Endpoint Protection

Hello,

The SONAR definitions for SEP 12.1 RU2 are more than a month old in Endpoint Protection Manager. The definitions on our server are dated Wednesday, December 10, 2014 r12.

When I run LiveUpdate either through SEPM or manually, it is reporting that no updates are found.

However, according to the Security Response website, there should be a January release:

http://www.symantec.com/security_response/definitions.jsp?pid=sep1212

Virus and Spyware Protection, and Network Threat Protection, correctly show Friday, January 30 timestamps (our server is set to update once a week).

Please advise.

Thanks.

Have you tried running the symhelp tool on the SEPM to see what's going on?

Troubleshooting computer issues with the Symantec Help support tool

http://www.symantec.com/docs/HOWTO80839

Don't have access to the server at the moment, but just ran the symhelp tool on a client that has LiveUpdate privileges and no errors were reported.

Also, after running LiveUpdate on the client, it also states that the SONAR defs are up-to-date, even though they have the same Dec 10th timestamp.

Definitely not the right date. I'd be curious to see what shows on SEPM

Here's a screenshot from the SEPM web console:

I reinstalled LiveUpdate and ran it via SEPM to check for updates to the SONAR defs.

According to the Log.LiveUpdate file, the following files returned 404 Not Found errors:

http://liveupdate.symantecliveupdate.com/liveupdate_3.3.100.15_english_livetri.zip
http://liveupdate.symantecliveupdate.com/automatic$20liveupdate_3.3.100.15_english_livetri.zip
http://liveupdate.symantecliveupdate.com/sepm$20liveupdate$20database_12.1_symalllanguages_livetri.zip

On the other hand, the SONAR file did download successfully:

http://liveupdate.symantecliveupdate.com/sepm$20behavior$20and$20security$20heuristics$2012.1$20ru2_microdefsb.curdefs_symalllanguages_livetri.zip

However, upon inspecting this archive (in particular liveupdt.tri), it still references the outdated timestamp of 141210012 and, accordingly, LiveUpdate reports that 0 updates found.

Any suggestions?

It's possible Symantec may have pulled the January release as it is causing a lot of issues (http://www.symantec.com/business/support/index?page=content&id=TECH227811). We have 50 clients who were affected by this issue, symantec's solution was to roll back the sonar defs to the December version. So I guess they may have removed the bad update while they fix it.

Doesn't explain why the security response site still lists the January version as the most recent.

Graham

Thanks, Graham, for linking to that KB article.

Since your posting, the security response site now lists Feb 3 defs:
http://www.symantec.com/security_response/definitions.jsp?pid=sep12

I am happy to report that after running LiveUpdate, the SONAR defs were successfully downloaded and deployed.

Found this as well:

http://www.symantec.com/docs/TECH227716

Thanks for alerting me to the update to the KB, I have downloaded the new February definitions which will hopefully fix the issue.