Endpoint Protection

 View Only
  • 1.  Signature file update

    Posted Jan 18, 2011 12:04 PM

    Hi

     

    I have only 10 notebooks with Windows 7 and I have installed SEP 11.06 client software from media CD on each notebook as unmanaged client. And on each notebook in internet browser I have define the proxy IP (the proxy is ISA 2006 appliance celestix). The installation was successfull but the after long time the signature file is not updated on notebook, even we have try manual update.

    What could be the reason

     

    Thanks



  • 2.  RE: Signature file update

    Posted Jan 18, 2011 12:24 PM

    Enable sylink debugging on one client. Then manually run LU and post the logs here. Just be sure to disable after your done

    How to enable Sylink Debugging for Symantec Endpoint Protection in the registry

    http://www.symantec.com/business/support/index?page=content&id=TECH104758&actp=search&viewlocale=en_US&searchid=1295371326658



  • 3.  RE: Signature file update

    Posted Jan 18, 2011 12:28 PM

    See this KB for information-

    Setting up a connection between an HTTP proxy server and Symantec Endpoint Protection Manager

    http://www.symantec.com/business/support/index?page=content&id=HOWTO26921



  • 4.  RE: Signature file update

    Posted Jan 18, 2011 01:26 PM

    I have installed SEP 11.06 client software from media CD on each notebook as unmanaged client

    Sylink debugging will do no good. What does the LiveUpdate log say? Can you upload it here? Should find it here on Windows 7 (ProgramData may be hidden): C:\Program Data\Symantec\LiveUpdate\Log.LiveUpdate

    Edit: you may want to try adding Proxy Information into the Symantec LiveUpdate control panel, though it should pull information from Internet Options by default.

    sandra



  • 5.  RE: Signature file update

    Posted Jan 19, 2011 12:41 AM
      |   view attached

    Hi

     

    Here is "log" files from the location of I have attached

    C:\Program Data\Symantec\LiveUpdate

    The OS on notebook is windows 7 64-bit, and I have seen the liveupdate in control pannel show 32-bit.

     

    I have just inserted SEP media CD in notebook and from auto rum menu I have selected SEP client installation and selected unmanaged client

     

    Thanks

     

     

    Attachment(s)

    txt
    Log1.txt   191 KB 1 version


  • 6.  RE: Signature file update

    Posted Jan 19, 2011 12:50 AM

    the user cancelled the liveupdate, run liveupdate again and let know the machine gets the update

    1/19/2011, 5:29:48 GMT -> EVENT - SESSION END FAILED EVENT - The LiveUpdate session ran in Express Mode. LiveUpdate found 3 updates available, of which 0 were installed and 3 failed to install.  The LiveUpdate session exited with a return code of 1801, The user canceled the LiveUpdate session



  • 7.  RE: Signature file update

    Posted Jan 19, 2011 12:51 AM

    the isa server is blocking the communication for the SEPM manager?

    have you installed SEPM On port 80 or 8014? then you need to allow this port in ISA between client and the server

    try the secars test as per this doc

    http://www.symantec.com/business/support/index?page=content&id=TECH105894&locale=en_US



  • 8.  RE: Signature file update

    Posted Jan 19, 2011 12:59 AM

    Hi

     

    We do not have SEPM (virus server) all my 10 notebooks are downloding from internet directly through ISA, because all my users browsing internet through ISA.

     

    I have not cacelled manually and I have run so many times liveupdate but it did not updated signature file

     

    Thanks

     

     



  • 9.  RE: Signature file update

    Posted Jan 19, 2011 03:09 AM

    Hi Golani,

     

    Here's the trouble: the LiveUpdate clients can reach the Internet LU source servers:

    >1/18/2011, 7:47:15 GMT -> EVENT - SERVER SELECTION SUCCESSFUL EVENT - LiveUpdate connected to server liveupdate.symantecliveupdate.com at path via a HTTP connection. The server connection connected with a return code of 200, Successfully download TRI file
     

    But they cannot download files of this type:

    >1/18/2011, 7:48:03 GMT -> Progress Update: DOWNLOAD_FILE_FINISH: - NOTE - URL: "1295309160jtun_emt64nav2k8enccur25.m25", Full Download Path: "C:\ProgramData\Symantec\LiveUpdate\Downloads\1295309160jtun_emt64nav2k8enccur25.m25.seg2.zip" HR: 0x802A0045
    >1/18/2011, 7:48:03 GMT -> HR 0x802A0045 DECODE: E_UNABLE_TO_REACH_SERVER

    >1/18/2011, 7:56:53 GMT -> EVENT - SESSION END FAILED EVENT - The LiveUpdate session ran in Silent Mode. LiveUpdate found 3 updates available, of which 0 were installed and 3 failed to install. The LiveUpdate session exited with a return code of 1835, The LiveUpdate server failed to respond in a reasonable amount of time.
    >1/18/2011, 7:57:38 GMT -> CSendHTTPRequest::SendRequest - Timed out while communicating with server.

     

    The problem is probably that your proxy server is configured to allow only certain types of files to pass through.  If the .m25 extension is not among the allowed file types, this will happen every time.

     

    Please have a look and update the forum thread with your progress!

     

    Thanks and best regards,

     

    Mick



  • 10.  RE: Signature file update

    Posted Jan 19, 2011 03:26 AM

    use this document to check if ISA is blocking it.

    we had the same issue earlier where symantec website is not allowed from ISA.

    http://www.symantec.com/business/support/index?page=content&id=TECH102059&locale=en_US

    are u able to open

    ftp.symantec.com

    www.symantec.com

    liveudpate.symantecliveupdate.com ??

    have you enabled content filtering, check your ISA logs for one system IP , logs will tell u which rule is blocking the connection.