Symantec Endpoint Protection
Version 11.0.4202.75
Windows XP SP2
I have a running SEP 11 environment, some of our clients need laptops that never connect to the internal network. To make sure those laptops stay safe I have decided not to give them a pure standalone SEP client but install an exported unmanaged client from the SEP server that have some settings defined that disable stopping SEP services, uninstalling the product, etc. I have exported an unmanaged client based on one of the available groups in SEPM so it inherites it's policies but uses an internet update server.
After installing however the client refuses to update it's antivirus definitions, when running luall.exe it states that all products are up to date but I am pretty sure there are definitions beyond april 15th of 2009 ...
When looking at the log.liveupdate file I see some interesting information:
EVENT - SERVER SELECTION SUCCESSFUL EVENT - LiveUpdate connected to server liveupdate.symantecliveupdate.com at path via a HTTP connection. The server connection connected with a return code of 200, Successfully download TRI file
LiveUpdate is connected to a server with Mini-TRI file support. LiveUpdate will download and process the remaining Mini-TRI files.
Check for updates to: Product: Automatic LiveUpdate, Version: 3.3.0.85, Language: English. Mini-TRI file name: automatic$20liveupdate_3.3.0.85_english_livetri.zip
Check for updates to: Product: Symevent Installer, Version: 12.5, Language: SymAllLanguages. Mini-TRI file name: symevent$20installer_12.5_symalllanguages_livetri.zip
Check for updates to: Product: MS Light, Version: 5.0, Language: SymAllLanguages. Mini-TRI file name: ms$20light_5.0_symalllanguages_livetri.zip
Progress Update: TRIFILE_DOWNLOAD_END: Number of TRI files: "0"
Progress Update: TRIFILE_DOWNLOAD_START: Number of TRI files: 3 Downloading Mini-TRI files
Progress Update: DOWNLOAD_BATCH_START: Files to download: 1, Estimated total size: 0
Progress Update: DOWNLOAD_FILE_START: URL: "http://liveupdate.symantecliveupdate.com/automatic$20liveupdate_3.3.0.85_english_livetri.zip", Estimated Size: 0, Destination Folder: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads"
HttpSendRequest (status 404): Request failed - File does not exist on the server.
Progress Update: DOWNLOAD_FILE_FINISH: - NOTE - URL: "http://liveupdate.symantecliveupdate.com/automatic$20liveupdate_3.3.0.85_english_livetri.zip", Full Download Path: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\automatic$20liveupdate_3.3.0.85_english_livetri.zip" HR: 0x802A0026
HR 0x802A0026 DECODE: E_HTTP_NOT_FOUND
Progress Update: DOWNLOAD_BATCH_FINISH: HR: 0x0 , Num Successful: 0
Progress Update: DOWNLOAD_BATCH_START: Files to download: 1, Estimated total size: 0
Progress Update: DOWNLOAD_FILE_START: URL: "http://liveupdate.symantecliveupdate.com/symevent$20installer_12.5_symalllanguages_livetri.zip", Estimated Size: 0, Destination Folder: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads"
HttpSendRequest (status 404): Request failed - File does not exist on the server.
Progress Update: DOWNLOAD_FILE_FINISH: - NOTE - URL: "http://liveupdate.symantecliveupdate.com/symevent$20installer_12.5_symalllanguages_livetri.zip", Full Download Path: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\symevent$20installer_12.5_symalllanguages_livetri.zip" HR: 0x802A0026
HR 0x802A0026 DECODE: E_HTTP_NOT_FOUND
Progress Update: DOWNLOAD_BATCH_FINISH: HR: 0x0 , Num Successful: 0
Progress Update: DOWNLOAD_BATCH_START: Files to download: 1, Estimated total size: 0
Progress Update: DOWNLOAD_FILE_START: URL: "http://liveupdate.symantecliveupdate.com/ms$20light_5.0_symalllanguages_livetri.zip", Estimated Size: 0, Destination Folder: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads"
HttpSendRequest (status 404): Request failed - File does not exist on the server.
Progress Update: DOWNLOAD_FILE_FINISH: - NOTE - URL: "http://liveupdate.symantecliveupdate.com/ms$20light_5.0_symalllanguages_livetri.zip", Full Download Path: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ms$20light_5.0_symalllanguages_livetri.zip" HR: 0x802A0026
HR 0x802A0026 DECODE: E_HTTP_NOT_FOUND
Progress Update: DOWNLOAD_BATCH_FINISH: HR: 0x0 , Num Successful: 0
Progress Update: TRIFILE_DOWNLOAD_END: Number of TRI files: "0"
********* Finished Finding Available Updates *********
It seems that there are a whole bunch of files that are not available for download.
I have setup a packetanalyzer to make sure that the client does try to connect to a Symantec server on the internet to get get it's updates and that it does, the packetanalyzer also states that the client tries to download files that are not available and some files even return an access denied upon trying to download.
I have deleted the minitri.flg files but that just results in a new download of that file and the same results as in not updating any definitions,
there are no proxy servers anywhere on the route from the client to the update server,
liveupdate policies for the group which is the base for the exported unmanged client are setup to update all content to latest available definitions,
if I install a normal standalone client to the same machine it does update it's definitions so there is something missing or wrong in the exported package but I can't seem to find it
Does anybody have an idea what is going on here and if I am missing something ?
Why is liveupdate claiming that all products are up to date while they are not ?
Why is liveupdate trying to download files that are not present on the update server ?