Endpoint Protection

I believe there is an issue with LiveUpdate. Currently it reports back that All Products & Components are up to date. Last revision was 8-Jul-13 Rev.2 - so that is over a month without any new editions.

Please either reassure this is in order or indicate potential issue.

Thank you.

Hi,

Thank you for posting in Symantec community.

I would be glad to answer your query.

It seems definitions are not updated and liveupdate might be corrupted.

Try to reinstall liveupdate, re-register with SEPM and check if it can download the latest definitions are not.

If not helped perform manual cleanup of SEPM definitions.

1. Stop Symantec Endpoint Protection Manager service;
2. File system cleanup
Go to location ‘\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content’
Delete all numbered folders(e.g. 90920019) in each alphanumeric folders(e.g. {1CD85198-26C6-4bac-8C72-5D34B025DE35})
3. Database cleanup
Go to ‘\Program Files\Common Files\Symantec Shared\SymcData\’ and delete the following folders:
sesmipsdef32, sesmipsdef64, sesmvirdef32, sesmvirdef64
 

Caution: Please backup your registry before editing

4. Open the Registry Editor and export the registry settings as backup;
5. In the Registry Editor, got to the key ‘HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps’ and in the right pane delete the following value entries:

• • SymcData-sesmipsdef32
SymcData-sesmipsdef64
SymcData-sesmvirdef32
SymcData-sesmvirdef64 (For 64Bit server, Key is- ‘HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\symantec\installedapps\’) 

6. Also delete the following Registry Keys

• • HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\SymcData-sesmipsdef32
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\SymcData-sesmipsdef64
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\SymcData-sesmvirdef32
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\SymcData-sesmvirdef64 (For 64Bit server, keys ‘HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\SharedDefs\SymcData-sesmipsdef32’……….and so on.) 

7. Delete the contents of folder ‘C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads’.
8. Start Symantec Endpoint Protection Manager service.
9. Re-register SEPM with LiveUpdate:

• 1) Click Start, then Run.
  2) Type cmd, then click OK. This will bring up a command prompt.
  3) At the command prompt type cd and the path to lucatalog.exe. By default the command would be:
  cd C:\Program Files\Symantec\Symantec Endpoint Protection Manager\bin
  4) Type in 'lucatalog.exe -Cleanup'
  5) After the first command executed, type in 'lucatalog.exe -update.
  Run Liveupdate in Symantec Endpoint Protection Manager

The Symantec Endpoint Protection Manager will be able to create delta definitions for the clients and distribute them.

Hi,

If using SEPM 11. x then need to refer the following article:

How to clear corrupt Virus Definitions from SEPM

https://www-secure.symantec.com/connect/articles/how-clear-corrupt-virus-definitions-sepm

when the definitions are corrupt it would stop downlaoding the necessary ones.

Have you tried a repair?

Is in on linux or on windows?

You mention Scan Engine in the title so you may have the wrong forums here.  Perhaps the below ones might be more help (Scan Engine has been renamed Protection Engine):

https://www-secure.symantec.com/connect/security/forums/symantec-scan-engine
https://www-secure.symantec.com/connect/security/forums/symantec-antivirus-nas-network-attached-storage

That said, we can probably help for some initial diagnosis of the logs.  Just upload the log.liveupdate file (usually found in the "\Symantec\LiveUpdate" folder in "ProgramData" or "\All Users\Application Data" folders).

On a final note, please let us know if you have to go out via a proxy server, and/or update via an internal  LiveUpdate Administrator server (as both can affect how you update).

It would appear to me from the thread title that the poster is running SAV 10.0.0.359

If true, SAV has long since gone EOL (End of Life) and no longer gets definitions.

Correct me if you are running either SEP 11 or SEP 12.1

MJD

It went EOL and no longer receives defs.

End of Life announcement for Symantec AntiVirus Corporate Edition and Symantec Client Security

http://www.symantec.com/docs/TECH178551

Although per this thread, some have received updates

https://www-secure.symantec.com/connect/forums/sym...

But either way, this is EOL and you should move to SEP.

Pgm 10.0.0.359

Are you talking about Symantec AntiVirus (SAV) 10.x? This info from the title of your post, as well as the category in which you posted, suggests as much.

SAV was end-of-lifed more than a year ago, on 4 July 2012. This includes content availability. It's possible your company purchased extended definition updates, and that has expired.

You may be able to get your server updated through this page, on the SAV tab, but there's no guarantee for how long these will be available. You should certainly consider updating to SEP 12.1, as SAV 10.0.x is virus protection only from April 2005, and was not designed with modern threats in mind.

sandra

ETA: looks like some of us were on the same wavelength. :D

Many thanks to all the contributors to my enquiry.

I believe our company is beginning to clear XP machines before Microsoft support ends in early 2014.

It is therefore likely this is the first EOL pgm.

I also appreciate the responsiveness of this community.

I do apologize for my wrong assumption.

I understand that SAV 10.x is no longer supported but for those that still need definitions, I have a way for your server or stand-alone workstation running SAV 10.x to get updated defs.

Create a folder named “temp” (without quotes) and a folder named “SAV Manual Def Updates” (without quotes) on root of C. If temp folder already exists that’s OK.

Open notepad and copy the following, making sure the line breaks are as shown:

open ftp.symantec.com
anonymous
nobody@spammer.com
cd AVDEFS/norton_antivirus/static
lcd C:\temp
bin
hash
prompt
get navup8.exe
quit

Save the file as “cescript.txt” (without quotes) to C:\SAV Manual Def Updates. When we call the script it will download the master definition file (navup8.exe) from Symantec’s FTP site to C:\temp. Next we will create a batch file that calls the script and extracts the definitions (.xdb) file from navup8.exe, copies it to the local SAV def folder, then deletes navup8.exe when the extraction is complete.

Open a blank notepad file and copy the following, making sure the line breaks are as shown (del /q, etc… is a new line in case it’s hard to tell):

ftp -s:cescript.txt
call "C:\temp\navup8.exe"
move "C:\SAV Manual Def Updates\*.xdb" "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5"
del /q "C:\temp\navup8.exe"

Save the file as “cegetter.bat” (without quotes) to C:\SAV Manual Def Updates.

NOTE: You may need to modify the path the .xdb file gets copied to. This example will work if you have a stand-alone SAV 10 client like I do. You can find the path necessary for you from http://www.symantec.com/business/support/index?page=content&id=TECH100047

Finally, we need to put the batch file on a schedule. Go to Scheduled Tasks in Windows and create a new scheduled task to run the cegetter.bat file. I set mine for Sunday at 10PM. Keep in mind the file is 250MB+ so it may take a while depending on your Internet connection.

Who knows how long this workaround will work since it depends on Symantec’s FTP site and the files they continue to provide but at least you can remain protected for now as you pursue other AV options.

I hope this information is beneficial to some others in the future!

-Mike

"Thumbs up" to the information about SAV 10 going EOL.  To ensure protection of your computers, network and data, I recommend putting SEP 12.1 in place as soon as possible.

Upgrading or migrating to Symantec Endpoint Protection (SEP) 12.1
http://www.symantec.com/docs/TECH163602