Endpoint Protection Small Business Edition

I have a small home network based on a Windows 2008 server running SEP V11 management server with several managed clients. Around October 2nd one and only one of those clients stopped updating virus definitions from the SEP server. That client runs Vista Professional SP2. It worked before. The firewall is down on both client and server. I tried uninstalling the client (including deletion of the definitions).  and created a new client export from the manager. I was able to push the client out to this work station, no problem. However, still no virus updates. Don't know what changed to cause this. I installed IE9 beta, maybe around then. Suggestions appreciated.

There is a known issue with IE9 beta and SEP.In the systems which is having IE9 beta SEP will not get updated.So uninstall IE 9 beta the client will get updated.

Have a look at this KB also

Internet Explorer 9 beta causes managed SEP clients to stop updating definitions

Thank you. Uninstalling IE 9 Beta restored the SEP virus definition updates.

SEP definitions are now up-to-date on the client since I uninstalled IE 9. However Proactive Threat Protection has remained disabled. The message says: "Protection Definitions are too old." Clicking the FIX button shows the usual message that SEP has requested new definitions, but nothing changes. Can anyone advise me on this? Other clients are working OK.

Try repairing the SEP Client.

To repair the SEP Client, as suggested, I tried to run the Push Deployment Wizard from the SEPM server; however, when I reach the Remote Client Authentication and enter my Domain administrator password, the message appears "Multiple Connections to a Server...are not allowed." I have tried to log out of the client and restart all equpment. There is no firewall. No other client is logged into the domain as administrator. Push deployment to this VISTA professional client worked recently with the same port settings (I assume) and I don't know what changed. Is there any simple explanation. Thank you.

Log off from the server you are pushing your client from and login again - seems to be an issue related to SMB protocol.

Same result. Also same when I tried entering a different admin user and even when I enter an incorrect password.

Try then net use * /delete - it stop remove all remote connections

Dear Pawel,

After deleting the mapping on the server per your suggestion, I was able to push out a new definition. I first uninstalled SEP on the client. Then I pushed out the replacement and it installed itself. Unfortunately, Proactive Threat Protection still does not update and it is disabled. The Anti-virus and NTP modules are updating on that client, but not PTP. This client looks normal on the SEPM and shows Auto Protect Enabled. I'm stumped.

Hm, there might be several reasons for PTP not tu update. Could you please check \Documents and Settings\All Users\Application Data\Symantec\SyKnApps\ folder

It should include 3 folders (Freezer, LiveUpdate, and Updates) and 2 dll files (SyKnApps.dll and Patch25.dll) before content updates are received. Are they there?

Pawel,

I found exactly what you say in my VISTA workstation in this folder:

C:\Users\All Users\Symantec\SyKnAppS

The two dll files are dated 11/07/2010 (earlier than my latest update push).

In addition, a search on my VISTA Professional work station finds SyKnAppS.dll and Patch25.dll in these folders:

C:\SWTOOLS\Apps\NORTONIS\US\NCO\NCO

C:\SWTOOLS\Apps\NORTONIS\US\NAV\External

Both files show Modified 10/11/2006 and Created 10/22/2007

I also found Patch25d.dll in

C:\Program Files\Symantec\Symantec Endpoint Protection

Richard

How to clear out corrupted definitions for a Symantec Endpoint Protection Client manually.

http://www.symantec.com/business/support/index?page=content&id=TECH103176&locale=en_US

Thank you again Pawel. I followed the entire procedure to manually clear out definitions. The virus definitions soon updated. However, PTP still is not updating. Sorry!! Do you have a further suggestion?

1. Backup the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Storages\SymHeurProcessProtection
and repair SEP from Add/Remove programs. Check if it updates.

2. If not, please enable LiveUpdate on a client, launch it and try to update PTP from the internet.

We're getting near the limit of my skills. Not sure how to tell if the key updates. Did you mean to backup the key and then delete it? And then repair SEP to see if the Key is restored?

Yeap, backup it just in case and delete it. Then repair SEP and launch LiveUpdate (you do not need to do anything else with that key). See how and if it updates :-)

Pawel,

Thanks! Followed your instructions. Key was restored and PTP is active now. Assume  PTP definition will update at next cycle. Will keep note of these steps.

Richard

Cool :-)

Pawel,

I am sorry to have to report that the PTP definition never updated and after a while PTP became disabled. It is past the time that SEPM pushes out new definitions each day. Any further suggestions? I will try to enable LiveUpdate on the client as you suggested earlier.

Richard

Please do. LU from Internet may unblock PTP on this client.

I created a policy in SEPM to enable LiveUpdate on clients and made it the default policy for my group (have only one group). I requested the new Update Policy from my client and ran LiveUpdate. I got this message:

"Live Update start failed with error code -536805375"

I did try re-starting the client. What might be my next step?

Richard

Could you follow?

Error: "LiveUpdate start failed with error code -536805375"
http://www.symantec.com/business/support/index?page=content&id=TECH96814&locale=en_US

I could not find LiveUpdate in Programs and Features. I went to

http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080407120325EN&ln=en_US

and tried to install LiveUpdate. It did not install. I did this before uninstalling SEP client. Possibly that is the reason. I will uninstall SEP Client and try again (later today). Richard

Richard,

you can install LiveUpdate from SEP installation folder - SEPM\lusetup.exe

I was able to uninstall LU and re-install it. I did a successful liveUpdate, and restarted. For a while there was no change in PTP. It was still disabled and definitions were not updated. However, I just ran LU again, and this time PTP updated. Please keep this open for a another day or so, and let me see if it's really OK. Thanks for all your help.

Richard

Pawel,

As noted, I was able to update PTP by enabling LU on the client. This hopefully was going to "kick start" the updates from SEPM. However, when I re-configured back to updating definitions from SEPM, there were no further PTP updates. Other clients are updating the PTP definition from the server, but for my one client, PTP is still at the date of the manual client LU. Might there be a next move? Again, many thanks. Richard

This forum informed me of the issue with SEP V11 and IE9 Beta. Is there still an issue? Can I install IE 9? Do I need to update SEP V11 as well?

Thank you all...Richard

The current version of SEP has no known issues with the current version of IE9