Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

"The Liveupdate service entered the running state" - flooding the System log

Created: 17 Dec 2007 • Updated: 21 May 2010 | 8 comments
This continues to be a problem for us with the System Event Log on all servers and workstations getting service start and stop messages about once a minute or slightly less.  I submitted case #281264646 today and was told that some users are obtaining partial relief by setting the LiveUpdate policy in SEPM to daily rather than continuously but it does not seem to have helped in my case.  Tech Support indicated that a maintenance release that should be out late this month or next and it should fix the problem.
 
Regards,
 
Ed Gowen
Macon State College
Educational Technology Training Center

Comments 8 CommentsJump to latest comment

GrahamA's picture

Yes, this issue will be resolved in Maintenance Release 1 of SEP 11.0 which is due to become available very soon. When it is available, I will add a post to the forum to inform everyone.

GrahamA Product Management, Symantec Security Solutions

Eduardo Menegalli Nazato's picture

Hi

Any news on it?
These logs are driving us mad here, it's near impossible to read the system log...

Thanks!

Ed Gowen's picture
I have received and installed Symantec Endpoint Protection SR1 and it does indeeed fix this problem.  If you have not been contacted by Symantec, you might want to give them a call.  We wound up completely uninstalling the original release and installing the new release from scratch.  While there are a number of system log entries, the problem I previously reported has been fixed.
DW1 IT Department's picture
Is it fixed with the SR1 or did you get something from the support?
Did you uninstall the old version and than install the SR1 or update the old one?
Ed Gowen's picture
It was a problem with the original release.  When support sends you the userid/password for SR1 and you log-in to the site you will find a .msi file that will upgrade an existing client to version 11.0.1000.1375.  You will also find zip files for CD1, CD2 and a single .zip that seems to have CD1 and CD2 together.  These are replacements for the original CD1 and CD2.  For a number of reasons, including several mistakes we made early on, we finally decided to just completely uninstall our server and reinstall from scratch using CD1.
 
The problem with three system event log messages being repeated at approximately one minute intervals that we had with the original release does not happen with the SR1 release.
 
Be careful if you decide to uninstall / reinstall your server ... you should make sure that your existing clients are not locked down too tightly before you kill the server they are attached to otherwise you may have to uninstall each client individually so you can rollout the new client and have it successfully managed by the new server.
Quinn 2's picture
I'm having the same problem. I went to http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007121216494948?Open&docid=2007102211424848&nsf=ent-security.nsf&view=854fa02b4f5013678825731a007d06af and downloaded the two zip files Symantec_Endpoint_Protection_11.0.1000_AllWin_EN_CD1.zip and Symantec_Endpoint_Protection_11.0.1000_AllWin_EN_CD2.zip. I did not see any .msi files there. I reinstalled Endpoint Protection Manager (I did not uninstalled the existing first release of Endpoint Manager). The problem was not fixed. I created a new client package using this new release of Endpoint Manager. I went to a client PC, uninstalled the Endpoint client from it and installed this new package. No good. The system event logs continue to flood with these messages. Am I forced to completely uninstall Endpoint Manager and install this new release of Endpoint?
Alex F. Lloyd's picture
In the SEPM console on the Clients page, go to Policies tab, edit Communications Settings, switch Push mode to Pull mode and set up heartbeat interval.
Quinn 2's picture
Thanks Alex, that solved my problem. I set the heartbeat to 30 minutes and now the LiveUpdate events starting, running and shutting down only appear every 30 mins in the system logs of the clients. Brillant.