Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Unable to update virus definitions on SEP Clients

Created: 09 Apr 2013 • Updated: 09 Apr 2013 | 4 comments
This issue has been solved. See solution.

Microsoft(R) Windows(R) Server 2003, Standard Edition X86-based PC
5.2.3790 Service Pack 2 Build 3790

SEP Client 12.1.1000.157

A couple servers failed to download virus definitions. All are running 12.1. I ran the liveUpdate from the Client GUI

I grabbed it from the SEP System Log

Does anybody know what this means?

4/9/2013 3:25:14 PM    Information    12070301    Connected to Symantec Endpoint Protection Manager (sepserver)    
4568    4/9/2013 3:39:51 PM    Information    1207030A    The Symantec Endpoint Protection already has the newest policy.    
4569    4/9/2013 3:39:58 PM    Information    12070306    Received a new policy with serial number 7C6D-04/09/2013 13:39:26 978 from Symantec Endpoint Protection Manager.    
4570    4/9/2013 3:39:58 PM    Information    12070307    Applied new policy with serial number 7C6D-04/09/2013 13:39:26 978 successfully.    
4571    4/9/2013 3:40:02 PM    Information    12070301    Connected to Symantec Endpoint Protection Manager (sepserver)    
4572    4/9/2013 3:40:29 PM    Warning    12070800    A LiveUpdate session encountered errors.  3 update(s) were available. 2 update(s) installed successfully. 1 update(s) failed to install.    
4573    4/9/2013 3:40:29 PM    Error    12070800    An update for Virus and Spyware Definitions Win32 from LiveUpdate failed to install. Error: Postsession callback failed (208)
    
4574    4/9/2013 3:40:29 PM    Information    12070800    An update for Revocation Data from LiveUpdate was successfully installed.  The new sequence number is 130409038.    
4575    4/9/2013 3:40:29 PM    Information    12070800    An update for Symantec Whitelist from LiveUpdate was successfully installed.  The new sequence number is 130409004.  

Operating Systems:

Comments 4 CommentsJump to latest comment

Mithun Sanghavi's picture

Hello, 

Could you check if the server is running the latest Virus and Spyware Definitions?

You could compare with the definitions available on : http://www.symantec.com/security_response/definitions.jsp

Secondly, please upload us the log.liveupdate from the Windows 2003 Server: 

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

josso's picture

Found the issue.

There was a problem with the disk space.

Thanks for your reply, Mithun Sanghavi

SOLUTION
The Conquistador's picture

Just to add to this, also make sure you do not have bunch of older definitions laying around. They can take up a lot of space.

Mithun Sanghavi's picture

Hello,

On a Kind Note: 

You are running an older version of SEP 12.1 RU1 which was released on Nov 2011.

Whereas Just today, there is a Latest version of SEP 12.1 RU2 MP1 is released.

I would recommend you to migrate to the version of SEP 12.1 RU2 and later to SEP 12.1 RU2 MP1

Best practices for upgrading to Symantec Endpoint Protection 12.1.2

http://www.symantec.com/business/support/index?page=content&id=TECH163700

Latest Symantec Endpoint Protection Released - SEP 12.1 RU2 MP1

https://www-secure.symantec.com/connect/blogs/latest-symantec-endpoint-protection-released-sep-121-ru2-mp1

Secondly, In reference to the SEP 12.1 RU1 and disk space, check these Articles:

Symantec Endpoint Protection (SEP) 12.1 client is maintaining multiple virus definitions versions on servers

http://www.symantec.com/business/support/index?page=content&id=TECH180056

Drive Space used by Virus Definitions Updates

http://www.symantec.com/docs/TECH141811

How to clear out definitions for a Symantec Endpoint Protection 12.1 client manually

http://www.symantec.com/docs/HOWTO59193

Disk Space Management procedures for the Symantec Endpoint Protection Manager

http://www.symantec.com/docs/TECH96214

Symantec Endpoint Protection Manager (SEPM) database transaction log (sem5.log) consumes excessive hard drive space in SEP SBE 12.1 RU1

http://www.symantec.com/docs/TECH178718

Symantec Endpoint Protection Manager 12.1 database using a high amount of Hard drive space

https://www-secure.symantec.com/connect/articles/symantec-endpoint-protection-manager-121-database-using-high-amount-hard-drive-space

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.