Endpoint Protection Small Business Edition

We have SEPM small business on about 40 workstations as well as the main management server.  They are all on the same LAN.

Even though I've set the LiveUpdate policy to "Continuous", a handful of clients (5-8, all windows) for some reason don't get updated daily and I get constant "OLD VIRUS DEFINITION" emails.  So there are usually 5-8 clients with 1-2 week old virus definitions.

The LiveUpdate policy on the management server to be set to "Daily" when I first started getting this email, after which I set it to continuous and that didn't seem to help.  Even if I go into the management console and run a group wide "Update Content" command, it doesn't seem to update all of them.

If I go to the clients listed as having old definitions, the status shows as fine and I see the green circle.  If I specificly do the live update on the client everything works fine.

But that's the exact opposite reason we bought this software, so we wouldn't need to manage each endpoint and update them manually.

Any thoughts or tips on how I can fix this and have all our endpoints (assuming they're online and running) update their definitions daily?

can you check the log.liveupdate on the clients thats not updated?

Hello,

Could you please let us know what version of SEP 12.1 are you using??

Again, how to understand from SEPM that the definitions are out of date??

Do you see a report of the same on the SEPM home page??

On the Home page, under the Security Status, click on "View Details" and where exactly do you see the Red mark??

What happens if you migrate to the Latest version of SEP 12.1 RU1??

Pete,

Ok, I'll check this log first thing in the morning and see what it says.

Mithun:

Client and SEPM version is: 12.1.671.4971

I know the definitions are out of date because I get automatic emails saying: Out-of-Date Clients Triggering Notification on 01/04/2012 17:41:12 6 computers found with virus definitions older than 7 days.

Yes, I see the same thing on the report/status page of SEPM. At the moment it says 7 computers definitions are out of date.

Under "View Details" in Security Details, it tells me the same thing that the virus definitions and sonar definitions are out of date for those 6 comptuers.

How can I migrate to RU1? Is there a download link?  I've run the LiveUpdate multiple times.

You can post the logs here.

Pete,

I've checked the logs on one of the client computers, and I do see the errors (see screenshot).  It says it failed to download the content, but I'm not sure why.  

I do notice sometimes it tries to contact the server by it's windows server name (STINGRAY), sometimes by the full windows domain server name (STINGRAY.ocean.local) and sometimes by the IP (192.168.1.9).  Not sure if that's related.

We have a very simple network and have had no recent network issues (also the majority of the other 40 clients download the content just fine).

If I do a liveupdate on this client manually, it updates without error as well.

Any suggestions or any other logs that would be valuable for you to see?

post the log.loveupdate.

Hrm.  Well, I've looked everywhere on both the client and server and can't find any liveupdate log (I assume you meant liveupdate and not loveupdate?)

Where would I find this log?

:-), yeah its liveupdate:-)

However I saw that you using the SEP 12.1 version, check the log under

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.XXXXXX.XXXX.XXX\Data\Lue\Logs

After searching around the client computers, unfortunately I was never able to find that folder "Data".  See screenshot.

Any other ideas? Should I call support?

I would recommend calling support as you are most likely going to need to enable sylink debugging to determine what is happening during the communication between the SEPM and client as from your logs the error is occuring when the client is attempting to get defs from its SEPM.

I'm having the same problem  I have only 30+ computers on my network and 2 of them do not get the updates for virus definitions at the same time others do. For example, as of today, there was a new def file for 3/12 and two computers only have the def file from 3/6 as in the screen shot below:

If I run live update on the client, it says no updates are required and status is good. When I get my weekly Executive Summary report, it shows two computers as having old virus definitions. Apparently they get updated from time to time since I've had 12.1 installed for some time now. The computer shown in the image above is not turned off at night.

I looked at C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.XXXXXX.XXXX.XXX\Data\Lue\Logs on that client and it shows that I ran Live Update this morning, but that there were no updates available.

Maybe I need to try reinstalling the client? I'm open to ideas.

Thanks -

John

Just thought I'd post that I resolved my issue in case it helps someone else. It turns out that the client that wasn't updating was waiting to be restarted to install some Windows updates. It was not obvious on the machine that it was waiting to be restarted but I knew the machine hadn't been restarted in quite some time, so I figured I'd try that first. When it shut down, I saw the notice that it was installing updates.  Once the computer retarted, I tried Live Update again and it downloaded the latest virus defs. Problem solved.

Cheers -

John