Not Updating Definitions

Ajitjha's picture
Ajitjha
June 13th, 2009

Hi Members!!!!

I am using SEP 11.0.4014 i.e. MR4MP1 in a network of 1500 users connected all across the globe. The GUP has been configured accordingly. Now the problem is that The SEPM has the latest version 20090611-rev.025 which is same as Symantec version, but the clients are showing 20090610- rev.025. When i try to update contents its says policies has been applied, but the result remains same.
Now when i look into C:\Program Files\Common Files\Symantec Shared\Liveupdate\VirusDefs  the 20090611 folder is missing. There is lot of  free space in  my hard drive sections.
When i manually download the updates from SEPM it says it is alreasy there.
Looked into the KB articles, consulted with Techies, Logged into Symantec Partnet  but no resolution.
My windows are patched up.
The problem occure on 12th June 2009 IST.

I have attached two screen shots for the better understanding of the problem.
 

I am NOT interested in upgrading to MP2.

Request all u champs here to comment upon the post.

Filed under: , , ,
+2 (2 votes)
Giuseppe.Axia's picture
Giuseppe.Axia
40 weeks 22 hours ago

We need more details

Hi,

we need more details:
1) What are the settings for the LiveUpdate within the Manager? Every X hours? Daily?
2) What are the communication settings between clients e manager? Pull or push mode? Heartbeat?
3) Did you check the definition version directly on the clients? I saw cases when they were updated but the the Manager was not aware of this due to some delays in the elaboration of the logs.

Regards,

Giuseppe

+1 (1 vote)
Ajitjha's picture
Ajitjha
40 weeks 21 hours ago

1) What are the settings for

1) What are the settings for the LiveUpdate within the Manager? Every X hours? Daily?
----- Evry X Hrs

2) What are the communication settings between clients e manager? Pull or push mode? Heartbeat?
-----Pull Method
3) Did you check the definition version directly on the clients? I saw cases when they were updated but the the Manager was not aware of this due to some delays in the elaboration of the logs
-----Yes,  i have manually checked them

Any solution??????

Revert back for further info.

Regards'
Ajit Jha
TechSuport Engineer
STS

+1 (3 votes)
Giuseppe.Axia's picture
Giuseppe.Axia
40 weeks 12 hours ago

Please, add the other half of your answer

1) What is the value of X?
2) What is the value of the heartbeat?

Giuseppe

+2 (2 votes)
Ajitjha's picture
Ajitjha
39 weeks 6 days ago

X is 4 hrs

X is 4 hrs

Regards'
Ajit Jha
TechSuport Engineer
STS

0 (2 votes)
M Samir0n's picture
M Samir0n
40 weeks 21 hours ago

Hi I think the definitions

Hi

I think the definitions might have go corrupt. Try to manually update using .jdb file

0 (2 votes)
Ajitjha's picture
Ajitjha
40 weeks 21 hours ago

I have tried both the

I have tried both the solution On SEPM and client as well but no use.
Something else????

Regards'
Ajit Jha
TechSuport Engineer
STS

0 (2 votes)
Grant_Hall's picture
Grant_Hall
40 weeks 11 hours ago

Well if the definitions are

Well if the definitions are actually corrupt you would need to clear out the old corrupt definitions. Here is the kb article to do that for the client. http://service1.symantec.com/SUPPORT/ent-security.... . You can try this out, but I am not convinced that is actually the cause of your problem. Still would like to hear the answers to Giuseppe.Axia's questions. What is your setting (how many x hrs) for the Liveupdate within the manager? Also what is your heart beat interval for pulling out definitions?

Cheers
Grant

Please don't forget to mark your thread solved with whatever answer helped you : )

+2 (2 votes)
Ajitjha's picture
Ajitjha
39 weeks 6 days ago

I tried with Rex4defs.

I tried with Rex4defs.

Regards'
Ajit Jha
TechSuport Engineer
STS

0 (2 votes)
Nel Ramos's picture
Nel Ramos
39 weeks 6 days ago

@Grant_Hall: I had read the

@Grant_Hall: I had read the files on the link...and its great...
it says we have to delete certain virus definition folders...

I had read Ajitjha initial problem and he says that the C:\Program Files\Common Files\Symantec Shared\Liveupdate\VirusDefs the 20090611 folder is missing...

If it is corrupt and we have to delete the virus definitions, how would we do it if it is not there?
In addition, he also says that it is the only thing missing...

hope a resolution with Ajitjha issue would be found soon..
I am reading and learning more...

thanks...

Nel Ramos

+2 (2 votes)
Grant_Hall's picture
Grant_Hall
39 weeks 5 days ago

Your right the folder would

Your right the folder would be there if there was a corrupt definition being pushed/pulled out. That is why I thought this was not the cause of his problem. I posted that last response in regards to a previous poster that said "this may be due to corrupt definitions". I am curious to the solution of this issue as well and am waiting for the post with the logs. These really will be the fastest way to get to the root of the problem. Thanks.

Grant-

Please don't forget to mark your thread solved with whatever answer helped you : )

+1 (1 vote)
Giuseppe.Axia's picture
Giuseppe.Axia
39 weeks 6 days ago

A serious troubleshooting

We need more details about what the SEPM downloads:
go to admin > server > local site > show liveupdate downloads, post the table of the actual contents. Are 32 and 64 bit AV defs the same?

To analyse your issue, you need to analyse some logs.
The relevant logs are:
1) log.liveupdate in the server (what and when are the definition downloaded?)
2) log.liveupdate on the clients ((what and when are the definition downloaded?)
3) sylink.log (to log the communication between SEP and SEPM)

Some documents are available to analyse them.

I am missing another details: are the definitions blocked at 10/11-06-2009 in SEP and SEPM or they are going forward but always with the gap of 1 day?
I am still missing some details already asked.

Giuseppe

+1 (1 vote)
Ajitjha's picture
Ajitjha
39 weeks 5 days ago

I will post the logs very

I will post the logs very soon

Regards'
Ajit Jha
TechSuport Engineer
STS

0 (2 votes)
kavin's picture
kavin
39 weeks 5 days ago

Try this steps

Try this steps

Steps to clean Virus Definitions folders and republish Live Update Product Inventory on Symantec Endpoint Protection Manager:

Delete the content of folder "c:\documents and settings\All users\Application Data\Symantec\LiveUpdate\Downloads\"
Note: Application Data is a hidden folder. Do not delete the folder but only the contents.
Update the LiveUpdate catalog by opening the following link in Internet Explorer:
http://localhost:9090/servlet/ConsoleServlet?Actio...
After few seconds you will get a confirmation message "Responsecode="0".
Stop the services "Symantec Endpoint Protection Manager" and "Symantec Endpoint Protection"
To stop the services:
Go to Start > Run.
Type the following: Services.msc
Select and stop the above mentioned services.
Delete the numbered or TMP folders inside the paths:
%programfiles%\symantec\symantec endpoint protection manager\inetpub\content\{1CD85...
%programfiles%\symantec\symantec endpoint protection manager\inetpub\content\{C60DC...
%programfiles%\common files\Symantec Shared\SymcData\sesmvirdef32
%programfiles%\common files\Symantec Shared\SymcData\sesmvirdef64
%programfiles%\common files\Symantec Shared\VirusDefs
Launch the process LUALL.EXE from %programfiles%\Symantec\LiveUpdate (May be requested to click on "START")
(LiveUpdate should run for some minutes (5-10 min), if some error messages are displayed, exit and launch again LUALL.exe)
Restart both Symantec Endpoint Protection services when LiveUpdate is complete.
Verify the numbered folders of virus definitions are created in the following paths:
(There might be just 2-3 folders in the beginning, but the default number is 10 folders)
%programfiles%\symantec\symantec endpoint protection manager\inetpub\content\{1CD85...
%programfiles%\symantec\symantec endpoint protection manager\inetpub\content\{C60DC...

Log on to Symantec Endpoint Protection Manager Console and launch a LiveUpdate from Admin > Server > Local Site > Download LiveUpdate content.

0 (2 votes)
Ajitjha's picture
Ajitjha
39 weeks 5 days ago

Dear Kavish I am very much

Dear Kavish

I am very much used to all these troubleshooting. It didn't worked. i have tried this before posting.

Regards'
Ajit Jha
TechSuport Engineer
STS

0 (2 votes)
she_esteban's picture
she_esteban
39 weeks 5 days ago

thanks for the

thanks for the info...........

very nice!!!!!!

+1 (1 vote)
Ajitjha's picture
Ajitjha
39 weeks 2 days ago

Hi She_esteban Thanks for

Hi She_esteban

Thanks for what????

Regards'
Ajit Jha
TechSuport Engineer
STS

0 votes
Ghe21's picture
Ghe21
39 weeks 5 days ago

maybe re image the sep ,,

maybe re image the sep ,, thanks for the all information,

0 votes
Ajitjha's picture
Ajitjha
39 weeks 4 days ago

Ghe21 Please elaborate about

Ghe21
Please elaborate about the re-imaging SEP

Regards'
Ajit Jha
TechSuport Engineer
STS

0 votes
Kadoneng's picture
Kadoneng
39 weeks 5 days ago

I am a SAV user ... is the

I am a SAV user ...
is the live update for SEPM same as that of SAV?
thanks..

0 votes
Ajitjha's picture
Ajitjha
39 weeks 4 days ago

Technology is same and the

Technology is same and the only diference is the SEPM live update can be configured as "Continuously Run" but in SAV this featurewas unavailable

Regards'
Ajit Jha
TechSuport Engineer
STS

0 votes
Grant_Hall's picture
Grant_Hall
39 weeks 1 day ago

What is the latest on this

What is the latest on this issue? How are we coming along with getting those logs?

Cheers
Grant

Please don't forget to mark your thread solved with whatever answer helped you : )

+1 (1 vote)