Endpoint Protection

 View Only

  • 1.  Urgent problem regarding managed clients didn't get the latest definitions from the server

    Posted May 03, 2011 08:04 AM

    the issue with getting my managed clients to get the latest definitions from the server.

    - SEPM set to use the default management server.
    - Live update works both by runnning the LUA.exe on the server and from SEPM. Connects and downloads the latest defs
    - In the Admin Tab I "Show LiveUpdate Downloads" and I see all the latest defs
    - I can send commands to my clients and verify that it has actually been issued in my Monitors tab
    - I have all the appropriate proxy information setup up.
    - Running 11.0.4014.26

    The only way I can update is having the client directly update from Symantec.
    But all my other clients that get the update form the SEPM have been not updated for one week only.

    What can I do to fix this



  • 2.  RE: Urgent problem regarding managed clients didn't get the latest definitions from the server

    Posted May 03, 2011 09:16 AM

    Hi mariam.farag,

    Uninstall Liveupdate

    Delete C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate Liveupdate folder

    Reinstall LiveUpdate

    Register Liveupdate to SEPM
    Open the command prompt browse to: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\bin
    Type lucatalog –cleanup and press enter
    Then type lucatalog –update and press enter

    Run Liveupdate from SEPM..



  • 3.  RE: Urgent problem regarding managed clients didn't get the latest definitions from the server

    Posted May 03, 2011 09:39 AM

    Please paste a screen shot of the page "Show LiveUpdate Downloads"

    as most of the time if AV and AVS defs are not updating and rest others components are updated. In tjhis case SEPM will show  updated, but the clients will not update



  • 4.  RE: Urgent problem regarding managed clients didn't get the latest definitions from the server
    Best Answer

    Posted May 03, 2011 09:41 AM

    If that's the case follow this https://www-secure.symantec.com/connect/articles/how-clear-corrupt-virus-definitions-sepm

    Sometimes, it is noted that if there are corrupt virus definitions downloaded by SEPM, it is required to clean them up and download the virus definitions again.

    Following are the steps for the same:

    File system cleanup for 32-bit SESC Virus Definitions:

    1. Stop SEPM server service.

    2. Go to C:\program files\symantec\symantec endpoint protection manager\Inetpub\content\{C60DC234-65F9-4674-94AE-62158EFCA433}" folder and move all of the subfolders to another place, such as C:\Temp if you want a backup, otherwise delete the sub-folders.

    Database cleanup for 32-bit SESC Virus Definitions:

    3) Go to C:\Program Files\Common Files\Symantec Shared\SymcData\ and delete the following folders:
    sesmipsdef32
    sesmipsdef64
    sesmvirdef32
    sesmvirdef64

    4)In the registry, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps.
    Delete these keys
    SymcData-sesmipsdef32
    SymcData-sesmipsdef64
    SymcData-sesmvirdef32
    SymcData-sesmvirdef64

    5). In the registry, navigate to and delete the following keys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\SymcData-sesmipsdef32
    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\SymcData-sesmipsdef64
    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\SymcData-sesmvirdef32
    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\SymcData-sesmvirdef64

    6). Start the SEPM service back up.

    7). Run Live update from within the Symantec Endpoint Protection Management console.

    This will re-populate the database which in turn will update the moniker folders.



  • 5.  RE: Urgent problem regarding managed clients didn't get the latest definitions from the server

    Posted May 03, 2011 10:59 AM

    But Mariam says "In the Admin Tab I "Show LiveUpdate Downloads" and I see all the latest defs"--if this is the case I'm not sure removing or reinstalling the defs on the SEPM really applies to her situation.

    Mariam, are clients actually acknowledging commands and show the green dot indicating good communication?

    sandra



  • 6.  RE: Urgent problem regarding managed clients didn't get the latest definitions from the server

    Posted May 03, 2011 11:08 AM

    Sandra, The AV and AVS defs comes in the middle, so most of times i have seen people checking the firts few entries and not the other.

    Also the names starts with Microdefs 32 and 64  so pople generally tend to miss that.



  • 7.  RE: Urgent problem regarding managed clients didn't get the latest definitions from the server

    Broadcom Employee
    Posted May 03, 2011 12:39 PM

    If the SEPM shows up to date, but managed clients are not updating, checking client communication is the first place you need to check as Sandra mentioned.

    Symantec Endpoint Protection: Troubleshooting Client/Server Connectivity

    http://www.symantec.com/business/support/index?page=content&id=TECH105894



  • 8.  RE: Urgent problem regarding managed clients didn't get the latest definitions from the server

    Posted May 04, 2011 04:32 AM
      |   view attached

    Dear Hidayetaltum:

    do you tested your solution before as i have about 150 users and i don't want to make any changes without being sure that not harmful.

     

    Dear Prachand:

    Kindly find the attached screenshot.

     

    Dear Sandra:

    Kindly know that all the users can communicate to the server and can receive all commands tested with restart computer and it received after 1 min.

    Dear Ben,

    Kindly know that i have test all communication steps and it's successfull.