Protection Engine for Network Attached Storage

 View Only

  • 1.  Symantec Protection Engine 7.5.1 not getting virus definition updates

    Posted Mar 22, 2016 12:02 PM

    We are using Symantec Protection Engine 7.5.1.5 version installed on a Windows 2012 Server to scan the files on the Isilon NAS appliance connects over the ICAP protocol. The Virus definitions on the servers at sites B,C,D are not getting updated automatically but servers at siteA gets it automatically. I'm not sure why the servers located at sites B,C,D are not getting updates, it could be a firewall blocking them. So my questions is below.

     

    1. Does the Symantec Protection Engine downloads definitions by contacting Symantec servers over the internet ?

    2. How do I findout what device in out ineternal network is blocking the virus definitions download, can I review some symantec logs and find this information.

    3. For time being can I download the update manually and apply them? Looks like the link below is a godo starting point ?

    http://www.symantec.com/connect/articles/knowledgebase-articles-symantec-protection-engine-spe

    4. If I want to collect some packet capture, how do I manually initiate a definitions update from the sever.

     

    I can access symantec gui by using https://localhost:8004 web address from the windows server.

    Many thanks in advance.

     



  • 2.  RE: Symantec Protection Engine 7.5.1 not getting virus definition updates

    Posted Mar 30, 2016 11:51 PM

    Hello,

     

    1. Symantec Protection Engine needs connection to http://liveupdate.symantec.com:80 to download virus definitions.

    2. Log can be found under C:\Program Files (x86)\Symantec\Scan Engine\Definitions\AntiVirus\Logs.

    3. Intelligent Updater can be downloaded manually to update virus definitions.

    4. Under System -> LiveUpdate Content, you can trigger Liveupdate manually.



  • 3.  RE: Symantec Protection Engine 7.5.1 not getting virus definition updates

    Posted Mar 31, 2016 11:59 AM

    Thank you techeng.14

    I have 4 sites where the Symantec protection engine virus definitions updates are not happening. Here is the logs from one of the site, it bypasses the proxy to connect to liveupdate.symantec.com at port 80, but it not connecting to symantec site and shows the message "Result Message: FAIL - failed to select server". So either the symantec is not accepting the connection or something in the network is blocking them. How do I verify the connection to liveupdate.symantec.com at port 80 manually from the windows servers ? can I install a telnet package and do a "telnet liveupdate.symantec.com 80" ? Is there any other options to check the connectivity ?

     

    On the remaining 3 site, the liveupdate.xml file has a proxy listed, I tried to edit the xml file in Notepad and removed the entries and stopped the Symantec Protection engine service and try to restart it - it wont start with edited xml file. If I put back the original xml file with the proxy name listed it works. so how do I edit the xml file on the hosts and get the services also to start ?

     

    09:40:24.794396 ********************************************************************************
    09:40:24.794396 Symantec LiveUpdate Cross-Platform Engine (LUX) 1.3.1.6
    09:40:24.794396 Symantec LiveUpdate Customer Logger 1.3.1.6
    09:40:24.794396 Session started at Thu 2016/03/31 09:40:24 (UTC Central Daylight Time)
    09:40:24.794396 
    09:40:24.794396 OS: Windows
    09:40:24.794396 Version: 6.2.9200 
    09:40:24.794396 Architecture: x64
    09:40:24.794396 
    09:40:24.794396 Product ID: {614825F9-4CB7-11E1-AF2B-005056A90447}
    09:40:24.794396 ********************************************************************************
    09:40:24.794396 [Session Parameters - BEGIN]
    09:40:24.794396     Working Path: D:\Program Files (x86)\Symantec\Scan Engine\definitions\AntiVirus
    09:40:24.794396     Product ID: {614825F9-4CB7-11E1-AF2B-005056A90447}
    09:40:24.794396     Monikers: 
    09:40:24.794396         {BAE8FC84-53DC-11E1-8A6B-005056A9534A}
    09:40:24.794396     HST Path: Not Set
    09:40:24.794396     Ignore HST Errors: Not Set
    09:40:24.794396     Custom Download Path: Not Set
    09:40:24.794396     Check For Updates Only: Not Set
    09:40:24.794396     Servers:
    09:40:24.794396         Server 0:
    09:40:24.794396             Protocol: HTTP
    09:40:24.794396             Hostname: liveupdate.symantec.com
    09:40:24.794396             Port: 80
    09:40:24.794396             Path: 
    09:40:24.794396     Proxies:
    09:40:24.794396         Empty
    09:40:24.794396     Progress Callback: 
    09:40:24.794396         Yes
    09:40:24.794396 [Session Parameters - END]
    09:40:24.794396 [Component List - START]
    09:40:24.794396     {BAE8FC84-53DC-11E1-8A6B-005056A9534A} : SPE 7.5 AV Definitions for x86-windows : SPE 7.5 AV Definitions for x86-windows_MicroDefsB.CurDefs_SymAllLanguages
    09:40:24.794396 [Component List - END]
    09:40:24.794396 [Session Initialization - START]
    09:40:24.794396     Result code: 0x00010000
    09:40:24.794396     Component Status Changes:
    09:40:24.794396         None
    09:40:24.794396 [Session Initialization - END]
    09:40:24.794396 [Inventory Synchronization - BEGIN]
    09:40:28.694409     Result Code: 0x00010000
    09:40:28.694409     Result Message: OK
    09:40:28.694409     Component Status Changes:
    09:40:28.694409         None
    09:40:28.694409 [Inventory Synchronization - END]
    09:40:28.694409 [Server Selection - START]
    09:41:11.454495     Result Code: 0x80010830
    09:41:11.454495     Result Message: FAIL - failed to select server
    09:41:11.454495     [Server - START]
    09:41:11.454495         Host ID: {CCC8801C-AD14-4364-AA61-7F79502BD8FE}
    09:41:11.454495         Status Code: 1
    09:41:11.454495         Status Message: Server was not selected
    09:41:11.454495         Transport Return Code: 0x80010737
    09:41:11.454495         Transport Return Message: FAIL - failed to connect to server or proxy
    09:41:11.454495         Protocol: HTTP
    09:41:11.454495         Hostname: liveupdate.symantec.com
    09:41:11.454495         Port: 80
    09:41:11.454495         Path: 
    09:41:11.454495         Proxy ID: {00000000-0000-0000-0000-000000000000}
    09:41:11.454495         Proxy Bypass: true
    09:41:11.454495     [Server - END]
    09:41:11.454495     Used proxy list was empty
    09:41:11.454495 [Server Selection - END]
    09:41:11.454495 [Finalize Session - START]
    09:41:11.454495     Result Code: 0x00010000
    09:41:11.454495     Result Message: OK
    09:41:11.454495     Component Status Changes:
    09:41:11.454495         None
    09:41:11.454495 [Finalize Session - END]
    09:41:11.454495 [Session Results - START]
    09:41:11.454495     Session Result Code: 0x80010830
    09:41:11.454495     Session Result Message: FAIL - failed to select server
    09:41:11.454495     [Component Result - START]
    09:41:11.454495         Component ID: {BAE8FC84-53DC-11E1-8A6B-005056A9534A}
    09:41:11.454495         Display Name: SPE 7.5 AV Definitions for x86-windows
    09:41:11.454495         PVL: SPE 7.5 AV Definitions for x86-windows_MicroDefsB.CurDefs_SymAllLanguages
    09:41:11.454495         Result Code: 0x00010000
    09:41:11.454495         Result Message: OK
    09:41:11.454495     [Component Result - END]
    09:41:11.454495 [Session Results - END]
    09:41:11.454495 [Session Summary - START]
    09:41:11.454495     Components: 1
    09:41:11.454495     Packages:   0
    09:41:11.454495     Success:    0
    09:41:11.454495     Fail:       0
    09:41:11.454495 [Session Summary - END]
    09:41:11.454495 ********************************************************************************
    09:41:11.454495 Session ended at Thu 2016/03/31 09:41:11 (UTC Central Daylight Time)
    09:41:11.454495 ********************************************************************************

     



  • 4.  RE: Symantec Protection Engine 7.5.1 not getting virus definition updates

    Posted Mar 31, 2016 06:12 PM

    Yes, you can either use telnet to http://liveupdate.symantec.com on port 80 or even check your firewall logs to see if there is any issues.

    Recently we do not have reports about connection issue to our liveupdate servers.



  • 5.  RE: Symantec Protection Engine 7.5.1 not getting virus definition updates

    Posted Mar 31, 2016 06:50 PM

    For proxy setup, please see this document: https://support.symantec.com/en_US/article.TECH217986.html.

     



  • 6.  RE: Symantec Protection Engine 7.5.1 not getting virus definition updates

    Posted Apr 13, 2016 01:39 PM

    I have installed telnet client service on the Win2k12 server, did a "> telnet liveupdate.symantec.com 80" and the port was not open.

    I have submitted a firewall request to open the communication channel from source to target.

    Target Name/ IP address:
    Hostname: liveupdate.symantec.com (198.70.249.170/198.70.249.155)
    Protocol: HTTP
    Port: 80

    It looks like we should not edit the liveupdate.xml file in notepad.exe because the restart of the SPE services will fail. So I had to use the below two commands to remove the proxy name and proxy port value from the liveupdate.xml file and then went to the services.msc and restart the SPE and it worked fine.

    Cd C:\Program Files (x86)\Symantec\Scan Engine>

    XMLModifier.exe -r /liveupdate/updateserver/proxyname/@value liveupdate.xml

    XMLModifier.exe -s /liveupdate/updateserver/proxyport/@value 0 liveupdate.xml

    Still awaiting the firewall team to implement the Changes for this liveupdate to work.