Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

LUCOMS unexplained network traffic on SEPM server 2003

Created: 18 Apr 2013 • Updated: 18 Apr 2013 | 5 comments

I have observed very spikey network traffic in our organisation and after further investigation have found it to be the LUCOMS process on the endpoint protection manager server.

The spikey behaviour seems to occur every 20 minutes ~ and eats up approximately 1.5MB for 3-5 minutes.

I checked the Policies --> Live Update policies (on the SEPM) and found that updates were being scheduled 'Continuously'... I changed this to 4 hours however this made no change.

I am not sure what else could be causing this issue as I would only expect bytes received to be caused by live updates.

SEPM version is 12.1.2015.2015

Operating Systems:

Comments 5 CommentsJump to latest comment

Rafeeq's picture

Its the liveupdate component which downloads the daily definition.

Check if you have Symantec liveupdate administrator installed. That might pull the updates for different products of Symantec.

In SEPM check if you have selected product updates to be downloaded. new patch might have been released today.

Just uncheck whatever you dont need..that should slow down

mikailtunc's picture

I think you're right about the live update administration utility.

I am 'retrieving' updates manually and it ran for a few minutes, consuming 1.5MB/s.

I am unsure as to whether we actually require the liveupdate administration utility or not, and if we do, which products need to be selected for SEP 12.1?

We currently have selected:

  • LiveUpdate (should this be unselected?)
  • Norton AntiVirus Product Updates
  • Norton AntiVirus Virus Definitions
  • Symantec AntiVirus Corporate Edition

Is it safe to unselect these? Would it effect the SEPM or clients ability to download virus definitions?

mikailtunc's picture

Weird - I unchecked all of the products but network utilisation is still spikey.

Checked event viewer and saw that the SEPM is still downloading updates every 15 minutes ~

Event 7210 : Scheduled LiveUpdate session started.

Event 7211 : LiveUpdate session completed. Total time elapsed: 3 minute(s).

Update: Ahh, I found another live update setting within the SEPM console. It is hidden away in the 'Admin --> Local Site (My Site) --> Edit Site Properties --> LiveUpdate

This was set to 'Continuously' - I have now changed to every 4 hours and will update this post if this fixes it

SebastianZ's picture

I checked the Policies --> Live Update policies (on the SEPM) and found that updates were being scheduled 'Continuously'... I changed this to 4 hours however this made no change.

....this was the setting for the updates of clients from liveupdate - so not applying here

Update: Ahh, I found another live update setting within the SEPM console. It is hidden away in the 'Admin --> Local Site (My Site) --> Edit Site Properties --> LiveUpdate

- yes, this is the correct settings for SEPM updates from Liveupdate Servers

Rafeeq's picture

Please keep us posted with the results. I hope by this time the network usage might have come down