Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Network Threat Protection not updating

Created: 16 Nov 2011 | 3 comments

I have installed Endpoint Protection 12.1 and it's been running great. However, I not have 2 computers that show the Network Threat Protection definistions are out of date. Virus defs and Proactive defs are both fine, just the NTP defs are not updating. I downloaded the exe bundle to manually update the defs, but still remains stuck on an older date (Oct 5). All the other systems on the SEP server are updating fine. Suggestions?

Comments 3 CommentsJump to latest comment

Simpson Homer's picture

Try to run a repair on the SEP client and then reboot the machine and if the clients are unmanaged try to run Liveupdate again or else do an Update content from the client GUI if managed clients.

Ryan_Dasso's picture

There's a lot to look at for a problem like this... simple problem, but lots of possible points of failure.

First, the EXE that you used to update defs does not update PTP or NTP defs... Intelligent Updater is for AV/AS defs only. 

The thing you'll need to check first is the SEPM... does it have the latest defs? Check Admin > Servers > Local Site > Show LiveUpdate Downloads. The PTP defs are IPS Signatures (Win32/64). If those show up-to-date, then you're looking at a client > server communication problem. If they're not up-to-date, then you're probably looking at a SEPM LiveUpdate problem.

This is where it gets a little more technical and complicated... Log.LiveUpdate will help you if your SEPM is having trouble download the defs. Sylink logging will help you if the client is having trouble getting them from the SEPM. I'd recommend opening a ticket with our support team and we'll be happy to help you get to the bottom of it. 1-800-342-0652

SolarisMaestro's picture

Since you are only having the issue on a couple clients and you are able to confirm that the other clients are running current NTP defs, then the issue is probably isolated to the clients. Doing a repair on the two clients is probably going to give you success without getting into too much troubleshooting of logs. Are you also able to confirm that you can communicate from the SEPM to those two clients and vice versa, can you communicate from the clients back to SEPM (is correct SEPM showing managed in troubleshooting page?).

I also find it odd that you have to manually update the content with the .exe for your AV defs. Is that just something you were doing as a troubleshooting step or are all your clients not able to update automatically? Are you using a LiveUpdate Admin server or using GUPs? Something might be failing in the bigger picture even if you are able to manually update all your other "functioning" clients.

Thank you for marking as a solution if you felt this response met your needs!