Video Screencast Help

SEP for MAC Live Update Bouncing in Dock

Created: 19 May 2010 | 10 comments

We've installed the MAC SEP client on a handful of our Mac Systems, but the LiveUpdate keeps bouncing in the dock.  We've looked at the policy settings for the Macintosh computers with no luck.  How do we stop this from happening, and allow the SEP client to just run the updates silently in the background without notifying the user to download and apply the updates?

Comments 10 CommentsJump to latest comment

spraguga's picture

Post the contents of /Library/Preferences/com.Symantec.NAVX.plist & com.Symantec.SAVX.plist from a problem client.

Thanks!

sandra.g's picture

The plists do not contain information about when LiveUpdate is run.

Are the clients being given a LiveUpdate policy via the SEPM?  Those schedules should be running as root and running silently.  You can verify them on the local machine via Terminal:

sudo symsched -l

(that's a lowercase L)

Put in your admin password when prompted.

If you do not see anything, then the schedule is being set via the Symantec Scheduler.  Quick Menu > Live Update > Open Symantec Scheduler > edit the correct scheduled job.  Be sure "Do not show progress" is checked.

sandra

Symantec, Information Developer
Installation, Migration, Deployment and Patching
User Protection & Productivity, Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best help

chad.v.kealey's picture

I ran 'sudo symsched -l' and this was the result:

Module         Name                     On  UI  Freq     Day   Time   Args
-------------- ------------------------ --- --- -------- ----- ------ ----
LiveUpdate     DefaultLiveUpdateSchedul 1   0   Daily          07:17  "All Products"

I'm guessing the "0" under "UI" indicates that it should be running silently (not in the User Interface)?  But every day, it runs and the LU icon bounces in the Dock.  I can live with it, but I know plenty of our Mac users will have a fit over this.  Any ideas? 

If it makes any difference, I've got 10.6 and was using the previous version of Symantec AV for Mac.  I ran the Uninstall for that and rebooted before installing SEP 11.

Thanks!

-Chad

sandra.g's picture

This looks like this was installed as an unmanaged client and this was the default schedule.  This is not set to "-quiet" under Args.  I think this is set this way so that you know a schedule has been set when it runs.

This is what mine looks like, a managed client.  You'll notice the weird "Name" (because it was delivered via Policy) and the "-quiet" under Args, which means it runs silently.

Module         Name                     On  UI  Freq     Day   Time   Args
-------------- ------------------------ --- --- -------- ----- ------ ----
LiveUpdate     LUPolicy@327AAEA70A003DD 1   0   Daily          10:01  "Virus Definitions" -quiet

The "UI" means will it appear under the graphic user interface under Symantec Scheduler under Quick Menu > LiveUpdate > Open Symantec Scheduler.  This means that in this instance, one would have to be logged in as root to see it listed there.

Is there a reason they are not managed?  Giving them a LiveUpdate policy via the SEPM would be the easiest solution.

Title: 'How to convert an unmanaged SEP for Macintosh client to managed'
http://service1.symantec.com/SUPPORT/ent-security....

Otherwise, you could delete the default schedule and then create a new one.  (There is no way to just add the "-quiet" switch to the current schedule, unless you log in as root and click the "Do not show progress" button on this schedule.)

- delete:

sudo symsched -d all

- add a new schedule using the parameters noted above:

sudo symsched LiveUpdate "Update All Daily" 1 0 -daily 07:17  "All Products" -quiet

This sets the schedule for all users on the machine.  You can adjust the time (7:17 am) to something else if you want.

Title: 'Guide to symsched Command-line Switches'
http://service1.symantec.com/SUPPORT/ent-security....

You could also use the GUI (Symantec Scheduler), but that would only set the schedule for the currently logged in user.

Thanks,
sandra

Symantec, Information Developer
Installation, Migration, Deployment and Patching
User Protection & Productivity, Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best help

chad.v.kealey's picture

I work for a university, and some departments/colleges don't like having IT "manage" anything on their computers.  There's a long history of distrust, paranoia and politics I won't get into. Also, we distribute it to students, who will (eventually) leave and inevitably have problems removing the managed client.

Is there any way to customize the install so that the default schedule runs in quiet mode?

sandra.g's picture

I understand, I worked for a university once myself :)

Hm.  Well, you could build a package in a SEPM with the 'correct' LiveUpdate schedule and default Mac policies, then follow this document to make it unmanaged.

Title: 'How to install an unmanaged Symantec Endpoint Protection for Macintosh client using policies from a Symantec Endpoint Protection Manager'
http://service1.symantec.com/SUPPORT/ent-security....

Basically, you are substituting the sylink.xml in the exported package with one from the unmanaged package from the downloaded disc files.

Edited to add: you will probably also want to give them the Symantec Uninstaller.

Title: 'How to uninstall Symantec Endpoint Protection for Macintosh'
http://service1.symantec.com/SUPPORT/ent-security....

sandra

Symantec, Information Developer
Installation, Migration, Deployment and Patching
User Protection & Productivity, Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best help

notanitguy's picture

The above sounds like it should work but could someone spell out the steps I need to make the icon stop bouncing around in the dock?

And another thing, does SEP download updates every day? I've got the scheduler set to download once a week, does it still download something every day?

Thanks.

sandra.g's picture

The steps outlined in this post should take care of it.  Let me know if those steps don't work. Essentially, use Terminal commands to remove the schedule automatically generated during installation, then create a new one and set it to "Do not show progress" (which is the quiet mode).

SEP will only run LiveUpdate when you tell it to run.  If it's scheduled for once a week, it'll run once a week.  I recommend a daily check; definitions are usually released in the morning, Pacific time (US).  If it's managed, you can configure SEPM policy to run every 4 hours, for example.

Be aware that if no one is logged in, LiveUpdate will not be able to run until someone logs in.  This is a security feature of the operating system, not an issue with LiveUpdate.

sandra

Symantec, Information Developer
Installation, Migration, Deployment and Patching
User Protection & Productivity, Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best help

Dirty Blueshirt's picture

Sandra, I found your command line fix to be quite useful so far, but I have a question. I'm running SEP on my MacBook Pro through the US Navy's Home Use Program. I noticed setting this schedule assigned a specific update time (I set mine at 20:00) but the behavior I've seen the LU adopt is a much more frequent update regimen, it would update a few times a day when the laptop is open and running, and will always run when I open my laptop after having it closed (in sleep mode) for any period of time.

Beyond the command line edit I just applied to silence the (admittedly annoying) bouncing LU icon and completion dialog, it was a default install for an unmanaged client. My question is this: now that via the command line is set to update at 20:00, will that be the only time it will update, or will it continue to update every time I wake the laptop?

I work Network Security for the Navy, so I'm well aware of the importance of AV signatures, so I'm perfectly happy with it checking for updates as often as it wants, but I want to make sure that the completion dialog is silenced and that the command I applied won't require me to have my laptop awake at 20:00 just to get the updates.

Thanks!

sandra.g's picture

now that via the command line is set to update at 20:00, will that be the only time it will update, or will it continue to update every time I wake the laptop?

It will only check once a day at 20:00. If your computer is closed/asleep, you're logged off, or the machine is powered down, it will update when you log in as a missed event. It cannot run if the machine's on but no one is logged in.

Check whether your login has a separate schedule than the root user (what you see when you do 'sudo symsched -l') either through the Symantec Scheduler UI (via the Quick Menu) or by typing simply 'symsched -l' in Terminal.

Upon further research it appears that the intent was to have it run every four hours, but they didn't have it set to '-quiet' by default. To accomplish an 'every X hours' schedule via the command line it would be 'hourly' instead of 'daily' and the time would be how often (in hours) the interval is (04:00 for four hours).

Hope this helps,

sandra

Symantec, Information Developer
Installation, Migration, Deployment and Patching
User Protection & Productivity, Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best help