Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

PTP definitions on SEPM stuck on 23/08/2012

Created: 18 Sep 2012 • Updated: 25 Sep 2012 | 14 comments
This issue has been solved. See solution.

Hi.

Recently (end of August 2012) I migrated from SEPM 11 RU6 MP1a to SEPM 12.1 RU1 MP1.

I started to upgrade a few clients with the latest client. All good except the PTP (SONAR) defs.

Its 19/09/2012 and still the clients have SONAR defs of 23/08/2012 while the sep 11 client get their regular updates.

I found this discussion on https://www-secure.symantec.com/connect/forums/ptp-not-updating-all-other-definitions-are-uptodate

about the same matter but it said it would be a temporary thing, since then (06/09) no updates came.

Tried stopping the server deleting the associated updates from liveupdate folders - symcdata - content folders nad running LUALL but I  got the same defs as before).

What goes on ???

Thanks

Comments 14 CommentsJump to latest comment

pete_4u2002's picture

when you run the LIveupdate on SEPM, is there any error message?

can you post log.liveupdate?

Vrakas Bassilios's picture

19 Sep 2012 1:22:21 μμ EEST:  LiveUpdate succeeded.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:21 μμ EEST:  LUALL.EXE finished running.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:21 μμ EEST:  LUALL.EXE finished.  There were no new content updates. Return code = 1.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:19 μμ EEST:  No updates found for Centralized Reputation Settings 12.1.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:19 μμ EEST:  No updates found for SONAR scan engine Win32 11.0.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:19 μμ EEST:  No updates found for AP Portal List 12.1 RU2.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:19 μμ EEST:  No updates found for TruScan proactive threat scan commercial application list Win32 11.0.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:19 μμ EEST:  No updates found for SONAR scan whitelist Win64 11.0.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:19 μμ EEST:  No updates found for Virus and Spyware definitions Win32 12.1.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:19 μμ EEST:  No updates found for Intrusion Prevention signatures Win64 11.0.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:19 μμ EEST:  No updates found for Client Intrusion Detection System signatures 12.1.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:19 μμ EEST:  No updates found for Revocation Data.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:19 μμ EEST:  No updates found for SONAR scan engine Win64 11.0.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:19 μμ EEST:  No updates found for Submission Control signatures 11.0.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:19 μμ EEST:  No updates found for Submission Control signatures 12.1.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:19 μμ EEST:  No updates found for SONAR scan data 11.0.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:19 μμ EEST:  No updates found for Symantec Whitelist 12.1.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:19 μμ EEST:  No updates found for SONAR Heuristics engine 12.1.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:19 μμ EEST:  No updates found for SONAR scan whitelist Win32 11.0.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:19 μμ EEST:  No updates found for TruScan proactive threat scan commercial application list Win64 11.0.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:19 μμ EEST:  No updates found for SONAR scan commercial application engine 11.0.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:18 μμ EEST:  No updates found for Extended File Attributes and Signatures 12.1 RU2.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:18 μμ EEST:  No updates found for Virus and Spyware definitions Win64 12.1.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:18 μμ EEST:  No updates found for Symantec Endpoint Protection Manager Content Catalog 12.1.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:18 μμ EEST:  No updates found for Intrusion Prevention signatures Win32 11.0.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:18 μμ EEST:  No updates found for Symantec Endpoint Protection Win64 11.0.7000.975 (English).  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:18 μμ EEST:  No updates found for Symantec Endpoint Protection Win64 12.1 (English).  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:18 μμ EEST:  No updates found for Symantec Endpoint Protection Win32 11.0.7000.975 (English).  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:18 μμ EEST:  No updates found for Symantec Endpoint Protection Win32 12.1 (English).  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:17 μμ EEST:  No updates found for SPC AntiVirus Client Mac 11.0 (English).  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:21:16 μμ EEST:  LUALL.EXE has been launched.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:21:15 μμ EEST:  Download started.  [Site: xxx]  [Server: xxx]

Vrakas Bassilios's picture

and the part of the last log.liveupdate file

AttachmentSize
liveupdate.txt 182.8 KB
pete_4u2002's picture

strange!

does the SEPm still shows august definition?

if yes, is it possible to reintstall LU?

Chetan Savade's picture

Hi,

Upgrade from SEPM 11 RU6 MP1a to SEPM 12.1 RU1 MP1 is not supported upgrade path.

You followed this path to upgrade the SEPM as well?

Could you please confirm the upgrade path?

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

ETH0's picture

Same thing happening here with two SEPM 12.1 RU1 MP1 servers (not upgraded from 11) stuck on 23 aug 2012 r13 defs.

Clients and servers are in sync with PTP defs from 23 Aug. Running manual live update on server reports no new defintions. Running manual live update on client updates PTP to 5 sept 2012 r1

Virus defs and NTP defs seem to be up to date (19 sep 2012 r2 and 18 sept 2012 r1)

RC's picture

Same issue with our two SEPM servers 12.1 RU1 (updated from 11.x months ago).  Stuck on 23 aug 2012 PTP defs.  Running liveupdate reports no updates available.

Vrakas Bassilios's picture

To pete_4u2000:

There is no problem with Liveupdate. As I mentioned in my first post Liveupdate content was the first that I deleted and resynced in the first place with no errors whatsoever. Also as I mentioned there is a post saying the same thing with me and the answer was there are no new updates for sonar (6/09).

However PTP defs for the 11 version are coming daily and still no updates for the 12.

To Chetan Savade

This is mentioned in the upgrade path

Two most common migrated path

  •  SEP 11.x Enterprise Edition  -->  SEP 12.1 Enterprise Edition

(SEP 11.x.RU1, RU2, RU3 , RU4, RU5, RU6 --> SEP 12.1--> Supported )

( SEP 11 RU7 --> SEP 12.1 --> Not supported )  

( SEP 11 RU7 --> SEP 12.1 RU1 --> Supported )

The only mention of not supported migration path is for the RU7 not RU6 MP1A

https://www-secure.symantec.com/connect/articles/supported-upgrade-paths-symantec-endpoint-protection-121

I am wandering what is going on.

Has anyone installed an unmanaged client to see what it will download directly from liveupdate??

Chetan Savade's picture

Hi,

It's important to understand the exact codes.

RTM - Release To Manufacturing

RU - Release Update

MP - Maintenance Patch

PP - Point Patch

You can't upgrade from SEP 11 maintenance patch to SEP 12.1 maintenance patch.

You should upgrade to release update(RU) first then to maintenance patch.(MP)

In the article it's also mentioned that with 11.0 RU7, RU7 MP1, and RU7 MP2 SEPM contains SQL schema changes that are newer than the schema used by 12.1. For this reason, migrations from certain 11.0 RU7 to 12.1 versions are not supported, and are prevented by the installer.

However I will try to update an article with more info.

Q. Has anyone installed an unmanaged client to see what it will download directly from liveupdate??

--> It downloads the same contents as SEPM downloads directly from liveupdate.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

ETH0's picture

I did not try unmanaged client but if you manually update your managed client (12.1 RU1 MP1 ) using live update you get the 5 sep 2012 PTP defs. My SEP clients can also update via live update in case they are not in the office.

Vrakas Bassilios's picture

Because I understand nobody read the post I mentioned this was the solution to the other post

;  Brandon Noble Symantec Employee

;  Hi all,

;  I can confirm the issue is the same. Namely, the team that creates the SONAR content, posted content

;  but you should not expect to get it, just yet.

;  This time they posted content for the BETA build of the next release of SEP12. Users of the current

;  SEP12.1 should still have defs of August 23rd.

;  We know that even though this is a cosmetic issue, its confusing and problematic at best and we are

;  working with that team to resolve the issue.

;  Thank you.

Chetan Savade's picture

Hi,

Symantec will release the SONAR definition engine dated 09/05/2012, r. 11 as a throttled update, beginning September 13, 2012 and ending September 20, 2012.  During the throttled update period, client computers that run LiveUpdate directly to the Symantec servers may receive content dated either 08/23/2012 r. 13 or 09/05/2012, r. 11. 

Symantec Endpoint Protection 12.1.2 Beta clients and managers will receive definitions dated 08/31/2012 r. 11, with the same content as the 09/05/2012 r. 11 definitions. On September 20, 2012, Symantec will release a revision with the same content but a newer date to all update methods, including LiveUpdate, LiveUpdate Administrator, and Endpoint Protection Managers, so that all clients and managers will have the same content.

To know more about it, please check following article:

About the SONAR definitions release dated September 5, 2012, revision 11

http://www.symantec.com/docs/TECH196189 

I hope it helps to everyone.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

SOLUTION
ETH0's picture

PTP defs on my server and clients now on 18 sep 2012 r12 and in sync again.

Chetan Savade's picture

Hi,

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<