Endpoint Protection

Hi.

when you run the LIveupdate on SEPM, is there any error message?

can you post log.liveupdate?

19 Sep 2012 1:22:21 μμ EEST:  LiveUpdate succeeded.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:21 μμ EEST:  LUALL.EXE finished running.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:21 μμ EEST:  LUALL.EXE finished.  There were no new content updates. Return code = 1.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:19 μμ EEST:  No updates found for Centralized Reputation Settings 12.1.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:19 μμ EEST:  No updates found for SONAR scan engine Win32 11.0.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:19 μμ EEST:  No updates found for AP Portal List 12.1 RU2.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:19 μμ EEST:  No updates found for TruScan proactive threat scan commercial application list Win32 11.0.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:19 μμ EEST:  No updates found for SONAR scan whitelist Win64 11.0.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:19 μμ EEST:  No updates found for Virus and Spyware definitions Win32 12.1.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:19 μμ EEST:  No updates found for Intrusion Prevention signatures Win64 11.0.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:19 μμ EEST:  No updates found for Client Intrusion Detection System signatures 12.1.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:19 μμ EEST:  No updates found for Revocation Data.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:19 μμ EEST:  No updates found for SONAR scan engine Win64 11.0.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:19 μμ EEST:  No updates found for Submission Control signatures 11.0.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:19 μμ EEST:  No updates found for Submission Control signatures 12.1.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:19 μμ EEST:  No updates found for SONAR scan data 11.0.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:19 μμ EEST:  No updates found for Symantec Whitelist 12.1.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:19 μμ EEST:  No updates found for SONAR Heuristics engine 12.1.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:19 μμ EEST:  No updates found for SONAR scan whitelist Win32 11.0.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:19 μμ EEST:  No updates found for TruScan proactive threat scan commercial application list Win64 11.0.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:19 μμ EEST:  No updates found for SONAR scan commercial application engine 11.0.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:18 μμ EEST:  No updates found for Extended File Attributes and Signatures 12.1 RU2.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:18 μμ EEST:  No updates found for Virus and Spyware definitions Win64 12.1.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:18 μμ EEST:  No updates found for Symantec Endpoint Protection Manager Content Catalog 12.1.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:18 μμ EEST:  No updates found for Intrusion Prevention signatures Win32 11.0.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:18 μμ EEST:  No updates found for Symantec Endpoint Protection Win64 11.0.7000.975 (English).  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:18 μμ EEST:  No updates found for Symantec Endpoint Protection Win64 12.1 (English).  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:18 μμ EEST:  No updates found for Symantec Endpoint Protection Win32 11.0.7000.975 (English).  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:18 μμ EEST:  No updates found for Symantec Endpoint Protection Win32 12.1 (English).  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:22:17 μμ EEST:  No updates found for SPC AntiVirus Client Mac 11.0 (English).  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:21:16 μμ EEST:  LUALL.EXE has been launched.  [Site: xxx]  [Server: xxx]
19 Sep 2012 1:21:15 μμ EEST:  Download started.  [Site: xxx]  [Server: xxx]

and the part of the last log.liveupdate file

Attachment(s)

liveupdate_0.txt   182 KB 1 version

strange!

does the SEPm still shows august definition?

if yes, is it possible to reintstall LU?

Hi,

Upgrade from SEPM 11 RU6 MP1a to SEPM 12.1 RU1 MP1 is not supported upgrade path.

You followed this path to upgrade the SEPM as well?

Could you please confirm the upgrade path?

Same thing happening here with two SEPM 12.1 RU1 MP1 servers (not upgraded from 11) stuck on 23 aug 2012 r13 defs.

Clients and servers are in sync with PTP defs from 23 Aug. Running manual live update on server reports no new defintions. Running manual live update on client updates PTP to 5 sept 2012 r1

Virus defs and NTP defs seem to be up to date (19 sep 2012 r2 and 18 sept 2012 r1)

Same issue with our two SEPM servers 12.1 RU1 (updated from 11.x months ago).  Stuck on 23 aug 2012 PTP defs.  Running liveupdate reports no updates available.

To pete_4u2000:

There is no problem with Liveupdate. As I mentioned in my first post Liveupdate content was the first that I deleted and resynced in the first place with no errors whatsoever. Also as I mentioned there is a post saying the same thing with me and the answer was there are no new updates for sonar (6/09).

However PTP defs for the 11 version are coming daily and still no updates for the 12.

To Chetan Savade

This is mentioned in the upgrade path

Two most common migrated path

  •  SEP 11.x Enterprise Edition  -->  SEP 12.1 Enterprise Edition

(SEP 11.x.RU1, RU2, RU3 , RU4, RU5, RU6 --> SEP 12.1--> Supported )

( SEP 11 RU7 --> SEP 12.1 --> Not supported )  

( SEP 11 RU7 --> SEP 12.1 RU1 --> Supported )

The only mention of not supported migration path is for the RU7 not RU6 MP1A

https://www-secure.symantec.com/connect/articles/supported-upgrade-paths-symantec-endpoint-protection-121

I am wandering what is going on.

Has anyone installed an unmanaged client to see what it will download directly from liveupdate??

Because I understand nobody read the post I mentioned this was the solution to the other post

;  Brandon Noble Symantec Employee

Hi,

It's important to understand the exact codes.

RTM - Release To Manufacturing

RU - Release Update

MP - Maintenance Patch

PP - Point Patch

You can't upgrade from SEP 11 maintenance patch to SEP 12.1 maintenance patch.

You should upgrade to release update(RU) first then to maintenance patch.(MP)

In the article it's also mentioned that with 11.0 RU7, RU7 MP1, and RU7 MP2 SEPM contains SQL schema changes that are newer than the schema used by 12.1. For this reason, migrations from certain 11.0 RU7 to 12.1 versions are not supported, and are prevented by the installer.

However I will try to update an article with more info.

Q. Has anyone installed an unmanaged client to see what it will download directly from liveupdate??

--> It downloads the same contents as SEPM downloads directly from liveupdate.

I did not try unmanaged client but if you manually update your managed client (12.1 RU1 MP1 ) using live update you get the 5 sep 2012 PTP defs. My SEP clients can also update via live update in case they are not in the office.

Hi,

Symantec will release the SONAR definition engine dated 09/05/2012, r. 11 as a throttled update, beginning September 13, 2012 and ending September 20, 2012.  During the throttled update period, client computers that run LiveUpdate directly to the Symantec servers may receive content dated either 08/23/2012 r. 13 or 09/05/2012, r. 11. 

Symantec Endpoint Protection 12.1.2 Beta clients and managers will receive definitions dated 08/31/2012 r. 11, with the same content as the 09/05/2012 r. 11 definitions. On September 20, 2012, Symantec will release a revision with the same content but a newer date to all update methods, including LiveUpdate, LiveUpdate Administrator, and Endpoint Protection Managers, so that all clients and managers will have the same content.

To know more about it, please check following article:

About the SONAR definitions release dated September 5, 2012, revision 11

http://www.symantec.com/docs/TECH196189 

I hope it helps to everyone.

PTP defs on my server and clients now on 18 sep 2012 r12 and in sync again.

Hi,

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.