Endpoint Protection

 View Only

  • 1.  SEP unmanaged doesn't update virus definition

    Posted May 29, 2009 05:35 AM
    Hi,
    I have installed a SEP unmanaged (without SEPM) and scheduled liveupdate everyday.
    When I start it manually the process ends successfully but it doesn't update virus definition,what can I look at?
    thanks
    Miriam


  • 2.  RE: SEP unmanaged doesn't update virus definition

    Posted May 29, 2009 05:41 AM
    Whats the version you are suing?

    Also, what are the update dates for Antivirus and AntiSpyware, PTP and NTP on the client GUI ?



  • 3.  RE: SEP unmanaged doesn't update virus definition

    Posted May 29, 2009 05:49 AM
    The version is SEP 11.04 and the last update was on 17-maggio when I unistall and reinstall live update


  • 4.  RE: SEP unmanaged doesn't update virus definition

    Posted May 29, 2009 06:08 AM
    Ok. Can you post a screenshot of the SEP Client GUI?

    Also, you may want to check the file "log.liveupdate" to see if there are any errors mentioned in the log.

    If you uninstalled and reinstalled LiveUpdate, try to run a repair of the SEP client from the Add/remove programs snap-in to re-register LiveUpdate with the program.




  • 5.  RE: SEP unmanaged doesn't update virus definition

    Posted May 29, 2009 06:29 AM
    How can it be that when I start the liveupdate manually I get this:
    "Initializing...
    Connecting to liveupdate.symantecliveupdate.com...

    Downloading catalog file (1 of 1), product up-to-date.
    All of the Symantec products installed on your computer are currently up-to-date. Remember to check for new updates frequently.

    LiveUpdate session is complete."

    And at the same time that's what I see in the log.liveupdate:


    "29/05/2009, 8.54.39 GMT -> LuComServer version: 3.3.0.69
    29/05/2009, 8.54.39 GMT -> LiveUpdate Language: English
    29/05/2009, 8.54.39 GMT -> LuComServer Sequence Number: 20080630
    29/05/2009, 8.54.39 GMT -> OS: Windows Vista[Product:0x00000007], Service Pack: 1, Major: 6, Minor: 0, Build: 6001 (64-bit)  "it's not vista is Windows 2008!!!"
    29/05/2009, 8.54.39 GMT -> System Language:[0x0410], User Language:[0x0410]
    29/05/2009, 8.54.39 GMT -> IE 7 Support
    29/05/2009, 8.54.39 GMT -> ComCtl32 version: 6.16
    29/05/2009, 8.54.39 GMT -> IP Addresses: ::1, 192.168.1.1
    29/05/2009, 8.54.39 GMT -> Loading C:\ProgramData\Symantec\LiveUpdate\Product.Inventory.LiveUpdate
    29/05/2009, 8.54.39 GMT -> Only the LiveUpdate command lines were registered in the Product.Inventory.LiveUpdate file.
    29/05/2009, 8.54.39 GMT -> Failed to load C:\ProgramData\Symantec\LiveUpdate\Product.Inventory.LiveUpdate.
    29/05/2009, 8.54.39 GMT -> Opened the product inventory at "C:\ProgramData\Symantec\LiveUpdate\Product.Inventory.LiveUpdate".
    29/05/2009, 8.54.39 GMT -> Combined Product Inventory Flags 0, Permanent Flags 0, Permanent Flags Filter 0
    29/05/2009, 8.54.39 GMT -> LiveUpdate flag value for this run is 0
    29/05/2009, 8.54.39 GMT -> The command line is -M{E1D9A035-8CE4-4e93-A1DF-AC3AA714EE95}
    29/05/2009, 8.54.39 GMT -> ProductRegCom/luGroup(PID=5796/TID=6304): Successfully created an instance of an luGroup object!
    29/05/2009, 8.54.39 GMT -> ProductRegCom/luGroup(PID=5796/TID=6304): Path for calling process executable is C:\Program Files (x86)\Symantec\LiveUpdate\LuAll.exe.
    29/05/2009, 8.54.39 GMT -> ProductRegCom/luGroup(PID=5796/TID=6304): Destroyed luGroup object.
    29/05/2009, 8.54.39 GMT -> Scanning the following file for potentially malicious host entries: C:\Windows\system32\Drivers\etc\hosts
    29/05/2009, 8.54.39 GMT -> Scanning the following file for potentially malicious host entries: C:\Windows\system32\Drivers\etc\lmhosts.sam
    29/05/2009, 8.54.39 GMT -> LiveUpdate did not find any malicious host entries in any hosts files.
    29/05/2009, 8.54.39 GMT -> **** Starting an Express Mode LiveUpdate Session ****
    29/05/2009, 8.54.39 GMT -> User Type: Administrator.
    29/05/2009, 8.54.41 GMT -> *********************** Start of New LU Session ***********************
    29/05/2009, 8.54.41 GMT -> EVENT - SESSION START EVENT - The LiveUpdate session is running in Express Mode.
    29/05/2009, 8.54.41 GMT -> Check for updates to: Product: LiveUpdate, Version: 3.3.0.69, Language: English. Mini-TRI file name: liveupdate_3.3.0.69_english_livetri.zip
    29/05/2009, 8.54.41 GMT -> Progress Update: TRYING_HOST: HostName: "liveupdate.symantecliveupdate.com" URL: "http://liveupdate.symantecliveupdate.com" HostNumber: 0
    29/05/2009, 8.54.41 GMT -> Progress Update: TRIFILE_DOWNLOAD_START: Number of TRI files: 0 Downloading LiveUpdate catalog file
    29/05/2009, 8.54.41 GMT -> LiveUpdate will download the first Mini-TRI file, liveupdate_3.3.0.69_english_livetri.zip
    29/05/2009, 8.54.41 GMT -> Progress Update: DOWNLOAD_BATCH_START: Files to download: 1, Estimated total size: 0
    29/05/2009, 8.54.41 GMT -> Progress Update: PRE_CONNECT: Proxy: "(not-available)" Agent: "Symantec LiveUpdate" AccessType: 0x0
    29/05/2009, 8.54.41 GMT -> Progress Update: CONNECTED: Proxy: "(not-available)" Agent: "NlVItYYXFbBUBv6hWpiG1Z0bbk8z6IfSgAAAAA" AccessType: 0x0
    29/05/2009, 8.54.41 GMT -> Progress Update: DOWNLOAD_FILE_START: URL: "http://liveupdate.symantecliveupdate.com/liveupdate_3.3.0.69_english_livetri.zip", Estimated Size: 0, Destination Folder: "C:\ProgramData\Symantec\LiveUpdate\Downloads"
    29/05/2009, 8.54.41 GMT -> HttpSendRequest (status 404): Request failed - File does not exist on the server.
    29/05/2009, 8.54.41 GMT -> Progress Update: DOWNLOAD_FILE_FINISH: - NOTE - URL: "http://liveupdate.symantecliveupdate.com/liveupdate_3.3.0.69_english_livetri.zip", Full Download Path: "C:\ProgramData\Symantec\LiveUpdate\Downloads\liveupdate_3.3.0.69_english_livetri.zip" HR: 0x802A0026
    29/05/2009, 8.54.41 GMT -> HR 0x802A0026 DECODE: E_HTTP_NOT_FOUND
    29/05/2009, 8.54.41 GMT -> Progress Update: DOWNLOAD_BATCH_FINISH: HR: 0x0 , Num Successful: 0
    29/05/2009, 8.54.41 GMT -> LiveUpdate will check for Mini-TRI file support on the server since the first Mini-TRI file was not available (liveupdate_3.3.0.69_english_livetri.zip).
    29/05/2009, 8.54.41 GMT -> Progress Update: DOWNLOAD_BATCH_START: Files to download: 1, Estimated total size: 0
    29/05/2009, 8.54.41 GMT -> Progress Update: DOWNLOAD_FILE_START: URL: "http://liveupdate.symantecliveupdate.com/minitri.flg", Estimated Size: 0, Destination Folder: "C:\ProgramData\Symantec\LiveUpdate\Downloads"
    29/05/2009, 8.54.41 GMT -> HttpSendRequest (status 304): Request succeeded - File up to date so download is not required
    29/05/2009, 8.54.41 GMT -> Progress Update: DOWNLOAD_FILE_NOT_MODIFIED: URL: "http://liveupdate.symantecliveupdate.com/minitri.flg", Full Download Path: "C:\ProgramData\Symantec\LiveUpdate\Downloads\minitri.flg"
    29/05/2009, 8.54.41 GMT -> Progress Update: DOWNLOAD_FILE_FINISH: URL: "http://liveupdate.symantecliveupdate.com/minitri.flg", Full Download Path: "C:\ProgramData\Symantec\LiveUpdate\Downloads\minitri.flg" HR: 0x0
    29/05/2009, 8.54.41 GMT -> Progress Update: DOWNLOAD_BATCH_FINISH: HR: 0x0 , Num Successful: 1
    29/05/2009, 8.54.41 GMT -> Progress Update: HOST_SELECTED: Host IP: "79.140.81.58" URL: "http://liveupdate.symantecliveupdate.com" HostNumber: 0
    29/05/2009, 8.54.41 GMT -> Attempting to load SymCrypt...
    29/05/2009, 8.54.41 GMT -> SymCrypt.dll does not exist.
    29/05/2009, 8.54.41 GMT -> EVENT - SERVER SELECTION SUCCESSFUL EVENT - LiveUpdate connected to server liveupdate.symantecliveupdate.com at path via a HTTP connection. The server connection connected with a return code of 200, Successfully download TRI file
    29/05/2009, 8.54.41 GMT -> LiveUpdate is connected to a server with Mini-TRI file support. LiveUpdate will download and process the remaining Mini-TRI files.
    29/05/2009, 8.54.41 GMT -> Check for updates to: Product: Automatic LiveUpdate, Version: 3.3.0.69, Language: English. Mini-TRI file name: automatic$20liveupdate_3.3.0.69_english_livetri.zip
    29/05/2009, 8.54.41 GMT -> Progress Update: TRIFILE_DOWNLOAD_END: Number of TRI files: "0"
    29/05/2009, 8.54.41 GMT -> Progress Update: TRIFILE_DOWNLOAD_START: Number of TRI files: 1 Downloading Mini-TRI files
    29/05/2009, 8.54.41 GMT -> Progress Update: DOWNLOAD_BATCH_START: Files to download: 1, Estimated total size: 0
    29/05/2009, 8.54.41 GMT -> Progress Update: DOWNLOAD_FILE_START: URL: "http://liveupdate.symantecliveupdate.com/automatic$20liveupdate_3.3.0.69_english_livetri.zip", Estimated Size: 0, Destination Folder: "C:\ProgramData\Symantec\LiveUpdate\Downloads"
    29/05/2009, 8.54.41 GMT -> HttpSendRequest (status 404): Request failed - File does not exist on the server.
    29/05/2009, 8.54.41 GMT -> Progress Update: DOWNLOAD_FILE_FINISH: - NOTE - URL: "http://liveupdate.symantecliveupdate.com/automatic$20liveupdate_3.3.0.69_english_livetri.zip", Full Download Path: "C:\ProgramData\Symantec\LiveUpdate\Downloads\automatic$20liveupdate_3.3.0.69_english_livetri.zip" HR: 0x802A0026
    29/05/2009, 8.54.41 GMT -> HR 0x802A0026 DECODE: E_HTTP_NOT_FOUND
    29/05/2009, 8.54.41 GMT -> Progress Update: DOWNLOAD_BATCH_FINISH: HR: 0x0 , Num Successful: 0
    29/05/2009, 8.54.41 GMT -> Progress Update: TRIFILE_DOWNLOAD_END: Number of TRI files: "0"
    29/05/2009, 8.54.41 GMT -> ********* Finished Finding Available Updates *********

    29/05/2009, 8.54.41 GMT -> LiveUpdate did not find any new updates for the given products.
    29/05/2009, 8.54.41 GMT -> EVENT - SESSION END SUCCESSFUL EVENT - The LiveUpdate session ran in Express Mode. LiveUpdate found 0 updates available, of which 0 were installed and 0 failed to install. The LiveUpdate session exited with a return code of 100, LiveUpdate ran successfully. There are no new updates to your products.
    29/05/2009, 8.54.41 GMT -> ProductRegCom/luGroup(PID=5796/TID=6304): Successfully created an instance of an luGroup object!
    29/05/2009, 8.54.41 GMT -> ProductRegCom/luGroup(PID=5796/TID=6304): Path for calling process executable is C:\Program Files (x86)\Symantec\LiveUpdate\LuAll.exe.
    29/05/2009, 8.54.41 GMT -> ProductRegCom/luGroup(PID=5796/TID=6304): Destroyed luGroup object.
    29/05/2009, 8.54.43 GMT -> Only the LiveUpdate command lines were registered in the Product.Inventory.LiveUpdate file.
    29/05/2009, 8.54.43 GMT -> Integrity check of the newly saved product inventory failed with error code=0x802A004"

    Any idea?
    thanks


  • 6.  RE: SEP unmanaged doesn't update virus definition

    Broadcom Employee
    Posted May 29, 2009 07:56 AM
    is your machine updated with the latest signature?

    "29/05/2009, 8.54.41 GMT -> EVENT - SESSION END SUCCESSFUL EVENT - The LiveUpdate session ran in Express Mode. LiveUpdate found 0 updates available, of which 0 were installed and 0 failed to install. The LiveUpdate session exited with a return code of 100, LiveUpdate ran successfully. There are no new updates to your products."

    Cheers
    Pete!


  • 7.  RE: SEP unmanaged doesn't update virus definition

    Posted May 29, 2009 08:01 AM
    That is the problem!
    it say there are no updates but it shows the last is of may 17th


  • 8.  RE: SEP unmanaged doesn't update virus definition

    Broadcom Employee
    Posted May 29, 2009 08:41 AM
    not sure if the definitions are corrupted.

    you may try updating the system with the available jdb file and monitor it for next update.

    can you reinstall the LU on this computer and see if it works, hope 64 bit package is installed on this Win 2008 computer!! (OS: Windows Vista[Product:0x00000007], Service Pack: 1, Major: 6, Minor: 0, Build: 6001 (64-bit) "it's not vista is Windows 2008!!!")

    Cheers
    Pete!