Hi grumbleweed,
LiveUpdate has "self-healing" features built in, so that in case of corruption or loss of the configuration files, it will return to known good / default values.
In the latest releases of SEP, this has been enhanced so that the default values are those configured at the SEPM rather than the Internet-based LU servers. A few details about this change can be seen in:
Endpoint Clients go to the LiveUpdate server on the internet despite LiveUpdate policy from Symantec Endpoint Protection Manager
Article: TECH95946 | Created: 2009-01-02 | Updated: 2011-12-16 |
Article URL http://www.symantec.com/docs/TECH95946
In the older SAV product, though, restoring to the Internet-based servers is the behavior that is designed. As you note, restoring the proxy and other settings after a self-healing event will do the trick.
Note that these self-healings should be quite rare: if these occur frequently then there may be an issue with that SAV server.
BTW: judging from the version of LU, you are running SAV 10.1.8.8000. To take advantage of the latest enhancements and improvements, I recommend upgrading to SAV 10.1 MR10.
Hope this helps!!
Mick