Double check that their LiveUpdate policy in the SEPM (since you mentioned they're managed) has scheduling enabled and set--under the Mac section of the policy, obviously.
The last successful LiveUpdate run that actually invokes the mdefs processing script is on the 1st of June:
Jun 1, 2012 12:46:07 PM Unzipping completed
Jun 1, 2012 12:46:07 PM Making /private/tmp/liveupdate/1338569164995/1338569167297/mdefs.sh executable ...
Jun 1, 2012 12:46:07 PM Running /private/tmp/liveupdate/1338569164995/1338569167297/mdefs.sh ...
Jun 1, 2012 12:46:08 PM
Jun 1, 2012 12:46:08 PM The Java LiveUpdate session has completed successfully.
Jun 1, 2012 12:46:08 PM Return code = 0
Jun 1, 2012 12:46:08 PM
There are additional entries up until the 4th of June, but nothing after that. Did something change on this system (like an OS update) or the network (or both) around that time?
In case the definitions somehow got corrupted, you might want to try applying the Intelligent Updater to one or two machines and see if they start working again. You can get them here: http://www.symantec.com/security_response/definitions/download/detail.jsp?gid=nmc
sandra