Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

PTP not updating all other definitions are uptodate

Created: 23 Aug 2012 • Updated: 20 Sep 2012 | 47 comments

Hi all,

need help i have installed on W2K3 SEPM12.1.1101.401 RU1 MP1. I have checked under http://www.symantec.com/security_response/definitions.jsp the lates definition al compare but only the PTP is stuck on August 3rd, 2012 r11. I have done all the stuff mentioned here.

- delete Folders (download, inetpub...=

- delete reg keys

- start stop services

- reinstall liveupdate but nothing happens. Only the Virus and Spyware Protection updates to 22nd August, 2012 r3 but in the link above it is still revision19. I red here that somone got from Support "...I was also given a newly created Product.Inventory.Liveupdate from Symantec Support..."

Would be great it someone could help.

Thanks

Comments 47 CommentsJump to latest comment

Ashish-Sharma's picture

hi,

Are You manualy update your virus defination ?

Thanks In Advance

Ashish Sharma

Balraj's picture

Hi Ashish,

thanks for your quick reply. No i am not doing it manually. It is happening through the LUP.

Mithun Sanghavi's picture

Hello,

As per the Screenshot, it seems SONAR heuristic engine 12.1 and Symantec Endpoint Protection Manager Content Catalogue seems to have stuck on August 3rd, 2012.

Could you work on the steps provided in the Article below:

SONAR Definitions are not updated on SEP 12.1 Clients.

http://www.symantec.com/docs/TECH178125

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Balraj's picture

tried both hints. After selecting as mentioned again the option "latest one" it goes back to August 3rd, 2012 r11.

Chetan Savade's picture

Hi,

If possible could you check by rebooting server machine.

Total how many clients are in the network? Out of them how many clients are affected?

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Balraj's picture

Hi,

already done still the same. We have total 652 clients in our environment and all are affected. As you can see i have done a manually update. SEPM is doing something but not updating the PTP.

Ashish-Sharma's picture

When you will be update manually PTP services and NTP services not updated

You can raise support ticket

http://www.symantec.com/support/assistance_care.jsp

Thanks In Advance

Ashish Sharma

Balraj's picture

ok will raise a ticket, but i only do it manually sometimes to test is everything is ok. Usualy it goes all automatic. I just see today that it stuck and on the website there is already a new definition named.

Thanks

Simpson Homer's picture

Reboot the machine and check if it helps. Run a repair on the SEP client machine.

Ariv's picture

Hi Balraj,

Hope you have already tried with reducing the heart beat interval.

Can you try this on one of the affected machine.

Uninstall and reinstall PTP component alone using Add/remove programs.

Modify/Change -> unselect PTP and proceed with installation -> Finish

Again Modify/Change -> select PTP and proceed with installation -> Finish

Reboot the machine and try running the Liveupdate or wait for the client to get the defs automatically as per your heart beat interval & LU configuration.

Balraj's picture

Thanks for your hint Ariv,

done all the stuff, reboots done.Reinstall PTP. Set to old def. after heartbeat it goes back to 5 august.

Brandon Noble's picture

Hi all,

We have reproduced something similar in-house and we are working on it with the Content Development team now. I'll post an update as soon as we know anything.

Thanks for your patience

Brandon Noble
ESS Incident Response Officer
Security Response Liaisons
Symantec Corporation 
www.symantec.com

SameerU's picture

Hi

Yes i am also facing the same issue PTP is stucked at 3rd August 2012

Regards

roberta's picture

Hi,

We have the same problem, namely that PTP is still at 3rd August 2012 r11

Regards,

Roberta

Greetings from The Land Downunder

CQ's picture

 Hi,

Just to add my 2 cents...    We are a small shop running 12.1 RU1 MP1 on  12 machines with a variety of operating systems (XP, Vista, Win7).  ALL of the machines are stuck on August 3, 2012  r11 for PTP.  The management console also shows  Aug 3 as the most recent date for heuristics. All other signature dates are current.  Our clients are all configured to receive updates from Symantec's Live Update server exclusively.

It seems this is not an isolated case based on the responses I see.  Any progress on this?  I was going to call support next week but will wait to see what answers we get here.

Thanks!

CQ

Gary2360's picture

I wouldn't call this an isolated case. I have over 1650 clients showing SONAR defs stuck at 08/03/2012 so repairing or rebooting is out of the question. I will probably contact support later today.

Balraj's picture

I do not know what you symantec guys have done, i have done a manual LiveUpdate and now the PTP is uptodate as shown on http://www.symantec.com/security_response/definitions.jsp. Also on the SEPM. Will keep a eye on that ans check if it goes automaticly as set on Heartbeat.

Many Many Thanks Guys.

Capturefinal.PNG
Balraj's picture

Hi all,

checked this. not updating automaticly, only if i do a manual Liveuptate. Also find out today that Sonar has declared an application and service which is running since years and when using SEP11 no problems apperas, but yesterday Sonar deleted the service and detected as Virus - a mess on production servers this morning.

Brandon Noble's picture

Hi Everyone,

I think we got the problem solved yesterday. It looks like Aug-3 was actually the most current PTP defs. 

The team has posted a def set on Aug-15th, but then pulled it almost immediately. When they did this, they did not change the Security Response page that showed the update. The update from yesterday should show PTP defs for Aug-25.

I will let you know if I find out anything more about this, but it looks like this should resolve the issue.

Thanks for your patience.

Brandon Noble
ESS Incident Response Officer
Security Response Liaisons
Symantec Corporation 
www.symantec.com

Brandon Noble's picture

One final? update. The issue with the definition dates was largely caused by the timing of the release of the BASH  7.1.0.53 drivers. Earlier today a few customers in Japan reported that the driver was interfering with the decryption routine from secure USB flash drives.  The conflict has been reported with limited number of these drives, but just to be on the safe side, the team pulled the engine and re-released BASH 6.6.3 Definitions with Package Sequence# 120823013. This would appear as a second set of defs, when you run LU.
 
Please see TECH195768 for more details:
Secure USB flash drives cannot be unlocked with SONAR definitions 2012/08/23 R12 installed
http://www.symantec.com/business/support/index?pag...

Brandon Noble
ESS Incident Response Officer
Security Response Liaisons
Symantec Corporation 
www.symantec.com

Balraj's picture

HI ,

yessss great all works fine now all virus definitions uptodate an shown on the site http://www.symantec.com/security_response/definitions.jsp

Fantastic work for all the people worked on this.

Can for me be marked resolved.

Balraj's picture

Hi again, was to fast statisfied. Now the PTP is stucked on 23rd and here http://www.symantec.com/security_response/definitions.jsp it is the 31st August.

Balraj's picture

hi,

sorry for the late resoponse. Can not create regkey, errormessage on any computer on this path :

"Cannont create value : error writing to the registry"

Balraj's picture

here a sylink.log from a client computer and also a screen from a LiveUpdate Downloads

Sylink - Copy.jpg
Chetan Savade's picture

Hi,

Go to control panel, open Symantec liveupdate applet.

Click on update cache then, select remove all files from cache.

Go to Start --> Run --> luall.exe & monitor it.

If possible run it in express mode also.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Balraj's picture

sorry Chetan can not find any Symantec liveupdate applet on Control Panel

Chetan Savade's picture

Hi,

You should check it on Symantec Endpoint Protection Manager machine not on SEP client machine.

Could you please verify it again?

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Chetan Savade's picture

Hi,

Could you please reinstall liveupdate on the SEPM machine?

Liveupdate setup: ftp://ftp.symantec.com/public/english_us_canada/li...

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

roberta's picture

Hi,

Once again we have the same problem as we did about 2 weeks ago (I posted here 25Aug12), namely that PTP is now still at 23rd August 2012 r13

Regards,

Roberta

Greetings from The Land Downunder

Brandon Noble's picture

Hi all,

I can confirm the issue is the same. Namely, the team that creates the SONAR content, posted content but you should not expect to get it, just yet.

This time they posted content for the BETA build of the next release of SEP12. Users of the current SEP12.1 should still have defs of August 23rd.

We know that even though this is a cosmetic issue, its confusing and problematic at best and we are working with that team to resolve the issue.

Thank you.

Brandon Noble
ESS Incident Response Officer
Security Response Liaisons
Symantec Corporation 
www.symantec.com

roberta's picture

@Brandon Noble,

Thank You Very Much for the info & clarification.

Best Regards,

Roberta

Greetings from The Land Downunder

Brandon Noble's picture

Thanks again for your patience. We have manually changed the website to reflect the correct date you should see in your consoles.

We will be working witht he teams involved to develop a better strategy around release and notification, so that we can hopefully avoid this in the future.

Thanks again,

~Brandon

Brandon Noble
ESS Incident Response Officer
Security Response Liaisons
Symantec Corporation 
www.symantec.com

Vrakas Bassilios's picture

Hi.

Its 17/09/2012 and still the clients have SONAR defs of 23/08/2012.

Where do I find the correct latest version info on http://www.symantec.com/security_response/definitions.jsp?inid=us_sr_flyout_updates_virusdef

Thanks

ETH0's picture

Same here

Clients and servers are in sync with PTP defs from 23 Aug 2012 r1. Running manual live update on server reports no new defintions. Running manual live update on client updates PTP to 5 sept 2012 r1.

Purging live update cache on server does not help.

Michael B.'s picture

Same issue here.  Server running 12.1 RU1 MP1, and LU is not downloading the 9/5 defs.  Stuck on 8/23/12.  Virus shows 9/19, and NTP shows 9/18 which match the site.

Is this another case the definitions page listing a newer def, and it's not being available for LU, or has the definition been pulled?

Please remove the 'Solved' status

Chetan Savade's picture

Hi,

Symantec will release the SONAR definition engine dated 09/05/2012, r. 11 as a throttled update, beginning September 13, 2012 and ending September 20, 2012.  During the throttled update period, client computers that run LiveUpdate directly to the Symantec servers may receive content dated either 08/23/2012 r. 13 or 09/05/2012, r. 11. 

Symantec Endpoint Protection 12.1.2 Beta clients and managers will receive definitions dated 08/31/2012 r. 11, with the same content as the 09/05/2012 r. 11 definitions. On September 20, 2012, Symantec will release a revision with the same content but a newer date to all update methods, including LiveUpdate, LiveUpdate Administrator, and Endpoint Protection Managers, so that all clients and managers will have the same content.

To know more about it, please check following article:

About the SONAR definitions release dated September 5, 2012, revision 11

http://www.symantec.com/docs/TECH196189 

I hope it helps to everyone.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Balraj's picture

now the contet of downloads is correct see pic

most are uptodate

but honestly i con not go manualy to each of these clients and use the "repair" mode on control Panel

I have deleted the cache using control Panel

I have restarted the server

I have downloaded the new content

Help need

Chetan Savade's picture

Hi,

No need to repair SEP clients, It should synch with SEPM.

Clients will also receive latest updates from SEPM.

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<