Hello,

can you please help out in troubleshooting a particular client machine with windows 7 and just re-installed Windows and deployed Symantec EndPoint Security from the server.

The problem is that this machine is not getting anti virus update definitions and even if I run Update Content on the machine from the server, the status says completed 100% however still virus definitions are not updating.

How can I troubleshoot client to server communication and what issues do normally cause this to happen.

Thanks

Check for Windows Firewall on the machine, if it is ON.

Also check the following article

Title: 'Symantec Endpoint Protection: LiveUpdate Troubleshooting Flowchart'
Web URL: http://www.symantec.com/docs/TECH95790

Does the SEP client yellow shield have a green dot on it? Green dot is an indication of communication being fine with the server. If it does not  have green dot, then the client is not communicating.

Is the sepm server itself updated?

the SEP client does not show a green dot on its icon on the taskbar.

I will check the link and troubleshoot from there

Windows Firewall is off

run the secars test

http://www.symantec.com/business/support/index?page=content&id=TECH102682&locale=en_US

check the windows firewall on your sepm server and windows 7 machine

replace the sylink file from another working green dot machine.

http://www.symantec.com/business/support/index?page=content&id=TECH102322&locale=en_US

Enable the Sylink.log file. Wait for about 20 minutes. Then upload the sylink.log  file. That would exactly tell us, why the client is not communicating.

How to enable Sylink Debugging for Symantec Endpoint Protection in the registry 

http://www.symantec.com/business/support/index?page=content&id=TECH104758&actp=search&viewlocale=en_US&searchid=1293724293862 

BTW, if you are using  IE 9 beta, please uninstall it.

I just found out that I have more than 70% of the pc's with Anti Virus Defintion Update Failures

what I cannot understand is that the clients which are updating have their anti virus definition date nearly all different from eachother even when I checked a couple of machines with same OS.

what could cause such a general anti-virus definition update issue

which of the above tools I should use for SEPM ver 11.0.6100 and does it work on server 2008 or it needs Windows XP/Vista/7

thanks

what I cannot understand is that the clients which are updating have their anti virus definition date nearly all different from eachother even when I checked a couple of machines with same OS.

There could be communication issue with the server or Definition may have corrupted.

which of the above tools I should use for SEPM ver 11.0.6100 and does it work on server 2008 or it needs Windows XP/Vista/7

You can enable the sylink logs, which can be used on all kinds of OS machine.

http://www.symantec.com/business/support/index?page=content&id=TECH104758&actp=search&viewlocale=en_US&searchid=1293724293862

As well as you can try copying the sylink replcaer on other machines and see if it gets update to rule out the communication issue.

Try clearing out definitions on this machine:

How to clear out corrupted definitions for a Symantec Endpoint Protection Client manually

http://www.symantec.com/business/support/index?page=content&id=TECH103176&locale=en_US

Hello,

can I just debug and see logs just by doing the below only.

SMC debugging can also be enabled and disabled from within the SEP Client by opening the SEP client, then going to: Help and Support -> Troubleshooting... -> Debug logs -> Client Management -> Edit Debug Log Settings.  Then check or uncheck Debug On.

Yes , that's what is need's to be done.

Hello,

I have just enabled logging by doing this only:

SMC debugging can also be enabled and disabled from within the SEP Client by opening the SEP client, then going to: Help and Support -> Troubleshooting... -> Debug logs -> Client Management -> Edit Debug Log Settings.  Then check or uncheck Debug On. 

the virus definitions last updated on the 15th of December

how do I troubleshoot the log and what do i have to search for to see where is the issue please ?

I have also run the secars test http://server:8014/secars?hello,secars and worked fine from the client

And also this:

http://server:8014/reporting/login/login.php

post the logs, contributors can help with the analysis..

Hi Aconti,

Some important questions: Is there more than one SEPM in your organization?  Do all of the out-of-date clients update from the same SEPM?  Are the definitions on that SEPM up to date / are any of its clients up to date?

You may also wish to open a case with Symantec Technical Support, rather than relying upon this voluntary peer-support forum.  Keeping AV definitions up-to-date is a serious concern, with the number of new threats that appear every day.  Tech Support can provide timely, expert analysis of the logs in question.

Thanks and best regards,

Mick

hello,

one SEPM and all clients connected to it

SEPM seems to be updated as some of the clients and even the one installed on the same SEPM server are up to date

is there any error I can check from the log that I enabled or some other way to troubleshoot

thanks again

check for the communication.

sylink log should be helpful along with the sep support tool.