Endpoint Protection Small Business Edition

 View Only

  • 1.  SEP SBE 3.0 server not pushing out virus definition updates

    Posted Apr 05, 2010 10:22 AM

    We "upgraded" our Symantec Endpoint Protection server to the latest version 3.0 (a/k/a 12.0) a few weeks ago. The server doesn't seem to be doing a very good job pushing out the "Virus and Spyware Protection" updates, so we get warning reports saying that clients have not updated for 7 days.

    Two odd things about this:

    1) The clients seem to be getting the latest "Proactive Threat Protection" definitions on their own... It is only the "Virus and Spyware Protection" definitions that get out-of-date.

    2) From within the server console I can select a number of clients and choose "Run Command on Computers > Update Content", and they will all successfully get the latest definitions from the server.

    Any idea what's going on here? Thanks in advance--


  • 2.  RE: SEP SBE 3.0 server not pushing out virus definition updates

    Posted Apr 05, 2010 11:20 AM

    Check to see if your definitions are corrupted.

    How to determine if virus definitions of Symantec Endpoint Protection client (SEP) 11 or 12 Small Business Edition, are corrupted

    http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/9f3886677a030adf802576770050df64?OpenDocument



  • 3.  RE: SEP SBE 3.0 server not pushing out virus definition updates

    Posted Apr 05, 2010 01:12 PM

    It does appear that some of the clients have old & corrupted vdefs left over. I will try to cleanup process on a few clients to see if they start updating themselves after the definitions are fixed.


  • 4.  RE: SEP SBE 3.0 server not pushing out virus definition updates

    Posted Apr 12, 2010 01:17 PM

    Well, I went through the process to fix all of the machines with corrupted vdefs. It has now been a week, and the clients are clearly not updating themselves.

    Any other ideas?


  • 5.  RE: SEP SBE 3.0 server not pushing out virus definition updates

    Posted Apr 13, 2010 10:33 AM

    Check out his KB on Troubleshooting content update problems


    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009020909412948



  • 6.  RE: SEP SBE 3.0 server not pushing out virus definition updates

    Posted Apr 19, 2010 01:18 PM
      |   view attached
    I have run through the suggestions in the "Troubleshooting content update problems" article, and every client I've checked passes all the tests.

    So I moved on to the "How to debug SEP 11.x client" article, and have enabled lots of logging on one of the troubling clients.

    Attached to this message is a chunk of the debug.log with a "SectionOrderingError"--I see this set of messages repeated over and over in the logs. It is clearly some kind of exception and stack trace.

    I also see some inscrutable errors in my syslink.log, but am not attaching it at this point for privacy reasons (it contains internal IP address, server names, account names, etc.).

    Any more suggestions?

    Attachment(s)

    txt
    debug.log__1.txt   24 KB 1 version


  • 7.  RE: SEP SBE 3.0 server not pushing out virus definition updates

    Posted May 25, 2010 02:41 PM
    in the Sylink.log do you see SMS = 200 or do you find SMS = 4xxx or 5xxx ?

    search for SMS.