Endpoint Protection

 View Only
Expand all | Collapse all

SEP client won't update due to decompression failure

Migration User

Migration UserJan 11, 2012 01:46 PM

  • 1.  SEP client won't update due to decompression failure

    Posted Jan 05, 2012 03:00 PM

    Hello all,

    I have a strange problem with one of our client computers: the Endpoint Protection client won't update itself. It always ends with an decompression failure.All the other clients don't have this problem. I tried re-installing the software but it didn't help. I even uninstalled WinZip and installed WinRar. The only way to keep it up to date is to download and install the intelligent updater file. But this is not the way it should work...

    This is a piece from the log file:

    * Decompression failed for package C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\LUE\Downloads\1323894943jtun_sep12ennful26.m26 to directory C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\LUE\Downloads\Patch8107
    * Install Skipped code set for moniker {6AAE5D6B-C70C-4cdf-96C9-110AA1378E8C}, package 1323894943jtun_sep12ennful26.m26, error while decompressing.
    * Deleting package C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\LUE\Downloads\1323894943jtun_sep12ennful26.m26 in directory C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\LUE\Downloads\Patch8107 due to decompression failure.

    OS: Windows XP Pro SP3
    AV: SEP 12.1

    I hope someone has a solution for this one, rather than re-installing the whole system. I haven't found a post about this problem yet.

    Thanks in advance!

    Johan



  • 2.  RE: SEP client won't update due to decompression failure

    Posted Jan 05, 2012 03:40 PM

    Hello,

    Is this a new install or existing client? Any other Symantec software installed? What changes were made recently on this system?  Possible infection? Have you tried running a full scan in Safe-mode with the latest Rapid Release definitions?



  • 3.  RE: SEP client won't update due to decompression failure

    Posted Jan 06, 2012 05:47 AM

    Hi Thomas,

    This is an existing XP client that had on old version of Symantec AV installed. I uninstalled this and installed the new SEP client. I did the same with all the other computers and had no issues at all.

    I will run a full scan in safe mode and perhaps run Combofix. Will keep you updated, thanks for your reply!

    Johan



  • 4.  RE: SEP client won't update due to decompression failure

    Posted Jan 06, 2012 09:46 AM

    Hi Johan,

    There are some useful tools that are provided by Symantec to help with finding hard to detect threats.


    1. The Power Eraser Tool eliminates deeply embedded and difficult to remove threats that traditional virus scanning doesn't always detect.


    2. The SERT (Symantec Endpoint Recovery Tool) is useful in situations where computers are too heavily infected for the Symantec Endpoint Protection client installed upon them to clean effectively.

    3. The Load point Analysis Tool generates a detailed report of the programs loaded on your system. It is helpful in listing common loadpoints where threats can live.



    Power Eraser tool –
    http://security.symantec.com/nbrt/npe.asp?lcid=1033&origin=default

    How To Use the Symantec Endpoint Recovery Tool with the Latest Virus Definitions – http://www.symantec.com/business/support/index?page=content&id=TECH131732&locale=en_US

    Support Tool with Power Eraser Tool included –
    http://www.symantec.com/business/support/index?page=content&id=TECH105414&locale=en_US
    How to use the Load Point Analysis within the Symantec Support Tool to help locate suspicious files http://www.symantec.com/business/support/index?page=content&id=TECH141402


    If you are unable to remove the threat(s) from your systems, please submit the suspected files to Symantec or ThreatExpert for analysis. New signatures will be created and included in future definition sets for detection.

    http://www.symantec.com/business/security_response/submitsamples.jsp

    http://www.threatexpert.com/submit.aspx

     

    Keep us posted on the issue.

     

    Best,

    Thomas



  • 5.  RE: SEP client won't update due to decompression failure

    Posted Jan 09, 2012 03:44 AM

    Hi Thomas,

    I tried all this but no improvement.

    I guess it will need a whole re-install of the system? But I prefer not to do that.

    Greetings,

    Johan



  • 6.  RE: SEP client won't update due to decompression failure

    Posted Jan 09, 2012 10:40 AM

    You didn't mention any LiveUpdate error codes, and this seems to apply to Windows LiveUpdate as opposed to LUE, but you may want to check this out:

    LiveUpdate error: LU1832
    http://www.symantec.com/docs/TECH95695

    sandra



  • 7.  RE: SEP client won't update due to decompression failure

    Posted Jan 09, 2012 01:53 PM
      |   view attached

    Hi Sandra, I'm not sure what you're talking about but the link seems to be dead.

    See logfile in the attachment.

    Attachment(s)

    txt
    Log_7.txt   132 KB 1 version


  • 8.  RE: SEP client won't update due to decompression failure

    Posted Jan 10, 2012 11:10 AM

    I'm not sure why that document is not displaying because it shows as a public, published document. Here are the possible causes given in that document link.

    1. There is not enough disk space to extract one or more of the updates downloaded
    2. One or more of the updates downloaded are corrupted/incomplete and cannot be uncompressed or processed
    3. There is a network device or application configured to block one or more of the file types downloaded by the LiveUpdate client
    4. One or more of the updates downloaded is locked by another process and cannot be modified by the LiveUpdate client

    Since this is only happening on one machine, if disk space is not an issue, I'd suggest downloading and applying the Intelligent Updater via http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce -- get the self-extracting file appropriate to this machine (for example, 20120109-*-v5i32.exe). If there is file or download corruption via LiveUpdate, the Intelligent Updater is good for correcting it.

    Hope this helps,

    sandra



  • 9.  RE: SEP client won't update due to decompression failure

    Posted Jan 10, 2012 01:40 PM

    I already tried and checked all of those points, still no improvement.



  • 10.  RE: SEP client won't update due to decompression failure

    Posted Jan 10, 2012 02:43 PM


  • 11.  RE: SEP client won't update due to decompression failure

    Posted Jan 11, 2012 10:43 AM

    SEP 12.1 does not use Windows LiveUpdate so these instructions do not apply.

    I am not aware of any way to remove and reinstall LiveUpdate Engine separate from SEP, so you may want to try repairing SEP if you haven't already, or removing and reinstalling SEP.

    sandra



  • 12.  RE: SEP client won't update due to decompression failure

    Posted Jan 11, 2012 01:46 PM

    Already tried that... see first post.



  • 13.  RE: SEP client won't update due to decompression failure

    Posted Jan 11, 2012 02:05 PM

    +1 for Sandra's suggrestion.  since disk space is not an issue, did you remove all of the old updates in there?

    The only other thing I might suggest, is possibly a permissions issue on the folder itself?

    You can change the permissions from the command line in XP using:

    cacls "c:\documents and settings\all users\application data" /E /T /C /G [username]:F

    "F" at the end for "Full control" for the user account you assigned.  You could use Everyone if you like.

    * * * * *

    Or the conventional method of Right Click the folder and verify/modify the rights from there.

    Also, verify the owner of the folder...



  • 14.  RE: SEP client won't update due to decompression failure

    Posted Jan 17, 2012 05:21 AM

     

    Hello! My name is Sergey. I'm from Russia. Sorry for my bad English.
    My configuration:
    Windows XP pro SP3.
    SEP 12.1.
    Internet Explorer 8.
     
    I had the same problem. What I did:
    1. Reinstalled SEP 12.1. - did not help.
    2. Installed update "RU1" - did not help.
    3. Used utility "CleanWipe" for the complete removal of the SEP 12.1. Then installed again SEP 12.1. Didn't help.
    4. Use the Microsoft Windows Update to install the latest updates for Windows XP pro SP3. Didn't help.
    5. Provide a group of users "All" full rights for the folder "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\LUE" and its subfolders. This was done in "Safe mode". Didn't help.
     
    I read the forums on the site "symantec.com" and found that many of the problems associated with Internet Explorer. Then I decided to uninstall Internet Explorer 8 and return to Internet Explorer 6.
    After a reboot the problem with the "SEP 12.1" decided.
     
    But this is not a solution. It is a contravention of the problem. Not everyone can remove Internet Explorer 8, because on some systems it is integrated into the Windows.
    And now a question to the technical support Symantec: what the settings should be done in Internet Explorer 8, to SEP 12.1 worked correctly?
     
    Faced the problem for thousands of users, but a proper solutions so and not found...