Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEPM 11.0.7 LiveUpdate not downloading anti-virus definitions

Created: 17 Dec 2013 | 24 comments

I've re-installed SEPM 11.0.7, and from a 'new' install I still don't get anti-virus definitions downloading.  Ive scoured for information to correct this issue.

 

I've:

    Re-installed SEPM already

    Re-installed LiveUpdate, re-ran LuCatalog.exe --cleanup LuCatalog.exe --update, still no dice

    Manually updating the JDB seems to put the files in the Inetpub/Content folders, but they dissappear after a while

    Running LiveUpdate by itself doesn't seem to show the definitions as part of the download package

    SyLink debug doesn't show the moniker for the Antivirus definitions in the content index:

12/17 09:55:40 [9700] <mfn_DoGetIndexFile200>Index File: <?xml version="1.0" encoding="UTF-8" ?><GroupIndex SiteID="6CFB35710A6404A301960DCA1FE4A809" ServerID="C155194F0A6404A300F76964384E95C4" GroupID="3AF5C3E00A6404A30096A978366D1BB4" GroupCheckSum="842CEA790A323210858413531" LastModifiedTime = "17/12/2013 09:55:32"> <Profile Checksum="0B460522A884190DD2054539AEB6788A" SerialNumber="3AF5-12/17/2013 14:55:27 177" LastModifiedTime="17/12/2013  09:55:32"/> <ConfigFile Checksum="371F4B4866869FE0F6103961BF5D9C90" LastModifiedTime="16/12/2013  18:14:29"/> <IDSFile Checksum="703A0AE1B8EC84B36CDBAECB7E800283" LastModifiedTime="16/12/2013  18:14:29"/> <SylinkFile Checksum="9FF322938991914936FAD0628E40069B" LastModifiedTime="17/12/2013  09:55:32"/> <LSProfile Checksum="34D2B4FCEBBF480901D0D789DB50D01B" SerialNumber ="3AF5-12/17/2013 14:55:27 177" LastModifiedTime ="17/12/2013  09:55:32"/>
<LiveUpdate>
<File Checksum="0564396080661325ADE1B8D365711AEA" DeltaFlag="1" FullSize="1206867" LastModifiedTime="1387262322511" Moniker="{42B17E5E-4E9D-4157-88CB-966FB4985928}" Seq="131216001"/>
  <File Checksum="366E018648D3F9F4A70DD0F3DC4230FD" DeltaFlag="1" FullSize="1185589" LastModifiedTime="1387262021253" Moniker="{D3769926-05B7-4ad1-9DCF-23051EEE78E3}" Seq="131216001"/>
  <File Checksum="2BCC6DFEFF0788882097BCCD82EDD973" DeltaFlag="1" FullSize="669829" LastModifiedTime="1387147925371" Moniker="{C25CEA47-63E5-447b-8D95-C79CAE13FF79}" Seq="80929016"/>
  <File Checksum="85FA2BDE9F92CD228F841376B78562A7" DeltaFlag="1" FullSize="886158" LastModifiedTime="1387147930840" Moniker="{ECCC5006-EF61-4c99-829A-417B6C6AD963}" Seq="2012111400"/>
  <File Checksum="4A49FDF8842481D65D661615DAEFEF31" DeltaFlag="1" FullSize="88188" LastModifiedTime="1387147938340" Moniker="{EA960B33-2196-4d53-8AC4-D5043A5B6F9B}" Seq="80820001"/>
  <File Checksum="2DC4D3735698A8F6CD6F73AC29A871C6" DeltaFlag="1" FullSize="6762" LastModifiedTime="1387147940059" Moniker="{4F889C4A-784D-40de-8539-6A29BAA43139}" Seq="131024024"/>
  <File Checksum="8423DCA0E594841AC7C403FCCD4331A6" DeltaFlag="1" FullSize="1662247" LastModifiedTime="1387147941450" Moniker="{DB206823-FFD2-440a-9B89-CCFD45F3F1CD}" Seq="80820001"/>
  <File Checksum="A50A8C71081A8EDC341811350542975B" DeltaFlag="1" FullSize="1419193" LastModifiedTime="1387147955419" Moniker="{C13726A9-8DF7-4583-9B39-105B7EBD55E2}" Seq="80820001"/>
  <File Checksum="E44B7D258B3EC5945BB45F7DC008014D" DeltaFlag="1" FullSize="77361" LastModifiedTime="1387291949435" Moniker="{CC40C428-1830-44ef-B8B2-920A0B761793}" Seq="131217002"/>
  <File Checksum="91920BA1D1CBCA6DA2A488A0BECC7379" DeltaFlag="1" FullSize="13077129" LastModifiedTime="1387291956677" Moniker="{812CD25E-1049-4086-9DDD-A4FAE649FBDF}" Seq="131217002"/>
  <File Checksum="400B2F3ACFE7FC9A8E6B04361590B724" DeltaFlag="1" FullSize="13077148" LastModifiedTime="1387291965291" Moniker="{E1A6B4FF-6873-4200-B6F6-04C13BF38CF3}" Seq="131217002"/>
  <File Checksum="1FBBBA895DD2A8B8ECB739FAA5F17EDF" DeltaFlag="1" FullSize="77349" LastModifiedTime="1387291966286" Moniker="{E5A3EBEE-D580-421e-86DF-54C0B3739522}" Seq="131217002"/>
</LiveUpdate>
</GroupIndex>
 
It seems like my issue is in getting LiveUpdate and SEPM linked and set to download AV definitions.  If LuCatalog.exe doesn't fix this, what is the solution?

I'd really love to avoid installing 12.1 as it is year-end and we are barred from making major changes to our environment.

Operating Systems:

Comments 24 CommentsJump to latest comment

.Brian's picture

When did this start? Can you post the log.liveupdate file?

Have you tried the steps here:

http://www.symantec.com/docs/TECH166923

http://www.symantec.com/docs/TECH91335

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Rafeeq's picture

are you using proxy in your network? have you configured SEPM to use proxy?

Chetan Savade's picture

Hi,

Thank you for posting in Symantec community.

Are you able to access liveupdate.symantecliveupdate.com through Internet Explorer?

Refer this article:

How to determine whether your firewall is blocking LiveUpdate

http://www.symantec.com/docs/TECH139451

Had refer this article to clear corrupt definitions?

https://www-secure.symantec.com/connect/articles/how-clear-corrupt-virus-definitions-sepm

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

.Brian's picture

I would also suggest downloading and running the SymHelp tool to check for issues:

Symantec Help (SymHelp) Download

http://www.symantec.com/docs/TECH170752

Troubleshooting computer issues with the Symantec Help support tool

http://www.symantec.com/docs/HOWTO80839

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

GJCronje's picture

There is something wrong with the downloading of signatures. We have 5 managers and not one of them got updated, even after Liveupdate stated that all the definitions are up to date.

 

I had to download the JDB and add it on all my manager Servers manaully

pete_4u2002's picture

yes, download the jdb file to update, there seems to be some issue with LU.

ThaveshinP's picture

Definitely an issue as well with our 3 managers.

SameerU's picture

Hi

There is issue with Symantec liveupdate server that Virus Definitions showing Monday, Dec 16 and later definitions have not been posted, SEP Management Consoles will show definitions up to Dec 16 as available, this issue is currently been investigated, as a workaround you can download the rapid release .jdb and manually update the SEPM

Please find the link to download the definitions

ftp://ftp.symantec.com/AVDEFS/symantec_antivirus_c...

Regards

 

GeoGeo's picture

Are you using SQL 2005 database? If so follow the below to fix the issue.
http://www.symantec.com/business/support/index?pag...

Please review ideas and vote there could be something useful :)

https://www-secure.symantec.com/connect/security/ideas

 

f_n's picture

I have the same problem here. LU does not download new definitions.

 

I imported the JDB File wich got processed, but the new definitions still didn't show up in SEPM.

The incoming folder is now empty, SEPM status message wrote that the rapidupdate was succesfull, but there are no new definitions.

 

Any hints? This software is starting to annoy me.

 

GeoGeo's picture

Are you using SQL 2005 database?

Please review ideas and vote there could be something useful :)

https://www-secure.symantec.com/connect/security/ideas

 

f_n's picture

Nope.

We're using a clustered Microsoft SQL 2008 R2 Enterprise.

Chetan Savade's picture

Hello Everyone,

Issue appears to be resolved at this point please run liveupdate through SEPM to get latest definitions.

Note: Symantec is aware of this issue & we have few customers reported.

As the issue is intermittent you may choose to update the definitions using .JDB file.

How to update definitions for Symantec Endpoint Protection Manager (SEPM) using a .jdb file:

http://www.symantec.com/docs/TECH102607

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

f_n's picture

Issue appears to be resolved at this point please run liveupdate through SEPM to get latest definitions.

Still no update over SEPM for me.

Update with JDB does not work either, as mentioned above.

Chetan Savade's picture

Hi,

JDB file should update SEPM successfully.

It's been how many days SEPM has not updated?

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

f_n's picture

So I tried to follow that article:

http://www.symantec.com/business/support/index?pag...

I deleted all revisions and watched the folders in inetpub as they get recreated, but as before SEPM stops at the folder "131204032". The last update SEPM gets is from december 5th.

Chetan Savade's picture

What's the error when you run liveupdate manually or through SEPM console?

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

f_n's picture

At first there was no error at all, just a "no updates found for SEP" and a "LiveUpdate succeeded".

Now, after deleting all the revisions like mentionend in the TECH article i get an error stating: "Symantec Endpoint Protection could not update Virus and Spyware definitions"

As mentioned before, all the Revisions till 5th december got downloaded again. It just stops there.

Brad Newbold's picture

Here's the LiveUpdate Log file.  I don't see the AV definitions monikers being updated, I have used LuCatalog.exe --cleanup and LuCatalog.exe --update to no effect.

 

In SEPM Admin>Servers 'Show LiveUpdate Downloads' I do not see the definitions listed.

 

I ran SymHelp and it showed corrupt definitions on the SEP Client, but not SEPM.  I re-installed the client and can confirm the client is getting the latest definitions.

 

LiveUpdate still appears to put the definitions inside of the Inetpubd/content directory, but it gets removed after a while.

AttachmentSize
Log.LiveUpdate.txt 3.55 MB
f_n's picture

Hello Brad Newbold,

as you can see in the thread I had exactly the same problem. I contacted Symantec support and gave them all the SEPM logfiles. They redirected me to following article: http://www.symantec.com/business/support/index?pag... wich solved the problem for me.

 

We used 30 Revisions but the default value of the filegroup of 20.000 MB wasn't enough. We set it to 30k now and everything is workling again. I hope this helps you to fix your problem.

 

Good Luck

Chetan Savade's picture

Is there any update?

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

John Santana's picture

yes please, I also got the same issue with the definition not updating.

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

Chetan Savade's picture

Do you face it as an intermittent issue or it's been a permanent issue?

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<