Video Screencast Help

Outdated Virus Definitions

Created: 17 Oct 2012 • Updated: 22 Oct 2012 | 20 comments
This issue has been solved. See solution.

Trying to trouble shoot an issue I am having with the client virus definitions not updating. SEP is running on a Windows 2008 Standard Server. The Windows Firewall is disabled and I can telnet into port 8014, but when I run the secars test (http://<SEPM_Server_IP_or_Machine_Name:Port>/secar...) I get this error:

You don't have permission to access /secars on this server

The clients do appear to be communicating and it appears the management consule is pulling updates.

What would be the next step in trying to find the issue?

Comments 20 CommentsJump to latest comment

Ashish-Sharma's picture

Symantec Endpoint Protection Manager (SEPM) 12.1 is not updating 32 or 64 bit virus definitions

http://www.symantec.com/business/support/index?page=content&id=TECH166923

In this case, check if the clients are connecting to the SEPM properly, check these Articles:

Symantec Endpoint Protection Manager 12.1 Communication Troubleshooting

http://www.symantec.com/docs/TECH160964

Troubleshooting communication problems between the management server and the client

http://www.symantec.com/docs/HOWTO55017

Then, Troubleshoot the Liveupdate Issue, check this Article:

Symantec Endpoint Protection: LiveUpdate Troubleshooting Flowchart

http://www.symantec.com/docs/TECH95790

Thanks In Advance

Ashish Sharma

 

 

.Brian's picture

What version of SEP? 11.x or 12.1?

Do the client have the green dot on the icon in the system tray?

Can the clients ping the server and vice versa?

See this:

Symantec Endpoint Protection: Troubleshooting Client/Server Connectivity

https://www.symantec.com/business/support/index?pa...

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Riya31's picture

Please post sylink logs for one of client

rbeier1221's picture

Connection tests check out fine. I can ping both ways, can telnet to the server on port 8014, viewed the apache logs and saw the connections, and even redid the secars test and got the OK.

We are using 12.1

How do you generate a sylink log? I followed the instructions for changing the registry, but so far no report. Not sure if it will take some time or not.

Thanks for  the replies!

 

.Brian's picture

it depends on what your heartbeat is set to.

You can force a check in by right clicking the SEP icon and "Update Policy"

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

rbeier1221's picture

Sylink file attached. Thanks for the help.

AttachmentSize
sylink1.zip 25.98 KB
.Brian's picture

Check the System log on your client.

Open the GUI >> View Logs >> Client Management >> View Logs >> System Log

Are there errors in here about content updates failing?

How many clients is this happening on?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

pete_4u2002's picture

client is downloading full definition around 208 MB

rbeier1221's picture

There is. Doesn't say much, just: Downloaded new content update from Group Update Provider Failed.

There is also a remote file path listed that is not accessible.

.Brian's picture

Check your LiveUpdate policy to ensure its still correct. Make sure the GUP is valid and online. You're using a GUP, right?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

rbeier1221's picture

That is my understanding, but I am new to this product. Just took over about 2 months ago and I am not too familiar with the interface. I have been looking through SEP Manager to try and understand all of the settings.

.Brian's picture

To check your LU policy in SEPM go to,

Policies page

Select LiveUpdate

On the right side, select the applicable LU policy for whichever group these clients belong in.

Open it up and select Server Settings

On this tab, right in the middle is the Group Update Provider button, select it.

Your GUP settings are in here. Make sure it is still a valid GUP. You can also set the option to bypass the GUP after "x" amount of time and get updates directly from the SEPM.

You definitely need to validate these settings to make sure they are still relevant.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION
rbeier1221's picture

Okay, we are not using a GUP. Our current LiveUpdate server settings are:

Use the default management server

Use a LiveUpdate Server > Use the default Symantec LiveUpdate server

To answer your previous question this is happening on about 34 clients and the rest are either up to date or offline. This is also happening on a second server at a different location with about 17 users.

.Brian's picture

As a test, would it be possible to move one of the out of date clients to a group that has the up to date clients in it?

I suspected corrupt definitions but 34 seems a bit high to me.

What happens if you try to update via LiveUpdate?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Vikram Kumar-SAV to SEP's picture

looks to be same issue

https://www-secure.symantec.com/connect/forums/updating-endpoint-clients#comment-6960041

Try this:

http://www.symantec.com/business/support/index?page=content&id=TECH94322

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

rbeier1221's picture

Technically they are all out of date, just some not past the out of date threshold. Which doesn't make much sense to me. They are all also part of the same group. frown

Running LiveUpdate from the client works just fine.

Currently the windows firewall is off, but I did put the rule in place just to make sure. Also tried restarting the services with no luck.

John Santana's picture

which service that you restarted ?

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

rbeier1221's picture

Adding the GUP settings seems to have fixed the issue. Currently Houston is getting updates and now I will apply the same settings to Austin. Thanks for all the help!

John Santana's picture

Woot woot..!

thanks for the share rBieBer.

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

rbeier1221's picture

So Austin is still not working. I have mirrored the settings between the two locations. I did ask someone to manually update (right click > Update Policy) and see what happens. They are still out of date. When I try to do a Secars test I get a 403 error, page cannot be displayed.  Running the SEP Support tool produces no errors.