Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Urgent problem regarding managed clients didn't get the latest definitions from the server

Created: 03 May 2011 • Updated: 03 Jan 2013 | 7 comments
This issue has been solved. See solution.

the issue with getting my managed clients to get the latest definitions from the server.

- SEPM set to use the default management server.
- Live update works both by runnning the LUA.exe on the server and from SEPM. Connects and downloads the latest defs
- In the Admin Tab I "Show LiveUpdate Downloads" and I see all the latest defs
- I can send commands to my clients and verify that it has actually been issued in my Monitors tab
- I have all the appropriate proxy information setup up.
- Running 11.0.4014.26

The only way I can update is having the client directly update from Symantec.
But all my other clients that get the update form the SEPM have been not updated for one week only.

What can I do to fix this

Comments 7 CommentsJump to latest comment

Hidayet ALTUN's picture

Hi mariam.farag,

Uninstall Liveupdate

Delete C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate Liveupdate folder

Reinstall LiveUpdate

Register Liveupdate to SEPM
Open the command prompt browse to: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\bin
Type lucatalog –cleanup and press enter
Then type lucatalog –update and press enter

Run Liveupdate from SEPM..

P_K_'s picture

Please paste a screen shot of the page "Show LiveUpdate Downloads"

as most of the time if AV and AVS defs are not updating and rest others components are updated. In tjhis case SEPM will show  updated, but the clients will not update

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

P_K_'s picture

If that's the case follow this https://www-secure.symantec.com/connect/articles/how-clear-corrupt-virus-definitions-sepm

Sometimes, it is noted that if there are corrupt virus definitions downloaded by SEPM, it is required to clean them up and download the virus definitions again.

Following are the steps for the same:

File system cleanup for 32-bit SESC Virus Definitions:

1. Stop SEPM server service.

2. Go to C:\program files\symantec\symantec endpoint protection manager\Inetpub\content\{C60DC234-65F9-4674-94AE-62158EFCA433}" folder and move all of the subfolders to another place, such as C:\Temp if you want a backup, otherwise delete the sub-folders.

Database cleanup for 32-bit SESC Virus Definitions:

3) Go to C:\Program Files\Common Files\Symantec Shared\SymcData\ and delete the following folders:
sesmipsdef32
sesmipsdef64
sesmvirdef32
sesmvirdef64

4)In the registry, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps.
Delete these keys
SymcData-sesmipsdef32
SymcData-sesmipsdef64
SymcData-sesmvirdef32
SymcData-sesmvirdef64

5). In the registry, navigate to and delete the following keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\SymcData-sesmipsdef32
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\SymcData-sesmipsdef64
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\SymcData-sesmvirdef32
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\SymcData-sesmvirdef64

6). Start the SEPM service back up.

7). Run Live update from within the Symantec Endpoint Protection Management console.

This will re-populate the database which in turn will update the moniker folders.

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

SOLUTION
sandra.g's picture

But Mariam says "In the Admin Tab I "Show LiveUpdate Downloads" and I see all the latest defs"--if this is the case I'm not sure removing or reinstalling the defs on the SEPM really applies to her situation.

Mariam, are clients actually acknowledging commands and show the green dot indicating good communication?

sandra

Symantec, Senior Information Developer
Enterprise Security, Mobility, and Management - Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best helps you!

P_K_'s picture

Sandra, The AV and AVS defs comes in the middle, so most of times i have seen people checking the firts few entries and not the other.

Also the names starts with Microdefs 32 and 64  so pople generally tend to miss that.

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

Go_Beavs's picture

If the SEPM shows up to date, but managed clients are not updating, checking client communication is the first place you need to check as Sandra mentioned.

Symantec Endpoint Protection: Troubleshooting Client/Server Connectivity

http://www.symantec.com/business/support/index?page=content&id=TECH105894

mariam.farag's picture

Dear Hidayetaltum:

do you tested your solution before as i have about 150 users and i don't want to make any changes without being sure that not harmful.

 

Dear Prachand:

Kindly find the attached screenshot.

 

Dear Sandra:

Kindly know that all the users can communicate to the server and can receive all commands tested with restart computer and it received after 1 min.

Dear Ben,

Kindly know that i have test all communication steps and it's successfull.

 

 

 

Live Update.JPG