Video Screencast Help

SEP client won't update due to decompression failure

Created: 05 Jan 2012 | 13 comments

Hello all,

I have a strange problem with one of our client computers: the Endpoint Protection client won't update itself. It always ends with an decompression failure.All the other clients don't have this problem. I tried re-installing the software but it didn't help. I even uninstalled WinZip and installed WinRar. The only way to keep it up to date is to download and install the intelligent updater file. But this is not the way it should work...

This is a piece from the log file:

* Decompression failed for package C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\LUE\Downloads\1323894943jtun_sep12ennful26.m26 to directory C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\LUE\Downloads\Patch8107
* Install Skipped code set for moniker {6AAE5D6B-C70C-4cdf-96C9-110AA1378E8C}, package 1323894943jtun_sep12ennful26.m26, error while decompressing.
* Deleting package C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\LUE\Downloads\1323894943jtun_sep12ennful26.m26 in directory C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\LUE\Downloads\Patch8107 due to decompression failure.

OS: Windows XP Pro SP3
AV: SEP 12.1

I hope someone has a solution for this one, rather than re-installing the whole system. I haven't found a post about this problem yet.

Thanks in advance!

Johan

Comments 13 CommentsJump to latest comment

Thomas K's picture

Hello,

Is this a new install or existing client? Any other Symantec software installed? What changes were made recently on this system?  Possible infection? Have you tried running a full scan in Safe-mode with the latest Rapid Release definitions?

Ooyala - Check us out!

Johan_J's picture

Hi Thomas,

This is an existing XP client that had on old version of Symantec AV installed. I uninstalled this and installed the new SEP client. I did the same with all the other computers and had no issues at all.

I will run a full scan in safe mode and perhaps run Combofix. Will keep you updated, thanks for your reply!

Johan

Thomas K's picture

Hi Johan,

There are some useful tools that are provided by Symantec to help with finding hard to detect threats.

1. The Power Eraser Tool eliminates deeply embedded and difficult to remove threats that traditional virus scanning doesn't always detect.

2. The SERT (Symantec Endpoint Recovery Tool) is useful in situations where computers are too heavily infected for the Symantec Endpoint Protection client installed upon them to clean effectively.

3. The Load point Analysis Tool generates a detailed report of the programs loaded on your system. It is helpful in listing common loadpoints where threats can live.

Power Eraser tool –
http://security.symantec.com/nbrt/npe.asp?lcid=1033&origin=default

How To Use the Symantec Endpoint Recovery Tool with the Latest Virus Definitions – http://www.symantec.com/business/support/index?page=content&id=TECH131732&locale=en_US

Support Tool with Power Eraser Tool included –
http://www.symantec.com/business/support/index?page=content&id=TECH105414&locale=en_US
How to use the Load Point Analysis within the Symantec Support Tool to help locate suspicious files http://www.symantec.com/business/support/index?page=content&id=TECH141402

If you are unable to remove the threat(s) from your systems, please submit the suspected files to Symantec or ThreatExpert for analysis. New signatures will be created and included in future definition sets for detection.

http://www.symantec.com/business/security_response/submitsamples.jsp

http://www.threatexpert.com/submit.aspx

 

Keep us posted on the issue.

 

Best,

Thomas

Ooyala - Check us out!

Johan_J's picture

Hi Thomas,

I tried all this but no improvement.

I guess it will need a whole re-install of the system? But I prefer not to do that.

Greetings,

Johan

sandra.g's picture

You didn't mention any LiveUpdate error codes, and this seems to apply to Windows LiveUpdate as opposed to LUE, but you may want to check this out:

LiveUpdate error: LU1832
http://www.symantec.com/docs/TECH95695

sandra

Symantec, Information Developer
Installation, Migration, Deployment and Patching
User Protection & Productivity, Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best help

Johan_J's picture

Hi Sandra, I'm not sure what you're talking about but the link seems to be dead.

See logfile in the attachment.

AttachmentSize
Log.txt 132.71 KB
sandra.g's picture

I'm not sure why that document is not displaying because it shows as a public, published document. Here are the possible causes given in that document link.

  1. There is not enough disk space to extract one or more of the updates downloaded
  2. One or more of the updates downloaded are corrupted/incomplete and cannot be uncompressed or processed
  3. There is a network device or application configured to block one or more of the file types downloaded by the LiveUpdate client
  4. One or more of the updates downloaded is locked by another process and cannot be modified by the LiveUpdate client

Since this is only happening on one machine, if disk space is not an issue, I'd suggest downloading and applying the Intelligent Updater via http://www.symantec.com/business/security_response... -- get the self-extracting file appropriate to this machine (for example, 20120109-*-v5i32.exe). If there is file or download corruption via LiveUpdate, the Intelligent Updater is good for correcting it.

Hope this helps,

sandra

Symantec, Information Developer
Installation, Migration, Deployment and Patching
User Protection & Productivity, Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best help

Johan_J's picture

I already tried and checked all of those points, still no improvement.

Vikram Kumar-SAV to SEP's picture

Try re-installing liveupdate

http://www.symantec.com/business/support/index?page=content&id=TECH96705

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

sandra.g's picture

SEP 12.1 does not use Windows LiveUpdate so these instructions do not apply.

I am not aware of any way to remove and reinstall LiveUpdate Engine separate from SEP, so you may want to try repairing SEP if you haven't already, or removing and reinstalling SEP.

sandra

Symantec, Information Developer
Installation, Migration, Deployment and Patching
User Protection & Productivity, Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best help

Jason1222's picture

+1 for Sandra's suggrestion.  since disk space is not an issue, did you remove all of the old updates in there?

The only other thing I might suggest, is possibly a permissions issue on the folder itself?

You can change the permissions from the command line in XP using:

cacls "c:\documents and settings\all users\application data" /E /T /C /G [username]:F

"F" at the end for "Full control" for the user account you assigned.  You could use Everyone if you like.

* * * * *

Or the conventional method of Right Click the folder and verify/modify the rights from there.

Also, verify the owner of the folder...

zarabsrv's picture

 

Hello! My name is Sergey. I'm from Russia. Sorry for my bad English.
My configuration:
Windows XP pro SP3.
SEP 12.1.
Internet Explorer 8.
 
I had the same problem. What I did:
1. Reinstalled SEP 12.1. - did not help.
2. Installed update "RU1" - did not help.
3. Used utility "CleanWipe" for the complete removal of the SEP 12.1. Then installed again SEP 12.1. Didn't help.
4. Use the Microsoft Windows Update to install the latest updates for Windows XP pro SP3. Didn't help.
5. Provide a group of users "All" full rights for the folder "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\LUE" and its subfolders. This was done in "Safe mode". Didn't help.
 
I read the forums on the site "symantec.com" and found that many of the problems associated with Internet Explorer. Then I decided to uninstall Internet Explorer 8 and return to Internet Explorer 6.
After a reboot the problem with the "SEP 12.1" decided.
 
But this is not a solution. It is a contravention of the problem. Not everyone can remove Internet Explorer 8, because on some systems it is integrated into the Windows.
And now a question to the technical support Symantec: what the settings should be done in Internet Explorer 8, to SEP 12.1 worked correctly?
 
Faced the problem for thousands of users, but a proper solutions so and not found...