Endpoint Protection

Hi

On my SAV primary servers I intermittently get a problem where the internet proxy settings are being removed from Liveupdate.  In the file Configuration.Log.LiveUpdate I see this:

02/01/2012, 14:00:04 GMT -> LuComServer version: 3.2.0.68
02/01/2012, 14:00:04 GMT -> LuComServer Sequence Number: 20070912
02/01/2012, 14:00:04 GMT -> OS: Windows 2003 Enterprise, Service Pack:2, Major: 5, Minor 2, Build 3790
02/01/2012, 14:00:04 GMT -> System Language:[0x0809], User Language:[0x0809]
02/01/2012, 14:00:04 GMT -> IE 6 Support
02/01/2012, 14:00:04 GMT -> ComCtl32 version: 6.0
02/01/2012, 14:00:04 GMT -> Setting File integrity check failed. Default Setting File will be restored.
02/01/2012, 14:00:04 GMT -> Merging [C:\PROGRA~1\Symantec\LIVEUP~1\Settings.Default.LiveUpdate] file to LiveUpdate Settings file
02/01/2012, 14:00:04 GMT -> Self healing: Default Settings.LiveUpdate is being created.
02/01/2012, 14:00:04 GMT -> Settings File field was tampered. Default Settings File has been restored.

It's a simple matter to re-enter the proxy settings, but I wonder why the settings file is being returned to defaults.  Is this Tamper Protection fixing something that doesn't need fixing?

Thanks

Hello,

Could you check the Version of Liveupdate you are carrying??

Are you using the Liveupdate Version 3.2 OR Liveupdate version 3.3?

Liveupdate version 3.3 is intended for use with Symantec Enterprise products, such as Symantec Endpoint Protection and Symantec AntiVirus.

Liveupdate may be damaged.

If LiveUpdate is damaged, download and install a new copy.

To reinstall LiveUpdate

1. Download Lusetup.exe.
2. Double-click Lusetup.exe. 
   This installs LiveUpdate.
3. Run LiveUpdate.

If this does not solve the problem, the solution depends on whether Symantec AntiVirus is the only Symantec application installed or whether additional Symantec applications are installed. 

To repair LiveUpdate when Symantec AntiVirus is the only Symantec application installed

1. Uninstall LiveUpdate through Add/Remove programs.
2. Search the hard drive for two folders, both named LiveUpdate, and rename or delete these folders. 
   By default, one is located at C:\Program Files\Symantec\LiveUpdate, and the other is located under the All Users profile. 
   
   The location of the folder depends on your version of Windows:
   In Windows 2003/XP/2000, the location is C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate.
   In Windows NT, the location is C:\Winnt\Profiles\All Users\Application Data\Symantec\LiveUpdate.
   In Windows 9x/Me, the location is C:\Windows\All Users\Application Data\Symantec\LiveUpdate.
   The Application Data folder may be hidden. To find the folder, read the document How to make Windows show all files.
3. Double-click Lusetup.exe. 
   This installs LiveUpdate.
4. Run LiveUpdate.

To repair LiveUpdate when more than one Symantec product is installed

1. Search the hard drive for a file that, depending on the version of LiveUpdate, is named either Product.Catalog.LiveUpdate or Product.Inventory.LiveUpdate.
   
   The location of the folder depends on your version of Windows:
   In Windows 2003/XP/2000, the location is C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate.
   In Windows NT, the location is C:\Winnt\Profiles\All Users\Application Data\Symantec\LiveUpdate.
   In Windows 9x/Me, the location is C:\Windows\All Users\Application Data\Symantec\LiveUpdate.
   The Application Data folder may be hidden. To find the folder, read the document How to make Windows show all files.
2. Copy the file to the Desktop.
3. Uninstall LiveUpdate through Add/Remove programs.
4. Delete the LiveUpdate folder that contained the Product.Catalog.LiveUpdate file or Product.Inventory.LiveUpdate.
5. Delete the C:\Program Files\Symantec\LiveUpdate\ folder
6. Double-click Lusetup.exe. 
   This installs LiveUpdate and recreates the LiveUpdate folder that you deleted.
7. Copy the file from your desktop into its original location, overwriting the file that exists there.
8. Run LiveUpdate.

Make sure your Settings.Liveupdate file is READ ONLY

Its in Documents and settings\All users\Application data\Symantec\Liveupdate

Hi grumbleweed,

LiveUpdate has "self-healing" features built in, so that in case of corruption or loss of the configuration files, it will return to known good / default values.

In the latest releases of SEP, this has been enhanced so that the default values are those configured at the SEPM rather than the Internet-based LU servers.  A few details about this change can be seen in:

Endpoint Clients go to the LiveUpdate server on the internet despite LiveUpdate policy from Symantec Endpoint Protection Manager
Article: TECH95946 | Created: 2009-01-02 | Updated: 2011-12-16 |
Article URL http://www.symantec.com/docs/TECH95946

In the older SAV product, though, restoring to the Internet-based servers is the behavior that is designed.  As you note, restoring the proxy and other settings after a self-healing event will do the trick.

Note that these self-healings should be quite rare: if these occur frequently then there may be an issue with that SAV server.

BTW: judging from the version of LU, you are running SAV 10.1.8.8000.  To take advantage of the latest enhancements and improvements, I recommend upgrading to SAV 10.1 MR10. 

Hope this helps!!

Mick
 

Thumbs up to Mick :-).

10.1 MR 10 is the one you should really upgrade to.