Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

SEP 11 and LiveUpdate

Migration User

Migration UserOct 17, 2007 01:06 PM

I've got this one as well on some client systems.
Migration User

Migration UserOct 24, 2007 02:13 PM

Sent you the link and info in a PM HumbleDev.

  • 1.  SEP 11 and LiveUpdate

    Posted Oct 12, 2007 07:19 AM
    I have SEP 11 on two Windows XP SP2 computers. Both have similar behaviour.
    LiveUpdate stops and starts once a minute.

    Windows Event Viewer is full of these three messages:
    1.    The LiveUpdate service was successfully sent a start control.
    2.    The LiveUpdate service entered the running state.
    3.    The LiveUpdate service entered the stopped state.
    Here is few lines from The Log.LiveUpdate.
    These lines are logged in every minute,
    ////////////////////////////////////////////////////////////////////////////////
    ////////////////////////////////////////////////////////////////////////////////
    // Start LuComServer
    ////////////////////////////////////////////////////////////////////////////////
    ////////////////////////////////////////////////////////////////////////////////
    12.10.2007, 11:03:37 GMT -> LuComServer version: 3.3.0.61
    12.10.2007, 11:03:37 GMT -> LiveUpdate Language: English
    12.10.2007, 11:03:37 GMT -> LuComServer Sequence Number: 20070811
    12.10.2007, 11:03:37 GMT -> OS: Windows XP Professional, Service Pack: 2, Major: 5, Minor: 1, Build: 2600 (32-bit)
    12.10.2007, 11:03:37 GMT -> System Language:[0x040B], User Language:[0x040B]
    12.10.2007, 11:03:37 GMT -> IE 6 Support
    12.10.2007, 11:03:37 GMT -> ComCtl32 version: 6.0
    12.10.2007, 11:03:37 GMT -> IP Addresses: < removed >
    12.10.2007, 11:03:37 GMT -> Loading C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Product.Inventory.LiveUpdate
    12.10.2007, 11:03:37 GMT -> Opened the product inventory at "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Product.Inventory.LiveUpdate".
    12.10.2007, 11:03:37 GMT -> Account launching LiveUpdate is not a logged in user's account
    12.10.2007, 11:03:37 GMT -> Combined Product Inventory Flags 0, Permanent Flags 0, Permanent Flags Filter 0
    12.10.2007, 11:03:37 GMT -> LiveUpdate flag value for this run is 0
    12.10.2007, 11:03:37 GMT -> ProductRegCom/luProductReg(PID=3784/TID=4012): Successfully created an instance of an luProductReg object!
    12.10.2007, 11:03:37 GMT -> ProductRegCom/luProductReg(PID=3784/TID=4012): Path for calling process executable is C:\Program Files\Symantec\Symantec Endpoint Protection\SescLU.exe.
    12.10.2007, 11:03:37 GMT -> ProductRegCom/luProductReg(PID=3784/TID=4012): Destroyed luProductReg object.
    ////////////////////////////////////////////////////////////////////////////////
    ////////////////////////////////////////////////////////////////////////////////
    // End LuComServer
    ////////////////////////////////////////////////////////////////////////////////
    ////////////////////////////////////////////////////////////////////////////////


  • 2.  RE: SEP 11 and LiveUpdate

    Posted Oct 17, 2007 08:19 AM
    Just for the record, I have seen this behaviour on some of my clients, and would also be interested in a solution. Have you tried to re-install Liveupdate?
     


  • 3.  RE: SEP 11 and LiveUpdate

    Posted Oct 17, 2007 01:06 PM
    I've got this one as well on some client systems.


  • 4.  RE: SEP 11 and LiveUpdate

    Posted Oct 19, 2007 04:18 PM
    Thanks for comments!

    Yes I have unistalled the SEP 11.0 with LiveUpdate from both computers.
    I used SCSCleanSweep to remove what may be left even it does not officially support SEP 11.0
    After restart I installed the SEP 11.0  again.
    Nothing is changed. SEP 11.0 works just like before. Once a minute the LiveUpdate
    gives a notice to Event Viewer.

    LiveUpdate Service startup type is manual. Which service or program starts LiveUpdate?



  • 5.  RE: SEP 11 and LiveUpdate

    Posted Oct 19, 2007 07:50 PM
    This is a characteristic of the way the product integrated the LiveUpdate component. Basically components within the Symantec Endpoint Protection solution are querying LiveUpdate on a frequent basis for status information. That is why you are seeing the LiveUpdate process activity.
     
    Are there problems that this creates?


  • 6.  RE: SEP 11 and LiveUpdate

    Posted Oct 19, 2007 11:13 PM
    I would have to disagree.  If this were normal expected behavior, it would be happening on all systems.  For those of us with this issue, it is only happening on a few machines.
     
    As far as impact goes, each time the three processes that make up LU run, it does tend to use up memory and processor clocks, both for these processes themselves and in terms of the massive amount of windows log events it is generating.  On the handful of systems I'm experiencing this on, I would prefer not to lose important event data because every minute I get events logged that LU is starting, running, and stopping.


  • 7.  RE: SEP 11 and LiveUpdate

    Posted Oct 22, 2007 11:13 AM
    Okay. I understand better. I am not seeing any windows log events via the MS Event Viewer on my managed client. I would hope there is a setting in C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Settings.LiveUpdate that would address this. Let me check with the LU team on this.


  • 8.  RE: SEP 11 and LiveUpdate

    Posted Oct 22, 2007 03:17 PM
    Great, thanks.  You must be a HumbleDev with Symantec.  Ask them to fix the LU/group policy issue thing too while your at it.  :)  Getting a bit tired of clients not getting policies and logon scripts when they should.


  • 9.  RE: SEP 11 and LiveUpdate

    Posted Oct 23, 2007 12:47 PM
    Can you provide a link or some more info on the "LU/group policy issue thing"? I am not familar with it. Thanks.


  • 10.  RE: SEP 11 and LiveUpdate

    Posted Oct 23, 2007 12:51 PM
    Ok, I have more info. Unfortunately, this log event caused by the Service Control Manager itself. As such, LU cannot disable the logging. I did some quick Internet searches and was not able to locate any filters in the MS event logging system. I am sorry to say that I think we might be stuck on this for at least version 11.0 for now ... unless someone else can find a filtering mechanism in the MS event logging system.


  • 11.  RE: SEP 11 and LiveUpdate

    Posted Oct 24, 2007 02:13 PM
    Sent you the link and info in a PM HumbleDev.


  • 12.  RE: SEP 11 and LiveUpdate

    Posted Oct 24, 2007 04:07 PM
    This occurs on all my systems where the Communications Setting policy is set for "Push mode". I switched to Pull mode with a Heartbeat of 30 minutes and now it's logged every half hour.
     
     


  • 13.  RE: SEP 11 and LiveUpdate

    Posted Oct 24, 2007 05:28 PM
    Scott,
     
    I appologize. I am new to this forum and did not receive anything that I can see.
     
    JimBr


  • 14.  RE: SEP 11 and LiveUpdate

    Posted Oct 25, 2007 11:38 AM
    I changed to PULL with a longer heartbeat interval as well.  It works as a temporary workaround.
     
    Seems the root problem is that when using PUSH, on some clients the set heartbeat interval is ignored and the client tries to update every 60 seconds.
     
    Also, resent the PM to you HumbleDev. 


    Message Edited by Scott Klassen on 10-25-2007 08:40 AM