Video Screencast Help

Server 2003 SEP 12.1 client not receiving Live Updates

Created: 14 Jun 2013 • Updated: 14 Jun 2013 | 14 comments
This issue has been solved. See solution.

I have a Windows Server 2003 box running SEP 12.1.  A few days ago it stopped receiving Live Updates.  I ran the Intelligent Updater yesterday and that was successful in loading the updates but the Live Update feature is still not working. 

I found this article and just wanted to make sure that this would apply to my situation

This is one of our mission critical servers so I just want to make sure that this will not require a reboot.

Any other thoughts or suggestions would be great!

Operating Systems:

Comments 14 CommentsJump to latest comment

consoleadmin's picture

Try it

Symantec Endpoint Protection Manager (SEPM) 12.1 is not updating 32 or 64 bit virus definitions.
Article:TECH166923  |  Created: 2011-08-10  |  Updated: 2012-06-16  |  Article URL


sandra.g's picture

Which version of 12.1, and is this the SEP client, or the SEP Manager (SEPM)? The use of Intelligent Updater suggests it is the SEP client that is not updating, and not the SEPM.

The answers to these questions may greatly affect the advice you are given. smiley


Symantec, Senior Information Developer
Enterprise Security, Mobility, and Management - Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best helps you!

twirtz's picture

This is just happening on the client.  The SEP Manager is distributing the updates everywhere else with no problems.  It is running fine.

The version of the client is 12.1.1000.157 RU1

twirtz's picture

Yes definitions on all other clients are working fine.  It is just this one client that is having problems with the Live Update.  Below are error messages I see in the logs:

An update for Virus and Spyware Definitions Win32 failed to install.  Error: 0xE0010001, DuResult: 39.

n update for Virus and Spyware Definitions Win32 from LiveUpdate failed to install. Error: Prepackage callback failed (200)

consoleadmin's picture

Try the step

Delete the following registry keys:
 HKEY_USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
 HKEY_USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
Set the proxy enable in the registry to 0 under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Uncheck the proxy setting option in the internet options settings.
Reboot the system.

If the above step not help then try Cleanwipe

Run the latest cleanwipe on system. For cleanwipe you can contact with technical support.


Rafeeq's picture

Tried this

have you made sure that the client is communicating with the manager

open sep client, help and support- you see the server name or its offline/Unmanged?

How to clear out corrupted definitions for a Symantec Endpoint Protection client manually

twirtz's picture

Yes it is communicating with the manager with no issues.  I have looked at the above article and just wanted to make sure that I will not have to reboot this server if I follow those procedures.

twirtz's picture

In looking at that article, it does not have the path c:\program files\common files\symnantec shared\virusdefs

Are the paths different in 12.1?

Also the registry key does not have the SepCache1, SepCache2 or SepCache3

twirtz's picture

I was able to shutdown the SMC service but when I attempt to delete the files from the Definitions folder I receive the following message:

Cannot delete g_2_flt.idx.  It is being used by another person or process.

Any advice how to move on?  Are there any other services that may need to be stopped?

Rafeeq's picture

kill the ccsvchst.exe in the taskmanager, if you still face the problem.

stop all the symantec services from the services.msc

twirtz's picture

Actually it looks like once I deleted out some old definitions and restart SMC, it is working again.  Thanks for the help!