Endpoint Protection

Hi,

We have Symantec Endpoint Protection Protection with Proactive threat protection installed on a Windows 7 x64 box.

Antivirus and Network Protection are getting updates, but Proactive threat protection does not. I tried removing the agent, and reinstalled it but same issue. From the client Im able to ping the management server and telnet to the <managementip>:9090

We have many other clients on the same network that does not have any issue, they are reciving updates from a central management server.

Im not to familiar with SEPM, but I was wondering abount one thing.... When i check add/remove programs I can see Symantec Endpoint Protection icon there, but should there also be a LiveUpdate (Symantec Corporation) icon there ? I do have the LiveUpdate service within Services, and its set to manually.

Any suggestions to why I dont get any updates, not it only say "Waiting for updates"

Regards

Ole

Check this download

https://www-secure.symantec.com/connect/downloads/ptp-services-not-working-sep

Check the attached files on the first post, there are versions there ?

I tried the link, but in the troubleshooting word doc it refers to a path in the regedit that i dont have, See attached file.

For information now Proactive Threat Protection say: Defenitions: 29.september 2008 r17... now this is very old, have tried a manual update from "Help and Support->Troubleshooting->Update" but no change.

regards

ole

Check the contents of the

This problem might be related to a corruption of PTP definitions. To fix it:
 - Rename "C:\ProgramData\Symantec\Syknapps" folder on impacted machine
 - Copy Syknapps folder from similar system but updated, and past it on impacted machine

Please note that PTP is anyway only partially supported on 64bit OS:
http://www.symantec.com/docs/TECH102143

This has been improved in SEP 12.1 and all SEP client features are now fully compatible with both 32 and 64bit machines.

Hello,

Could you please let us know the exact version of SEP you have installed on your Windows 7 64 bit machines?

I believe you are running the SEP 11.x, are you ?

Is this Issue happening on 1 machine or multiple machines??

In your case, you may have to work on the steps provided in Articles below:

Proactive Threat Protection definitions will not update, showing "Waiting for updates" or initial install definitions

http://www.symantec.com/docs/TECH171458 

Symantec Endpoint Protection error: PTS (or TruScan) has generated an error: code 11: description: Whitelist Failure

http://www.symantec.com/docs/TECH103825

How to Uninstall and Reinstall LiveUpdate When a Symantec Endpoint Protection Manager or Symantec Endpoint Protection Client is Installed

http://www.symantec.com/docs/TECH102609

Incase, if you are carrying SEP 11, then work on the steps provided in the Article below:

http://www.symantec.com/docs/TECH103176

If you are carrying SEP 12.1, then work on the steps provided in the Article below:

http://www.symantec.com/docs/HOWTO59193

Also Check these Similar Threads: https://www-secure.symantec.com/connect/forums/syknapps-update-not-retrieveddownload-when-running-liveupdate

https://www-secure.symantec.com/connect/forums/proactive-threat-protection-showing-waiting-updates

Hope that helps!!

Hi,

Thanks for fast reply.

SEP version 11.0.5002.333, its installed on a Windows 7 x64 computer

There is only 1 computer that have the problem that I know off. On the computer located under c:\User\All Users\<username>\Application\Symantec\SyKnappS the following folder and files where located:

Folder(empty): Freezer, LiveUpdate, Updates

Files: patch25.dll and SyKnAppS.dll

So I stopped the SEP and renamed the folder, and copied over from another machine that works the following files

07.08.2012  13:10    <DIR>          .
07.08.2012  13:10    <DIR>          ..
02.08.2012  13:53               229 cal.grd
02.08.2012  13:53             2ÿ609 cal.sig
02.08.2012  13:53           258ÿ048 cal.wlt
02.08.2012  14:53               232 cohcol.grd
02.08.2012  14:53             2ÿ609 cohcol.sig
02.08.2012  14:53        19ÿ898ÿ368 cohcol.wlt
07.08.2012  13:10                 0 dir.txt
22.03.2011  14:26    <DIR>          Freezer
02.08.2012  14:53    <DIR>          LiveUpdate
02.11.2010  16:31           136ÿ840 patch25.dll
02.11.2010  16:31         1ÿ291ÿ104 SyKnAppS.dll
22.03.2011  14:26    <DIR>          Updates

After that I startet the service again, but the same error is on the icon. Tried to "get updates" but same issue.

Can I manually change some files so that the client will connect to the internet instead of the local server we have ? If thats possible, what files do I need to configure, and what command can I run to force a manuall update ?

I have also attached the Log.LiveUpdate but I dont see anything wrong in this file..

Regards

Ole

Attachment(s)

Log_15.zip   119 KB 1 version

Hi, 

   Once try to uninstall and reinstall the SEP. Then check it ..

I have alredady tried to reinstall the agent.

For information, I have tested also the following things

from the client: telnet <management ip> 8014 = ok

from the client: web browser http://<management server:9090 shows the web page

from the client: http://<management server>:8014/secars?hello,secars sometimes say OK, but if I refresh the page it say Service Unabailable. I did try to follow the Troubleshooting Client/Sever Connectivity, but did not find any problem. See attached file for picture.

I have not setup this system, so im not familiar with it, but I can see that we have many clients that has the SEP agent installed, but are noe shown in the management console. If I add these im not able to communicate with these, so there are many computers with icon that has not a green dott.

Regards

ole

Hello,

Would it be possible for you to install the Latest client version of SEP 11.0.7101 and above on the client machine of Windows 7?

Also, check this Thread: https://www-secure.symantec.com/connect/forums/sep-11x-ptp-waiting-updates

Hope that resolves the issue!!

Hi,

Try to install the latest  Clinet version and check the results...

Hi,

Yes I could install the latest version of the client, do you have a link for downloading this client? If we need to do anything with the management server then its no possible, because this im not allowed to change.

Im not to familiar with SEP, so here you need to guide me :)

I will check out the link, but it seems that there where no solution on that thread.

Regards

ole

Hello,

Yes, you may need to Migrate the SEPM to the Latest version as well.

However, you may try to install the Latest version of SEP unmanaged client on your machine and check if that resolves the issue.

Once it resolves the issue on the client machine, you could let the administrators know about the same.

To Download the Latest version, you would have to visit : https://fileconnect.symantec.com/

Insert the Serial Number and Download the SEP 11.0.RU7 MP2 DVD and unzip the same.

Once unziped, install the SEP client as unmanaged client on your client machine and check if that helps.

Secondly, It is important to maintain consistency of Software Versions throughout a SEP 11 Organization, check this Article:

About Maintaining Consistency of Software Versions throughout a SEP 11 Organization

http://www.symantec.com/business/support/index?page=content&id=TECH131660

Hope that helps!!