Endpoint Protection

Hi all

Ihave a problem with virus definition on SEP 11 clients.

more than 50% of the clients(about 320 clients) are stuck with virus definition from 3/2/2011 and and dont get new definition.

i can see that the truescan and IPS definition vertion are up to date.

how can i trubleshoot this problem.

thanks for the help

is the SEPM updated with the latest definition?

post the sylink logs from one of the client machine.

Hi,

Are the clients having issues present on the same network?  And yes like Pete said, please post the sylink logs from one of the client machine. Also check to see if all the clients are reporting to the manager fine. If you do have corrupted definitions on these machines, they could stall the definition update on the clients.

Cheers!

post the sylink logs, the one you  posted is sylink xml.

use the URL to gather the logs

http://www.symantec.com/business/support/index?page=content&id=TECH104758&locale=en_US

thanks for the quick Response.

the sepm is updated with the last definition(like i said 50% of the client get the new definition)

and the clients reporting to the manage server(i can see the green dot on the sep icon).

hare is he sylink.xml from one of the computers:

***[0x39c]:[2011-02-28 10:36:51:250]***SylinkMonitor Stopped

***[0x39c]:[2011-02-28 10:36:52:718]***SylinkMonitor Started
02/28 10:36:56 [3940] SyLinkCreateConfig => Created instance: 0380B750
02/28 10:36:56 [3940] Importing ConfigObject: 01D53CF8 into: 0380B750
02/28 10:36:56 [3940] <LUThreadProc> Got ConfigObject to proceed the operation.. pSylinkConfig: 0380B750
02/28 10:36:56 [3940] <LUThreadProc>Starting LU download.
02/28 10:36:56 [3940] <LUThreadProc>Got a valid context from GetCurrentServerEx
02/28 10:36:56 [3940] <LUThreadProc>Setting the session timeout on LUSession to 2 min.
02/28 10:36:56 [3940] <mfn_MakeGetLUFileIISUrl:>Requested Content Path is: /content/{C60DC234-65F9-4674-94AE-62158EFCA433}/110227003/Full.zip
02/28 10:36:56 [3940] <GetLUFileRequest:>IIS URL: /content/{C60DC234-65F9-4674-94AE-62158EFCA433}/110227003/Full.zip
02/28 10:36:56 [3940] <GetLUFileRequest:>http://192.168.1.84:80/content/{C60DC234-65F9-4674-94AE-62158EFCA433}/110227003/Full.zip
02/28 10:36:56 [3940] <GetLUFileRequest:>RESUME download: C:\Program Files\Symantec AntiVirus\LiveUpdate\LUF11A.tmp
02/28 10:36:56 [3940] <GetLUFileRequest:>IIS return=206
02/28 10:36:56 [3940] <mfn_DoGetLUFile200>Downloading LU file from server. Moniker: {C60DC234-65F9-4674-94AE-62158EFCA433}Server File Path:/content/{C60DC234-65F9-4674-94AE-62158EFCA433}/110227003/Full.zipLocal Path:C:\Program Files\Symantec AntiVirus\LiveUpdate\LUF11A.tmp
02/28 10:37:06 [2208] <ScheduleNextUpdate>Manually assigned heartbeat=1 seconds
02/28 10:37:06 [4024] AH: (InetWaiting) urgent exit event on InetCtrlBlock: 01C5D3E8
02/28 10:37:06 [4024] Throw Internet Exception, Error Code=997;AH: failed to send request...
02/28 10:37:06 [4024] <MaintainPushConnection:>COMPLETED
02/28 10:37:06 [4024] <ScheduleNextUpdate>new scheduled heartbeat=32 seconds
02/28 10:37:06 [4024] HEARTBEAT: Check Point 8
02/28 10:37:06 [4024] <PostEvent>going to post event=EVENT_SERVER_DISCONNECTED
02/28 10:37:06 [4024] <PostEvent>done post event=EVENT_SERVER_DISCONNECTED, return=0
02/28 10:37:06 [4024] <IndexHeartbeatProc>====== IndexHeartbeat Procedure stops at 10:37:06 ======
02/28 10:37:06 [4024] <IndexHeartbeatProc>Set Heartbeat Result= 2
02/28 10:37:06 [4024] <IndexHeartbeatProc>Sylink Comm.Flags: 'Connection Failed' = 0, 'Using Backup Sylink' = 0, 'Using Location Config' = 0
02/28 10:37:06 [4024] Use new configuration
02/28 10:37:06 [4024] HEARTBEAT: Check Point Complete
02/28 10:37:06 [4024] <IndexHeartbeatProc>Done, Heartbeat=32seconds
02/28 10:37:06 [4024] </CSyLink::IndexHeartbeatProc()>
02/28 10:37:06 [4024] <CheckHeartbeatTimer>====== Heartbeat loop stops at 10:37:06 ======
02/28 10:37:34 [3728] <CSyLink::mfn_DownloadNow()>
02/28 10:37:34 [3728] </CSyLink::mfn_DownloadNow()>
02/28 10:37:39 [4024] <CheckHeartbeatTimer>====== Heartbeat loop starts at 10:37:39 ======
02/28 10:37:40 [4024] <GetOnlineNicInfo>:Netport Count=1
02/28 10:37:40 [4024] <GetOnlineNicInfo>:NicInfo<SSANICs><SSANIC Ip="192.168.30.158" Mac="00-1c-25-d4-fc-e8" Gateway="192.168.30.254" SubnetMask="0.0.0.0"/></SSANICs>
02/28 10:37:40 [4024] <CalcAgentHashKey>:CH=E50C1E070A0A01540066A008B48277F011-4-040domain.com57D7B14082E935A8A3067773F50251E2
02/28 10:37:40 [4024] <CalcAgentHashKey>:CHKey=78FDFF021732EC0B2A80C9374D71A1B3
02/28 10:37:40 [4024] <CalcAgentHashKey>:C=E50C1E070A0A01540066A008B48277F011-4-040domain.com
02/28 10:37:40 [4024] <CalcAgentHashKey>:CKey=ACDDC3749083783BDF64D4AF39874901
02/28 10:37:40 [4024] <CalcAgentHashKey>:UCH=E50C1E070A0A01540066A008B48277F00userdomain.com1-4-040domain.com57D7B14082E935A8A3067773F50251E2
02/28 10:37:40 [4024] <CalcAgentHashKey>:UCHKey=F722562C4214F76AD06A1D6E27C10A19
02/28 10:37:40 [4024] <CalcAgentHashKey>:UC=E50C1E070A0A01540066A008B48277F00userdomain.com1-4-040domain.com
02/28 10:37:40 [4024] <CalcAgentHashKey>:UCKey=8E8AB794FE4ECA4D4203B7627206D83D
02/28 10:37:40 [4024] <DoHeartbeat>HardwareID=57D7B14082E935A8A3067773F50251E2
02/28 10:37:40 [4024] <DoHeartbeat>CHKey=78FDFF021732EC0B2A80C9374D71A1B3
02/28 10:37:40 [4024] <DoHeartbeat>CKey=ACDDC3749083783BDF64D4AF39874901
02/28 10:37:40 [4024] <DoHeartbeat>UCHKey=F722562C4214F76AD06A1D6E27C10A19
02/28 10:37:40 [4024] <DoHeartbeat>UCKey=8E8AB794FE4ECA4D4203B7627206D83D
02/28 10:37:40 [4024] <DoHeartbeat> Set heartbeat event
02/28 10:37:40 [4024] Use new configuration
02/28 10:37:40 [4024] <CSyLink::IndexHeartbeatProc()>
02/28 10:37:40 [4024] <IndexHeartbeatProc> Got ConfigObject to proceed the operation.. pSylinkConfig: 01D53CF8
02/28 10:37:40 [4024] <IndexHeartbeatProc>====== Reg Heartbeat loop starts at 10:37:40 ======
02/28 10:37:40 [4024] HEARTBEAT: Check Point 1
02/28 10:37:40 [4024] Get First Server!
02/28 10:37:40 [4024] HEARTBEAT: Check Point 2
02/28 10:37:40 [4024] <PostEvent>going to post event=EVENT_SERVER_CONNECTING
02/28 10:37:40 [4024] <PostEvent>done post event=EVENT_SERVER_CONNECTING, return=0
02/28 10:37:40 [4024] HEARTBEAT: Check Point 3
02/28 10:37:40 [4024] <IndexHeartbeatProc>Setting the session timeout on Profile Session to 30000
02/28 10:37:40 [4024] HEARTBEAT: Check Point 4
02/28 10:37:40 [4024] <IndexHeartbeatProc>===Get Index STAGE===
02/28 10:37:40 [4024] ************CSN=456020
02/28 10:37:40 [4024] <mfn_MakeGetIndexUrl:>Request is: action=12&hostid=64C54CD80A0A015400BE0446DFE7253A&chk=78FDFF021732EC0B2A80C9374D71A1B3&ck=ACDDC3749083783BDF64D4AF39874901&uchk=F722562C4214F76AD06A1D6E27C10A19&uck=8E8AB794FE4ECA4D4203B7627206D83D&hid=57D7B14082E935A8A3067773F50251E2&groupid=E50C1E070A0A01540066A008B48277F0&mode=0&hbt=300&as=456020&cn=[hex]312D342D303430&lun=[hex]72696E617474&udn=[hex]4D4144412E434F2E494C
02/28 10:37:40 [4024] <GetIndexFileRequest:>http://192.168.1.84:80/secars/secars.dll?h=69EAE92359B75C78D959F73DDEA34C40DD4AE348F6C2851A6D5B77422BEDD354862A00BB3E330D51F04CBAD02ECF20497DF65FF0184FED325917C654BC89E3913AD8A142B6A44994A61CB6ECDF700732025A28A31FF3B9198FD051C08B8C5176B0CF972E8A4CA86D3B7E00BC5C8D17C78387CBD19FF588FE56A93AD849841434E9FC4383EB366E51375504CDD79E5F6CDEFBB79482CC8111ACAA56AF4C863D1D50348B6749A2A3EF32B3D118F5485A288225BD9FED2A6B9BFAC11B368C517E22BAA94133A2E4E2DA5BEF1916A867BCB69529B21436E0D25E5C55D1F735DCA5D2AC6EF45467D374CEAA4F60039715734A304C816FBFE13EAECB2E7361155633A0CF2D29CD14D8F04DFE3D8F929B3AA51E930449AFCB3BB3D5D5B5B68144272C09845C0CB2783727573163810B77F1CFA2A299A6EDE1A283E32C66D56172DCCCA0B29A4FDC87B9A1273EC798047CFA663F09D979AEFF80D09A67549F2959597958F248E0D0252D493527319FFFF6E4E1905EBE4D34A49A424F8FE214AE685968C2
02/28 10:37:40 [4024] <GetIndexFileRequest:>SMS return=200
02/28 10:37:40 [4024] <ParseHTTPStatusCode:>200=>200 OK
02/28 10:37:40 [4024] <FindHeader>Sem-HashKey:=>78FDFF021732EC0B2A80C9374D71A1B3
02/28 10:37:40 [4024] <FindHeader>Sem-LANSensor:=>0
02/28 10:37:40 [4024] <FindHeader>Sem-Signatue:=>8D94D6F070A6FBF741A0C644F0525531ED6DC1126891B4C2C4C2234042598A981CB29BFD6A01EC299C8F7091EF6DBC2E2045C62DA823EF176C1AB1119EAAD665B23334F8129C625F966C216F65659CB8F67623A161CD1F86F8BCFC92BDD85139957F885B9891C35E656B1474A941D90464E8A38A70310AC6503ABD9B720D16AD
02/28 10:37:40 [4024] <mfn_DoGetIndexFile200>Content Lenght => 1384
02/28 10:37:40 [4024] SignIf::VerifySignature(data, dataLen, sig, sigLen) => Verification Successful..
02/28 10:37:40 [4024] <mfn_DoGetIndexFile200>Index File: <?xml version="1.0" encoding="UTF-8" ?><GroupIndex SiteID="E18502130A0A0154001F7FBEBBC041F2" ServerID="EF6FEB3E0A0A015401681460A9619930" GroupID="B39AC4710A0A0154003AC5DB09CD3ACE" GroupCheckSum="842CEA790A323210858413531" LastModifiedTime = "27/02/2011 18:32:55"> <Profile Checksum="5E79CCB5E8C83982514CEA93564A5BB5" SerialNumber="B39A-02/22/2011 10:49:43 329" LastModifiedTime="22/02/2011  10:49:55"/> <ConfigFile Checksum="F760A8BE0D3723BEB1B64A4D4B8BD3C4" LastModifiedTime="21/02/2011  12:08:42"/> <IDSFile Checksum="703A0AE1B8EC84B36CDBAECB7E800283" LastModifiedTime="22/02/2011  10:49:55"/> <SylinkFile Checksum="1941F9C2917710E6B26BFF3C30D4511E" LastModifiedTime="22/02/2011  10:49:55"/> <LSProfile Checksum="8827F7AAA31F6239E91F8B95A90B561E" SerialNumber ="B39A-02/22/2011 10:49:43 329" LastModifiedTime ="22/02/2011  10:49:55"/>
 <LiveUpdate>
  <File Checksum="5C45E534CB6B7CE08F2047829D19E3C7" DeltaFlag="1" FullSize="117551175" LastModifiedTime="1298824217698" Moniker="{C60DC234-65F9-4674-94AE-62158EFCA433}" Seq="110227003"/>
   <File Checksum="717C817C03E18E278CED87A0050A98AA" DeltaFlag="1" FullSize="119196612" LastModifiedTime="1298824002332" Moniker="{1CD85198-26C6-4bac-8C72-5D34B025DE35}" Seq="110227003"/>
   <File Checksum="D8D5F4829BBFCCFA6CE0541518D94A61" DeltaFlag="1" FullSize="951909" LastModifiedTime="1298780252630" Moniker="{42B17E5E-4E9D-4157-88CB-966FB4985928}" Seq="110226001"/>
   <File Checksum="9AEC6EEDD54DF2A8286EB064C5A86324" DeltaFlag="1" FullSize="932332" LastModifiedTime="1298692039859" Moniker="{D3769926-05B7-4ad1-9DCF-23051EEE78E3}" Seq="110225001"/>
   <File Checksum="46DED0D75A4E7984C54BDF87F5D7F5EB" DeltaFlag="1" FullSize="650307" LastModifiedTime="1209300291363" Moniker="{ECCC5006-EF61-4c99-829A-417B6C6AD963}" Seq="2008021700"/>
   <File Checksum="68C6231BF6C4D81FC3AC5A252F8C992F" DeltaFlag="1" FullSize="669829" LastModifiedTime="1222738802612" Moniker="{C25CEA47-63E5-447b-8D95-C79CAE13FF79}" Seq="80929016"/>
   <File Checksum="FCCB64E8019F52DE296666B7ACE417F3" DeltaFlag="1" FullSize="88188" LastModifiedTime="1223509616838" Moniker="{EA960B33-2196-4d53-8AC4-D5043A5B6F9B}" Seq="80820001"/>
   <File Checksum="3143DBA5CD2B0234E71DF540596FDA62" DeltaFlag="1" FullSize="1662247" LastModifiedTime="1223509626330" Moniker="{DB206823-FFD2-440a-9B89-CCFD45F3F1CD}" Seq="80820001"/>
   <File Checksum="4F82A5856362A8DD5E7DC4082392EDF7" DeltaFlag="1" FullSize="1419193" LastModifiedTime="1223509636399" Moniker="{C13726A9-8DF7-4583-9B39-105B7EBD55E2}" Seq="80820001"/>
   <File Checksum="636A7E8784A2E94CA72C89437EE53BC4" DeltaFlag="1" FullSize="6473" LastModifiedTime="1291289996240" Moniker="{4F889C4A-784D-40de-8539-6A29BAA43139}" Seq="101201096"/>
   <File Checksum="164B0C4F19F5B1F1E87EC2D8305EAAF2" DeltaFlag="1" FullSize="77350" LastModifiedTime="1298662858980" Moniker="{CC40C428-1830-44ef-B8B2-920A0B761793}" Seq="110225008"/>
   <File Checksum="BECE491574ED89CA6AE6F8635374C13F" DeltaFlag="1" FullSize="4602067" LastModifiedTime="1298662861918" Moniker="{812CD25E-1049-4086-9DDD-A4FAE649FBDF}" Seq="110225008"/>
   <File Checksum="9DA78EFCB4A33DFD202C6972782FC5FE" DeltaFlag="1" FullSize="4602092" LastModifiedTime="1298662875481" Moniker="{E1A6B4FF-6873-4200-B6F6-04C13BF38CF3}" Seq="110225008"/>
   <File Checksum="501FC52DB18E30ADDE598B1C69182B1A" DeltaFlag="1" FullSize="77334" LastModifiedTime="1298662890747" Moniker="{E5A3EBEE-D580-421e-86DF-54C0B3739522}" Seq="110225008"/>
 </LiveUpdate>
</GroupIndex>
02/28 10:37:40 [4024] <GetIndexFileRequest:>RECEIVE STAGE COMPLETED
02/28 10:37:40 [4024] <GetIndexFileRequest:>COMPLETED
02/28 10:37:40 [4024] <IndexHeartbeatProc>GetIndexFile handling status: 0
02/28 10:37:40 [4024] <IndexHeartbeatProc>Switch Server flag=0
02/28 10:37:40 [4024] HEARTBEAT: Check Point 5.1
02/28 10:37:40 [4024] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
02/28 10:37:41 [4024] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=0
02/28 10:37:41 [4024] <mfn_LiveUpdate:> Agent returned closest matching seq: 110203003
02/28 10:37:41 [4024] <Add2LUFileList:>Adding LU Info to LU Download File List: {C60DC234-65F9-4674-94AE-62158EFCA433}110227003
02/28 10:37:41 [4024] <Add2LUFileList:>File Info already exists, hence updating: {C60DC234-65F9-4674-94AE-62158EFCA433}110227003
02/28 10:37:41 [4024] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
02/28 10:37:41 [4024] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=1
02/28 10:37:41 [4024] <mfn_LiveUpdate> EVENT_LU_REQUIRE_STATUS returned ERROR_SYSTEM_UNKNOWN - Ignore LU content. Moniker: {1CD85198-26C6-4bac-8C72-5D34B025DE35} Seq:110227003
02/28 10:37:41 [4024] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
02/28 10:37:41 [4024] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=1
02/28 10:37:41 [4024] <mfn_LiveUpdate> EVENT_LU_REQUIRE_STATUS returned ERROR_SYSTEM_UNKNOWN - Ignore LU content. Moniker: {42B17E5E-4E9D-4157-88CB-966FB4985928} Seq:110226001
02/28 10:37:41 [4024] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
02/28 10:37:41 [4024] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=20
02/28 10:37:41 [4024] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
02/28 10:37:41 [4024] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=20
02/28 10:37:41 [4024] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
02/28 10:37:41 [4024] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=20
02/28 10:37:41 [4024] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
02/28 10:37:41 [4024] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=20
02/28 10:37:41 [4024] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
02/28 10:37:41 [4024] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=1
02/28 10:37:41 [4024] <mfn_LiveUpdate> EVENT_LU_REQUIRE_STATUS returned ERROR_SYSTEM_UNKNOWN - Ignore LU content. Moniker: {DB206823-FFD2-440a-9B89-CCFD45F3F1CD} Seq:80820001
02/28 10:37:41 [4024] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
02/28 10:37:41 [4024] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=20
02/28 10:37:41 [4024] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
02/28 10:37:41 [4024] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=20
02/28 10:37:41 [4024] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
02/28 10:37:41 [4024] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=1
02/28 10:37:41 [4024] <mfn_LiveUpdate> EVENT_LU_REQUIRE_STATUS returned ERROR_SYSTEM_UNKNOWN - Ignore LU content. Moniker: {CC40C428-1830-44ef-B8B2-920A0B761793} Seq:110225008
02/28 10:37:41 [4024] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
02/28 10:37:41 [4024] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=20
02/28 10:37:41 [4024] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
02/28 10:37:41 [4024] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=1
02/28 10:37:41 [4024] <mfn_LiveUpdate> EVENT_LU_REQUIRE_STATUS returned ERROR_SYSTEM_UNKNOWN - Ignore LU content. Moniker: {E1A6B4FF-6873-4200-B6F6-04C13BF38CF3} Seq:110225008
02/28 10:37:41 [4024] <PostEvent>going to post event=EVENT_LU_REQUIRE_STATUS
02/28 10:37:41 [4024] <PostEvent>done post event=EVENT_LU_REQUIRE_STATUS, return=20
02/28 10:37:41 [4024] <PostEvent>going to post event=EVENT_SERVER_ONLINE
02/28 10:37:41 [4024] <PostEvent>done post event=EVENT_SERVER_ONLINE, return=0
02/28 10:37:41 [4024] <ScheduleNextUpdate>Reset Heartbeat factor index, hearbeat=300 seconds
02/28 10:37:41 [4024] HEARTBEAT: Check Point 6
02/28 10:37:41 [4024] <mfn_PostAgentInfo>===REQUESTING PLUG-IN OP-STATE: AVMan
02/28 10:37:41 [4024] <mfn_PostAgentInfo>===REQUESTING PLUG-IN OP-STATE: LUMan
02/28 10:37:41 [4024] <mfn_PostAgentInfo>===REQUESTING CMC OP-STATE ===
02/28 10:37:41 [4024] <PostEvent>going to post event=EVENT_SERVER_REQUIRES_CLIENT_SESTATE
02/28 10:37:41 [4024] <PostEvent>done post event=EVENT_SERVER_REQUIRES_CLIENT_SESTATE, return=0
02/28 10:37:41 [4024] ReasonDescForFailure*** = Host Integrity check is disabled.
02/28 10:37:41 [4024] ReasonDescForFailure*** = Host Integrity check is disabled.
02/28 10:37:41 [4024] *** = <SSAInfo NameSpace="rpc" AgentID="64C54CD80A0A015400BE0446DFE7253A" ComputerID="020E60E10A0A015400BE044639955484" HardwareKey="57D7B14082E935A8A3067773F50251E2" GroupID="B39AC4710A0A0154003AC5DB09CD3ACE">
<AgentHIInfo Status="3" ReasonCode="0" ReasonDescForFailure="Host Integrity check is disabled."/>
<SSAHostInfo>
<NetworkIdentity UserDomain="domain.com" LogonUser="user" HostDomain="domain.com" HostName="1-4-040" HostDesc="racheli-cohen"/>
<SSAProduct Version="11.0.4000.2295"/>
<SSAOS Version="5.1.2600" Desc="Windows XP Professional " Type="17105154" ServicePack="Service Pack 3" Language="9"/>
<Processor ProcessorType="x86 Family 6 Model 15 Stepping 2" ProcessorClock="1795" ProcessorNum="2"/>
<Memory Size="534814720"/>
<Disk Letter="C:\" Size="52427898880"/>
<BIOS Version="LENOVO - 41"/>
<TpmDevice Id="0"/>
<SSAProfile Version="5.0.0" SerialNumber="B39A-02/22/2011 10:49:43 329"/>
<SSAIDS Version="" SerialNumber=""/>
<Deuce Signature="110225001"/>
<SSAUTC Bias="-120"/>
<DNSs><DNS Address="10.10.1.21"/><DNS Address="10.10.1.14"/></DNSs>
<WINSs><WINS Address="10.10.1.21"/><WINS Address="10.10.1.20"/></WINSs>
<DHCPServer Address="10.10.1.21"/><SSANICs><SSANIC Ip="192.168.30.158" Mac="00-1c-25-d4-fc-e8" Gateway="192.168.30.254" SubnetMask="0.0.0.0"/></SSANICs><Firewall OnOff="1" Installed="1"/>
</SSAHostInfo>
<RebootRequired Status="0"></RebootRequired>
<InstalledFeatures><Feature Id ="256"/></InstalledFeatures>
</SSAInfo>

02/28 10:37:41 [4024] <mfn_PostAgentInfo>Volatile op-state damper: 0, Interval passed: 67
02/28 10:37:41 [4024] <mfn_PostAgentInfo>Free memory difference: 5681152, Threshold: 23871270
02/28 10:37:41 [4024] <mfn_PostAgentInfo>Free disk space difference: 454656, Threshold: 2704889850
02/28 10:37:41 [4024] <PostEvent>going to post event=EVENT_SYLINK_QUERY_COMMANDSTATUS
02/28 10:37:41 [4024] <PostEvent>done post event=EVENT_SYLINK_QUERY_COMMANDSTATUS, return=0
02/28 10:37:41 [4024] <IndexHeartbeatProc>===UPLOAD STAGE===
02/28 10:37:41 [4024] <PostEvent>going to post event=EVENT_SERVER_READY_TO_UPLOAD_EVENT_LOG
02/28 10:37:41 [4024] <PostEvent>done post event=EVENT_SERVER_READY_TO_UPLOAD_EVENT_LOG, return=0
02/28 10:37:41 [4024] <IndexHeartbeatProc>===PREPARE EVENT LOG STAGE===
02/28 10:37:41 [4024] <PrepareEventLog>initialized technology extension processing ok
02/28 10:37:41 [4024] <CalcEventLogIndex>Need to send Event Log Type(0) from id 43 to 43
02/28 10:37:41 [4024] <PrepareEventLog>Allow total logs to send=1
02/28 10:37:41 [4024] <PrepareEventLog>nSecurityRecordsTotal=0
02/28 10:37:41 [4024] <PrepareEventLog>nSecurityRecordsToSend=0
02/28 10:37:41 [4024] <PrepareEventLog>nSystemRecordsTotal=1
02/28 10:37:41 [4024] <PrepareEventLog>nSystemRecordsToSend=100
02/28 10:37:41 [4024] <PrepareEventLog>nTrafficRecordsTotal=0
02/28 10:37:41 [4024] <PrepareEventLog>nTrafficRecordsToSend=0
02/28 10:37:41 [4024] <PrepareEventLog>nRawRecordsTotal=0
02/28 10:37:41 [4024] <PrepareEventLog>nRawRecordsToSend=0
02/28 10:37:41 [4024] <PrepareEventLog>nProcessRecordsTotal=0
02/28 10:37:41 [4024] <PrepareEventLog>nProcessRecordsToSend=0
02/28 10:37:41 [4024] <PrepareEventLog>nLANSensorRecordsTotal=0
02/28 10:37:41 [4024] <PrepareEventLog>nLANSensorRecordsToSend=0
02/28 10:37:41 [4024] <PrepareEventLog>nTechExtensionRecordsTotal=0
02/28 10:37:41 [4024] <PrepareEventLog>nTechExtensionRecordsToSend=0
02/28 10:37:41 [4024] <MakeSystemLog>The size of SYSTEM event logs is 405.
02/28 10:37:41 [4024] <SyLink>The size of SYSTEM event logs is 405.
02/28 10:37:41 [4024] <MakeSecurityLog>Attached total 0 bytes SECURITY event logs.
02/28 10:37:41 [4024] <MakeTrafficLog>Attached total 0 bytes TRAFFIC event logs.
02/28 10:37:41 [4024] <MakeRawTrafficLog>Attached total 0 bytes RAW TRAFFIC event logs.
02/28 10:37:41 [4024] <MakeProcessLog>Attached total 0 bytes process event logs.
02/28 10:37:41 [4024] <IndexHeartbeatProc>===COMPRESS EVENT LOG STAGE===
02/28 10:37:41 [4024] <IndexHeartbeatProc>===SEND EVENT LOG STAGE===
02/28 10:37:41 [4024] ************CSN=456021
02/28 10:37:41 [4024] <mfn_MakePostUrl:>Request is: action=195&hostid=64C54CD80A0A015400BE0446DFE7253A&chk=78FDFF021732EC0B2A80C9374D71A1B3&ck=ACDDC3749083783BDF64D4AF39874901&uchk=F722562C4214F76AD06A1D6E27C10A19&uck=8E8AB794FE4ECA4D4203B7627206D83D&groupid=E50C1E070A0A01540066A008B48277F0&as=456021&cn=[hex]312D342D303430&lun=[hex]72696E617474&udn=[hex]4D4144412E434F2E494C
02/28 10:37:41 [4024] <SendEventLogToServer>http://192.168.1.84:80/secars/secars.dll?h=488037E200CAB72983E03216EA6E061B4B9CD0EE38F9032E51D974E03ABBE6E90900A906C04F16F8472DEFA0034936B44A05D15315F5C84F2993AAD9323D0E7EE54A4AD56883D2E06465F83E782C45D2796F6A38BB1EBAA1A30C06464776E689D85E5BF1C7721FBD6C30F5CD2B0A8BC87C8DCEA5AC3359D79F28BD1E3C966173012750F2DC47F299D5D8719E0264C29AF2535AD75C9141B2BA8D75E13F84D694F8CD560E51D7C695BBC53E10A82D8C1C6C84EF860FBBD4BCDC4E31E173F7CAAE13D3D6DDB80452704D8E5570EB7DE9D7DF43792424B001B1CE517C0E9D33603C4CFD736AB1031FE3648F4F55A52DB5BD56EEA62D0C1F9FAC9FA900B1C841317353306CE652272943A53D8FFFCA3EB0788D2C58DA5F5AEEDA3CA02EE95BA8B567E4ECE40F7E68FDB4BAA4334FAB84E6FB70958639FCED09C592F8EEB8A9E6DD889DE19F6E2091D12B305B8CE98BB5636B
02/28 10:37:41 [4024] <SendEventLogToServer>eventlog-->SMS, size=352
02/28 10:37:41 [4024] <SendEventLogToServer>uploads the eventlog to server, size=352
02/28 10:37:41 [4024] <SendEventLogToServer>Query return code = 200
02/28 10:37:41 [4024] <SendEventLogToServer>EventLog-->SEM DONE!
02/28 10:37:41 [4024] <PostEvent>going to post event=EVENT_SERVER_EVENT_LOG_SENT
02/28 10:37:41 [4024] <PostEvent>done post event=EVENT_SERVER_EVENT_LOG_SENT, return=0
02/28 10:37:41 [4024] <IndexHeartbeatProc>Communication Mode=0(Push Mode)
02/28 10:37:41 [4024] <IndexHeartbeatProc>Enter Push Session
02/28 10:37:41 [4024] <IndexHeartbeatProc>Setting the session timeout on Profile Session (for MaintainPushConnection) to 320000
02/28 10:37:41 [4024] <MaintainPushConnection:>Push Connecton!
02/28 10:37:42 [4024] ************CSN=456022
02/28 10:37:42 [4024] <mfn_MakeGetPushUrl:>Request is: action=128&hostid=64C54CD80A0A015400BE0446DFE7253A&chk=78FDFF021732EC0B2A80C9374D71A1B3&ck=ACDDC3749083783BDF64D4AF39874901&uchk=F722562C4214F76AD06A1D6E27C10A19&uck=8E8AB794FE4ECA4D4203B7627206D83D&groupid=E50C1E070A0A01540066A008B48277F0&mode=0&as=456022
02/28 10:37:42 [4024] <MaintainPushConnection:>http://192.168.1.84:80/secars/secars.dll?h=B4F8B379120A372B5E1089C1225A46284B9CD0EE38F9032E51D974E03ABBE6E90900A906C04F16F8472DEFA0034936B44A05D15315F5C84F2993AAD9323D0E7EE54A4AD56883D2E06465F83E782C45D2796F6A38BB1EBAA1A30C06464776E689D85E5BF1C7721FBD6C30F5CD2B0A8BC87C8DCEA5AC3359D79F28BD1E3C966173012750F2DC47F299D5D8719E0264C29AF2535AD75C9141B2BA8D75E13F84D694F8CD560E51D7C695BBC53E10A82D8C1C6C84EF860FBBD4BCDC4E31E173F7CAAE13D3D6DDB80452704D8E5570EB7DE9D7DF43792424B001B1CE517C0E9D33603C4CFD736AB1031FE3648F4F55A52DB5BDFF860DEB42BADD93A3E9D1C8B04751AEFF5AE043E7612FC0F8699443F399FDB0
02/28 10:38:04 [3940] Throw Internet Exception, Error Code=997;AH failed to read internet file
02/28 10:38:04 [3940] CInternetException: <mfn_DoGetLUFile200>: Overlapped I/O operation is in progress.

02/28 10:38:04 [3940] <mfn_DoGetLUFile200>Read file from server failed. error code:317
02/28 10:38:04 [3940] File download returns status code=13
02/28 10:38:04 [3940] <GetLUFileRequest:>RECEIVE STAGE COMPLETED
02/28 10:38:04 [3940] <GetLUFileRequest:>COMPLETED
02/28 10:38:04 [3940] <LUThreadProc> - GETLUFILE_READ_ERROR getting content moniker: {C60DC234-65F9-4674-94AE-62158EFCA433}; revision: 110227003 from server: 192.168.1.84
02/28 10:38:04 [3940] LU file download failed.
02/28 10:38:04 [3940] SyLinkDeleteConfig => Deleting instance: 0380B750
02/28 10:38:04 [3940] <IsLUTempFileValid:> File: C:\Program Files\Symantec AntiVirus\LiveUpdate\LUF11A.tmp is currently used
02/28 10:38:34 [3728] <CSyLink::mfn_DownloadNow()>
02/28 10:38:34 [3728] </CSyLink::mfn_DownloadNow()>
02/28 10:39:04 [3940] SyLinkCreateConfig => Created instance: 01C8F0D0
02/28 10:39:04 [3940] Importing ConfigObject: 01D53CF8 into: 01C8F0D0
02/28 10:39:04 [3940] <LUThreadProc> Got ConfigObject to proceed the operation.. pSylinkConfig: 01C8F0D0
02/28 10:39:04 [3940] <LUThreadProc>Starting LU download.
02/28 10:39:04 [3940] <LUThreadProc>Got a valid context from GetCurrentServerEx
02/28 10:39:04 [3940] <LUThreadProc>Setting the session timeout on LUSession to 2 min.
02/28 10:39:04 [3940] <mfn_MakeGetLUFileIISUrl:>Requested Content Path is: /content/{C60DC234-65F9-4674-94AE-62158EFCA433}/110227003/Full.zip
02/28 10:39:04 [3940] <GetLUFileRequest:>IIS URL: /content/{C60DC234-65F9-4674-94AE-62158EFCA433}/110227003/Full.zip
02/28 10:39:04 [3940] <GetLUFileRequest:>http://192.168.1.84:80/content/{C60DC234-65F9-4674-94AE-62158EFCA433}/110227003/Full.zip
02/28 10:39:04 [3940] <GetLUFileRequest:>RESUME download: C:\Program Files\Symantec AntiVirus\LiveUpdate\LUF11A.tmp
02/28 10:39:08 [3940] <GetLUFileRequest:>IIS return=206
02/28 10:39:08 [3940] <mfn_DoGetLUFile200>Downloading LU file from server. Moniker: {C60DC234-65F9-4674-94AE-62158EFCA433}Server File Path:/content/{C60DC234-65F9-4674-94AE-62158EFCA433}/110227003/Full.zipLocal Path:C:\Program Files\Symantec AntiVirus\LiveUpdate\LUF11A.tmp
02/28 10:39:34 [3728] <CSyLink::mfn_DownloadNow()>
02/28 10:39:34 [3728] </CSyLink::mfn_DownloadNow()>
02/28 10:39:38 [3940] Throw Internet Exception, Error Code=997;AH failed to read internet file
02/28 10:39:38 [3940] CInternetException: <mfn_DoGetLUFile200>: Overlapped I/O operation is in progress.

02/28 10:39:38 [3940] <mfn_DoGetLUFile200>Read file from server failed. error code:317
02/28 10:39:38 [3940] File download returns status code=13
02/28 10:39:38 [3940] <GetLUFileRequest:>RECEIVE STAGE COMPLETED
02/28 10:39:38 [3940] <GetLUFileRequest:>COMPLETED
02/28 10:39:38 [3940] <LUThreadProc> - GETLUFILE_READ_ERROR getting content moniker: {C60DC234-65F9-4674-94AE-62158EFCA433}; revision: 110227003 from server: 192.168.1.84
02/28 10:39:38 [3940] LU file download failed.
02/28 10:39:38 [3940] SyLinkDeleteConfig => Deleting instance: 01C8F0D0
02/28 10:39:38 [3940] <IsLUTempFileValid:> File: C:\Program Files\Symantec AntiVirus\LiveUpdate\LUF11A.tmp is currently used
02/28 10:40:34 [3728] <CSyLink::mfn_DownloadNow()>
02/28 10:40:34 [3728] </CSyLink::mfn_DownloadNow()>
02/28 10:40:38 [3940] SyLinkCreateConfig => Created instance: 0380B750
02/28 10:42:19 [3940] Importing ConfigObject: 01D53CF8 into: 0380B750
02/28 10:42:19 [3940] <LUThreadProc> Got ConfigObject to proceed the operation.. pSylinkConfig: 0380B750
02/28 10:42:19 [3940] <LUThreadProc>Starting LU download.
02/28 10:42:19 [1016] <SetClientAuth>Received new User/Domain from SMC..  User: user User Domain: domain
02/28 10:42:19 [3940] <LUThreadProc>Got a valid context from GetCurrentServerEx
02/28 10:42:19 [1016] <SetClientAuth>Getting RDNS Domain Name (user domain in AD setup)..
02/28 10:42:19 [3940] <LUThreadProc>Setting the session timeout on LUSession to 2 min.
02/28 10:42:19 [3940] <mfn_MakeGetLUFileIISUrl:>Requested Content Path is: /content/{C60DC234-65F9-4674-94AE-62158EFCA433}/110227003/Full.zip
02/28 10:42:19 [3940] <GetLUFileRequest:>IIS URL: /content/{C60DC234-65F9-4674-94AE-62158EFCA433}/110227003/Full.zip
02/28 10:42:19 [3940] <GetLUFileRequest:>http://192.168.1.84:80/content/{C60DC234-65F9-4674-94AE-62158EFCA433}/110227003/Full.zip
02/28 10:42:19 [3940] <GetLUFileRequest:>RESUME download: C:\Program Files\Symantec AntiVirus\LiveUpdate\LUF11A.tmp
02/28 10:42:19 [1016] <GetLoginRdnsDomain>DNS domain=domain.com
02/28 10:42:19 [1016] <SetClientAuth>Setting the User Domain to RDNS Domain ..
02/28 10:42:19 [1016] <SetClientAuth>Logged in user info set to: domain.com/user
02/28 10:42:19 [1016] <SetClientAuth>Marking User Change Notify to redo registration..
02/28 10:42:19 [3940] <GetLUFileRequest:>IIS return=206
02/28 10:42:19 [3940] <mfn_DoGetLUFile200>Downloading LU file from server. Moniker: {C60DC234-65F9-4674-94AE-62158EFCA433}Server File Path:/content/{C60DC234-65F9-4674-94AE-62158EFCA433}/110227003/Full.zipLocal Path:C:\Program Files\Symantec AntiVirus\LiveUpdate\LUF11A.tmp
 

 thanks for the help

what is the verion of your internet explorer ? 8 , uninstall and install a lower version...

02/28 10:39:38 [3940] Throw Internet Exception, Error Code=997;AH failed to read internet file
02/28 10:39:38 [3940] CInternetException: <mfn_DoGetLUFile200>: Overlapped I/O operation is in progress

if any proxy in between, allow the proxy connection.

Hi,

Do you encounter the issue on both 32 bit and 64 bit client operating systems ?

Because in some cases it's observed that a particular operating systems does not update.

Is IE9 installed on these machines? If so, you will want to ensure those machines have RU6 MP2 (11.0.6200):

From:

Release notes for Endpoint Protection and Network Access Control 11
http://www.symantec.com/docs/TECH103087

sandra