN Site]  [Server: SEP-Server01]
    October 7, 2010 2:14:51 PM EST:  TruScan proactive threat scan commercial application list Win32 11.0 is up-to-date.    [Site: MYDOMAIN Site]  [Server: SEP-Server01]
    October 7, 2010 2:14:51 PM EST:  TruScan proactive threat scan whitelist Win64 11.0 is up-to-date.    [Site: MYDOMAIN Site]  [Server: SEP-Server01]
    October 7, 2010 2:14:51 PM EST:  Intrusion Prevention signatures Win64 11.0 is up-to-date.    [Site: MYDOMAIN Site]  [Server: SEP-Server01]
    October 7, 2010 2:14:51 PM EST:  TruScan proactive threat scan engine Win64 11.0 is up-to-date.    [Site: MYDOMAIN Site]  [Server: SEP-Server01]
    October 7, 2010 2:14:51 PM EST:  Submission Control signatures 11.0 is up-to-date.    [Site: MYDOMAIN Site]  [Server: SEP-Server01]
    October 7, 2010 2:14:51 PM EST:  TruScan proactive threat scan data 11.0 is up-to-date.    [Site: MYDOMAIN Site]  [Server: SEP-Server01]
    October 7, 2010 2:14:51 PM EST:  TruScan proactive threat scan whitelist Win32 11.0 is up-to-date.    [Site: MYDOMAIN Site]  [Server: SEP-Server01]
    October 7, 2010 2:14:51 PM EST:  TruScan proactive threat scan commercial application list Win64 11.0 is up-to-date.    [Site: MYDOMAIN Site]  [Server: SEP-Server01]
    October 7, 2010 2:14:51 PM EST:  Antivirus and antispyware definitions Win32 11.0 MicroDefsB.CurDefs is up-to-date.    [Site: MYDOMAIN Site]  [Server: SEP-Server01]
    October 7, 2010 2:14:51 PM EST:  Decomposer Win32 and Win64 11.0 is up-to-date.    [Site: MYDOMAIN Site]  [Server: SEP-Server01]
    October 7, 2010 2:14:51 PM EST:  Symantec Endpoint Protection Manager Content Catalog 11.0 is up-to-date.    [Site: MYDOMAIN Site]  [Server: SEP-Server01]
    October 7, 2010 2:14:51 PM EST:  TruScan proactive threat scan commercial application engine 11.0 is up-to-date.    [Site: MYDOMAIN Site]  [Server: SEP-Server01]
    October 7, 2010 2:14:51 PM EST:  Antivirus and antispyware definitions Win64 11.0 MicroDefsB.CurDefs is up-to-date.    [Site: MYDOMAIN Site]  [Server: SEP-Server01]
    October 7, 2010 2:14:51 PM EST:  Intrusion Prevention signatures Win32 11.0 is up-to-date.    [Site: MYDOMAIN Site]  [Server: SEP-Server01]
    October 7, 2010 2:14:07 PM EST:  LUALL.EXE has been launched.  [Site: MYDOMAIN Site]  [Server: SEP-Server01]
    October 7, 2010 2:14:07 PM EST:  Download started.  [Site: MYDOMAIN Site]  [Server: SEP-Server01]