Endpoint Protection

 View Only
Expand all | Collapse all

Some clients not updating defs.

Migration User

Migration UserAug 01, 2012 07:23 AM

Migration User

Migration UserAug 02, 2012 07:19 AM

Migration User

Migration UserAug 03, 2012 06:40 AM

  • 1.  Some clients not updating defs.

    Posted Aug 01, 2012 07:01 AM

    Hi

    We use SEPM and SEP latest versions. SEPM W2K8R2. Clients mix og XP and Win7

    SEPM has not updated

     

    When I run a update: LUALL.EXE successfully updated the content. Return Code=0. Even when I download the newest *.jdb file and place in

    \...conten\incoming folder, it will not update.

    Some of the clients do not update til defs automatic, some clients have defs. who is 14 days old?

    Any clues, why SEPM og SEP client is not updating?

    Thanks.

    Alex



  • 2.  RE: Some clients not updating defs.

    Posted Aug 01, 2012 07:15 AM

    I've always founds these articles to be very handy in troublshooting LU problems:

    http://www.symantec.com/docs/TECH183178

    http://www.symantec.com/docs/TECH105924

    #EDIT#

    Oh, and this one is specific to the JDB updates failing:

    http://www.symantec.com/docs/TECH147268



  • 3.  RE: Some clients not updating defs.

    Posted Aug 01, 2012 07:16 AM

    Kindly Verify.

    Do you have a green dot on the client ?
    Does it update the virus definitions ? 
    On the client go to Help and Support - Troubleshooting: check if the client is reporting to server or does it say Self-managed or Offline,

    Are the other clients updating with policy ?

    Do you have using proxy on SEPM server on SEPM server ?

    Troubleshooting LiveUpdate Issues with Symantec Endpoint protection

    http://www.symantec.com/connect/articles/troubleshooting-liveupdate-issues-symantec-endpoint-protection



  • 4.  RE: Some clients not updating defs.

    Posted Aug 01, 2012 07:23 AM

    Thanks will try those links.



  • 5.  RE: Some clients not updating defs.

    Posted Aug 01, 2012 07:28 AM

    HI,

    Your SEPM server not update direct you can check you SEPM server live update setting.

    Troubleshooting LiveUpdate Issues with Symantec Endpoint protection

    http://www.symantec.com/connect/articles/troubleshooting-liveupdate-issues-symantec-endpoint-protection

     

    I gather that you are downloading the .jdb via FTP and dropping it on your SEPM or clients.  That method works great for the AntiVirus definitions, but doesn't supply you with firewall, PTP etc materials.  Using AV alone is fighting today's threats with one arm tied behind your back - I really recommend that you add NTP and IDS technologies to better secure those endpoints.

    If you are using FTP as that is the only method available due to network restrictions, ther is one good solution: have you considered setting up an internal LIveUpdate Administrator 2.x server?  That can download via FTP new updates for all the different components, and then make them availabole for all the SEP clients to use.

     

    Note:. JDB will update only the Virus Definitions on the SEPM server not PTP and NTP signatures



  • 6.  RE: Some clients not updating defs.

    Trusted Advisor
    Posted Aug 01, 2012 08:07 AM

    Hello,

    Could please let us know what verison of SEPM / SEP are you running?

    I would request you to work on these Articles provided below:

    FOR SEP 12.1

    Symantec Endpoint Protection Manager (SEPM) 12.1 is not updating 32 or 64 bit virus definitions.

    http://www.symantec.com/docs/TECH166923

    The SEPM does not update virus definitions. Liveupdate not working on the Symantec Endpoint Protection Manager 12.1

    http://www.symantec.com/docs/TECH183178

    Symantec Endpoint Protection: LiveUpdate Troubleshooting Flowchart


    www.symantec.com/business/support/index?page=content&id=TECH95790

    FOR SEP 11.x

    Symantec Endpoint Protection Manager 11.x is not updating 32 or 64 bit virus definitions.


    www.symantec.com/business/support/index?page=content&id=TECH104721

    Symantec Endpoint Protection: LiveUpdate Troubleshooting Flowchart


    www.symantec.com/business/support/index?page=content&id=TECH95790

    Hope that helps!!



  • 7.  RE: Some clients not updating defs.

    Broadcom Employee
    Posted Aug 01, 2012 08:54 AM

    Hi,

    Also check following articles

    How to determine if virus definitions of Symantec Endpoint Protection client (SEP) 11 or 12 Small Business Edition, are corrupted

    http://www.symantec.com/docs/TECH97677

    How to clear out corrupted definitions for a Symantec Endpoint Protection client manually

    http://www.symantec.com/docs/TECH103176



  • 8.  RE: Some clients not updating defs.

    Posted Aug 02, 2012 01:40 AM

    Hi,

    on SEPM, you can check if any replication is running when LiveUpdate is lounched, these to steps are not compatible.

     

    Cheers.



  • 9.  RE: Some clients not updating defs.

    Posted Aug 02, 2012 06:45 AM
      |   view attached

    Hi

    Thanks for the links.

    I have followed the links you gave, but my SEPM manager is still not correct updated!

    Virus and Spyware are old def.? See file attachment.

    We are using SEPM version: 12.1.1101.401 RU1 MP1

    Alex

     

     

     



  • 10.  RE: Some clients not updating defs.

    Posted Aug 02, 2012 06:58 AM

    It'd help us if you posted the log.liveupdate and sesmlu.log files identified in the articles I linked earlier.

    Alternatively, you may want to contact Symantec Support for help?



  • 11.  RE: Some clients not updating defs.

    Posted Aug 02, 2012 07:19 AM

    Hi

    have attached the two files

    Alex

    Attachment(s)

    txt
    Logliveupdate.txt   3.85 MB 1 version
    txt
    SesmLu_3.txt   1.21 MB 1 version


  • 12.  RE: Some clients not updating defs.

    Posted Aug 02, 2012 12:01 PM

     

    ...the LU session itself is working fine as per the below logs entries:
     
    02-08-2012, 10:35:30 GMT -> EVENT - PRODUCT UPDATE SUCCEEDED EVENT - Update available for SEPM Virus Definitions Win32 v12.1 - MicroDefsB.CurDefs - SymAllLanguages. Update for CurDefs takes product from update 0 to 120801037. Server name - liveupdate.symantecliveupdate.com, Update file - 1343897304jtun_sep12enncur26.m26, Signer - cn=Symantec Corporation,ou=Locality - Culver City,ou=Product Group - LiveUpdate,ou=SymSignature 2005,o=Symantec Corporation, package install code 0. The Update executed with a result code of 1800, => Success
    02-08-2012, 10:35:30 GMT -> EVENT - PRODUCT UPDATE SUCCEEDED EVENT - Update available for SEPM Virus Definitions Win64 (x64) v12.1 - MicroDefsB.CurDefs - SymAllLanguages. Update for CurDefs takes product from update 120715009 to 120801037. Server name - liveupdate.symantecliveupdate.com, Update file - 1343897304jtun_emt64sep12en120715009.m26, Signer - cn=Symantec Corporation,ou=Locality - Culver City,ou=Product Group - LiveUpdate,ou=SymSignature 2005,o=Symantec Corporation, package install code 0. The Update executed with a result code of 1800, => Success
     
    Unfortunately it looks like the sesmlu.log file is from a completely different time frame, and only shows logs from 12:06 onwards (a good 1.5 hours after the above LU session), so I can't tell what's happening.
     
    It is apparent however, that errors are getting logged in the sesmlu.log, but there's not much info on them.
     
    You might be looking at a repair of the SEPM here I'm afraid!  Before that though, can you confirm you have plenty of disk space free?


  • 13.  RE: Some clients not updating defs.

    Posted Aug 03, 2012 03:14 AM

    Hi

    There a plenty of disk space.

    Is there no other way, than doing a repair?

     

     



  • 14.  RE: Some clients not updating defs.

    Posted Aug 03, 2012 06:40 AM

    I just did a repair of SEPM. It did not help



  • 15.  RE: Some clients not updating defs.

    Posted Aug 03, 2012 06:42 AM

    Hi

    Does Symantec have a solution for me?

    I just did a repair of SEPM, and it did not help?



  • 16.  RE: Some clients not updating defs.

    Posted Aug 04, 2012 07:42 AM

    Hi

    Please remove the liveupdate

    Restart the Server.

    Register the Liveupdate.

    Run luall.exe and you SEPM would be updated.

    Kindly mark it as a solution if it works.

    Regards

     



  • 17.  RE: Some clients not updating defs.

    Posted Aug 06, 2012 04:36 AM

    ... I think you'll be better off logging a case with Symantec to look more closeley into the issue.

    Like I said before, there didn't appear to be any errors in the LU log, but the sesmlu.log file (while from a different time period) did show errors.  To me, it looks like the LU client on the SEPM is successfully downloading the content, but the SEPM itself is failing to process that content.

    Unfortunately I can't see anything in the logs that is indicative of a cause (hence why I think you should contact Symantec support).

    The only other thing that springs to mind is to check on the health of the DB as well...



  • 18.  RE: Some clients not updating defs.

    Posted Aug 06, 2012 04:37 AM

     

    Phone numbers to contact Tech Support:-

     

    Regional Support Telephone Numbers:
    United States: https://support.broadcom.com (407-357-7600 from outside the United States)
    Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
    United Kingdom: +44 (0) 870 606 6000

    India: Toll-Free 000 800 4401 456 directly

    IDD call: +61 2 8220 7111

     

    Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp

     

     

    How to create a new case in MySupport

    http://www.symantec.com/business/support/index?page=content&id=TECH58873