Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

TruScan proactive threat scan whitelist will not update

Created: 16 May 2012 | 14 comments

We have a SEPM (11 RU6MP1) that had stopped updating all content a few days ago.  Running liveupdate from the SEPM console resulted in failure with 'return code = 4'.  I therefore attempted to run LUALL in interactive mode and received a failure (LU1835) stating the server did not respond in a timely fashion.  Eventually I discovered that if I deselect TruScan proactive threat scan whitelist WIN32 11.0 and TruScan proactive threat scan whitelist WIN64 11.0 then it would update all the other components. 

So now I'm stuck with how to update these two components.  Anyone got any ideas?

P.S. There is no Proxy server or firewall

Comments 14 CommentsJump to latest comment

adeyc's picture

Pete, I've attached log and will start working through the solutions on the link you posted

thanks

Adey

AttachmentSize
Log.LiveUpdate.txt 5.44 MB
pete_4u2002's picture

ok, if the article does not help.

browse to the path :\document and settings \All users\Application Data\Symantec\Liveupdate folder in setting.liveupdate file, uncheck "Read only" and then edit the following lines

preferences\internet_connect_timeout = (increase default time) to 600
preferences\internet_read_data_timeout = (increase default time) to 600

save the file and then make it "Read only". This should solve the problem

Mick2009's picture

SEPM (11 RU6MP1)

I really recommend upgrading to the latest available release.  RU6 MP1 is very old at this point.  There are hundreds and hundreds of fixes, enhancements and improvements that you can avail of by upgrading to RU7 MP2.

Release notes for Endpoint Protection and Network Access Control 11
Article: TECH103087   |  Created: 2007-01-12   |  Updated: 2012-04-26   | 
Article URL http://www.symantec.com/docs/TECH103087
 

Here's how to upgrade:

Migrating to Symantec Endpoint Protection 11.0.7200 (RU7 MP2)
Article: TECH187333   |  Created: 2012-04-25   |  Updated: 2012-04-25   | 
Article URL http://www.symantec.com/docs/TECH187333 
 

Hope this helps!!

With thanks and best regards,

Mick

adeyc's picture

A success of sorts. LiveUpdate now completes and does update AV defs etc but is still failing to update the 'whitelists'.

A manual interactive LU will returns the following:

Also attached is the latest liveupdate log if this helps

thanks,

Adey

adeyc's picture

We will more than likely upgrade to SEP 12.1 in the future and I read somewhere that there was no supported upgrade path from 11 RU7 to 12.1.  I would only want to upgrade as a last resort if I can't get this fixed as it isn't isolated to just one site.  I've since found out that colleagues around the city are also experiencing this problem on some of the SEPMs they look after, but it is my job to find a fix for them and asking them to upgrade on the hope that it will fix it, will not go down too well.

pete_4u2002's picture

suggest to open a support ticket, two content out of 7 failed. the error seen is "

17/05/2012, 12:52:48 GMT -> CSendHTTPRequest::SendRequest - Unhandled WinInet Error occurred: err=  12152; desc = The server returned an invalid or unrecognized response

17/05/2012, 12:52:48 GMT -> HttpSendRequest (status 500): Request failed - The LiveUpdate server encountered an error, which prevented it from completing the requested operation.

"

Mithun Sanghavi's picture

Hello,

Upon checking the Logs: we see the below error:

"C:\ProgramData\Symantec\LiveUpdate\Downloads"
17/05/2012, 05:48:00 GMT -> CSendHTTPRequest::SendRequest - Timed out while communicating with server.
17/05/2012, 05:48:00 GMT -> Progress Update: DOWNLOAD_FILE_FINISH: - NOTE - URL: "1337185395jtun_the_120516003.zip", Full Download Path: "C:\ProgramData\Symantec\LiveUpdate\Downloads\1337185395jtun_the_120516003.zip" HR: 0x802A0045
17/05/2012, 05:48:00 GMT -> HR 0x802A0045 DECODE: E_UNABLE_TO_REACH_SERVER
17/05/2012, 05:48:00 GMT -> Progress Update: DOWNLOAD_BATCH_FINISH: HR: 0x802A0045, Num Successful: 2
17/05/2012, 05:48:00 GMT -> HR 0x802A0045 DECODE: E_UNABLE_TO_REACH_SERVER
17/05/2012, 05:48:00 GMT -> EVENT - SESSION END FAILED EVENT - The LiveUpdate session ran in Silent Mode. LiveUpdate found 12 updates available, of which 0 were installed and 12 failed to install.  The LiveUpdate session exited with a return code of 1835, The LiveUpdate server failed to respond in a reasonable amount of time.
17/05/2012, 05:48:00 GMT -> LiveUpdate is about to execute a PostSession callback for product SESM Content Catalog.
17/05/2012, 05:48:02 GMT -> ProductRegCom/luProductReg(PID=5592/TID=2216): Destroyed luProductReg object.
17/05/2012, 05:48:02 GMT -> The callback proxy finished executing the callback with a result code of 0x0
 
 
Suggestions: 
 
Work on the same steps provided by pete above, the only thing is to change the 600 to 6000 instead.
 
I also agree with Mick's comment above.
 
Thumbs up to both.!!!
 

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

adeyc's picture

I increased the timeouts to 6000 secs as suggested by Mithun and this morning found the SEPM had updated all components.  So, thinking this was the fix, I informed my colleagues and advised them to change the timeouts as well.  However, they have reported back to me that all their SEPMs updated last night too, without any changes being made?!

So now I'm thinking it was probably a LiveUpdate server comms issue?

Anyhow, many thanks to you all for your input on this.  It's just a shame we can't diagnose what the actual problem was.

Kind regards

Adey

pete_4u2002's picture

it is not that you will face the issue all the time, if the times out then you will encounter,

Mithun Sanghavi's picture

Hello,

I agree with Pete. This is not a usual behaviour of Liveupdate Failing.

However, you could keep this issue under observation and check if the next few updates happen without any issue.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.