Definitely a proxy issue. All the attempts to connect at 2:30AM all fail to connect to the http version of the Symantec LiveUpdate site and switch to the FTP one instead as below:
Server selection failed for server HTTP://liveupdate.symantecliveupdate.com/ on port 80.
Proxy (10.10.208.118:8080) is configured for server (liveupdate.symantecliveupdate.com). Won't go for explicit DNS query.
Server selection complete. Server is FTP://update.symantec.com/opt/content/onramp on port 21.
Connected using proxy: (10.10.208.118:8080).
Whereas the attempts made manually during the day (about 10:27) do successfully connect via http and subsequently succeed:
Server selection complete. Server is HTTP://liveupdate.symantecliveupdate.com/ on port 80.
Connected using proxy: (10.10.208.118:8080).
The logs are a bit sparse on the reasons why, though. I'd recommend checking out your proxy server's logs for failed auth/connection attempts. Either that or just allow everyone (unauthenticated) out to HTTP://liveupdate.symantecliveupdate.com/ along with making sure caching is disabled as I mentioned before...