Endpoint Protection

Hi

I am using Symantec Endpoint Protection Manager 11. I am facing 2 problem. First clients are connecting to internal update server but not getting updates. I can see in log the connection but then immediately disconnect.

When I try to update a client manually. It successfully updates but still client windows does not show lastest definiation and still saying definations are out of date.

Any ideas would be realy  helpful.

I have attached snapshot as well. Have a look

Cheers

iffarrukh

run the SST log to identify if the definitions are corrupted.

Hello,

How many SEP client machines are you facing this issue on?

What version of Liveupdate Administrator are you running on the machine?

Are you using LUA version 2.2.2.9??

As per the screenshot it is clear that the clients are not taking the complete download from LUA.

If incase, you are using LUA version 2.2.2.9, please Uninstall the same and Install LUA 2.3

You may have to contact Symantec Technical Support to get the LUA 2.3

I would also recommend you to check this Article:

Hi iffarrukh,

If the problem is with the single computer

First go ahead with this document to clear out the corrupted definitions.

How to clear out corrupted definitions for a Symantec Endpoint Protection Client manually
http://www.symantec.com/docs/TECH103176

Then go ahead and run liveudpate in interactive mode (Below is the article to perform that), if you get any error messages on interactive mode go ahead and perform the troubleshooting which is mentioned in the below article

https://www-secure.symantec.com/connect/articles/liveupdate-errors

This will fix the problem, because this might happen due to the corrupted definitions 

Hi Guys

Thanks all for your support.

For upgradation I have submiited a change request. I will see if it resolves the issue when uprdage is done.

About deleting corrupted defination I cannot delete a defination folder . there are two files inside it named tcscan7.dat and virscan7.dat. Its write protected. I tried everything.. Shutdown all process of Symantec but still cannot delete it. Unfortunately I cannot restart server in safe mode etc. Any ideas?? Also if there are corrupted defination of many client, is there any way I can delete all defination from Manager or I will have to log on on each client :(

Regards

iffarrukh

Have you tried to restart the services for the AV?

you can run this in the CMD :

SMC -stop

then 

SMC -Start

Hello,

Your comment: 

Mithun Sanghavi Forget to mention few thing asked..

More than 100 clients have old definations. I am not sure if its corrupted defination issue or Live update manager  issues. But many are able to fetch updates but as shown in first post snapshot. Do not see any new folder in VirusDef for new updates as well mentioned before client still showing old updates.

I am using version 2.2.2.9 and 2.1.3 as well.

Regards

iffarrukh

Answer:

I would say, Upgrade the LUA 2.2.2.9 and 2.1.3 to LUA 2.3

There are Lot of Upgrade and there are lot of defects solved.

New features and enhancements in LUA 2.3:

• Rapid configuration export and restore.
• LUA’s download tasks can now automatically resume and retry file downloads.
• Event driven email notification (with SMTP authentication support) to notify user(s) in case of download/distribution failures.
• Ability to auto-start a distribution task after a specified download task.
• Automatic LUA database maintenance, to ensure reliable and responsive operations.
• Partially completed download and distribution tasks now show an accurate percentage of completion via the activity monitor.
• Fast access to Symantec’s LUA best practice recommendations provided via the install wizard and program menu.
• Optimized load times for the LUA console home page and event log (from several minutes to few seconds)

Related publicly accessible resources:

Release notes                 http://www.symantec.com/docs/TECH155523

What’s New video            http://www.symantec.com/connect/videos/lua-23-whats-new

Hope that helps!!!