Endpoint Protection

 View Only

  • 1.  Virus & Spyware definitions DL/prepare time

    Posted Aug 11, 2016 08:59 AM

    Hi everyone

    I'm curious if anyone else is seeing something like this. If you look at bottom LU log you can see that 32 bit Virus & Spyware definitions are taking quite a bit longer to DL/prepare compared to other sets. Haven't really paid any attention to it in the past but it recently caught my eye and I've been checking it ever since, it is always similar to this (plus/minus minute or two for 32 bit defs or few seconds for others), but it is taking something like 30 times longer for 32 bit definitions then for 64 bit.
    SEPM is 12.1 RU6 MP5, as well as the clients except the remaining few with Win XP which are 12.1 RU5.

    Is this normal?

    Defs Beginning End Duration
    Win32 13:28:15 14:15:26 00:47:11
    Win32-R 13:27:19 13:28:13 00:00:54
    Win64 13:25:34 13:27:14 00:01:40
    Win64-R 13:25:08 13:25:32 00:00:24


    11. august 2016. 14.15.35 CEST:  LUALL.EXE finished running.  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 14.15.35 CEST:  LiveUpdate succeeded.  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 14.15.35 CEST:  LiveUpdate will start next on Thursday, August 11, 2016 2:30:35 PM CEST on s-002.  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 14.15.35 CEST:  LUALL.EXE successfully updated the content. Return code = 0.  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 14.15.33 CEST:  Cleaned up 1 LiveUpdate downloaded content  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 14.15.33 CEST:  No updates found for SPC AntiVirus Client Mac 11.0 (English).  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 14.15.32 CEST:  No updates found for Symantec Endpoint Protection Win64 12.1 (English).  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 14.15.31 CEST:  No updates found for Symantec Endpoint Protection Win32 12.1 (English).  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 14.15.29 CEST:  No updates found for Centralized Reputation Settings 12.1 RU6.  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 14.15.29 CEST:  No updates found for SONAR scan engine Win32 11.0.  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 14.15.29 CEST:  No updates found for AP Portal List 12.1 RU5.  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 14.15.28 CEST:  No updates found for TruScan proactive threat scan commercial application list Win32 11.0.  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 14.15.28 CEST:  No updates found for SONAR scan whitelist Win64 11.0.  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 14.15.26 CEST:  Successfully downloaded the Virus and Spyware definitions Win32 12.1 RU6 security definitions from LiveUpdate. The security definitions are now available for deployment.  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 13.28.15 CEST:  Cleaned up 1 LiveUpdate downloaded content  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 13.28.13 CEST:  No updates found for Intrusion Prevention signatures Win64 11.0.  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 13.28.13 CEST:  No updates found for Client Intrusion Detection System signatures 12.1 RU6.  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 13.28.13 CEST:  Successfully downloaded the Virus and Spyware definitions Win32 12.1 RU6 (reduced)  security definitions from LiveUpdate. The security definitions are now available for deployment.  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 13.27.19 CEST:  Cleaned up 1 LiveUpdate downloaded content  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 13.27.16 CEST:  No updates found for Revocation Data 12.1 RU6 .  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 13.27.16 CEST:  No updates found for SONAR scan engine Win64 11.0.  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 13.27.16 CEST:  No updates found for Submission Control signatures 11.0.  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 13.27.16 CEST:  No updates found for Submission Control signatures 12.1 RU6.  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 13.27.15 CEST:  No updates found for SONAR scan data 11.0.  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 13.27.15 CEST:  No updates found for Symantec Whitelist 12.1 RU6 .  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 13.27.15 CEST:  No updates found for SONAR Heuristics engine 12.1 RU6.  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 13.27.15 CEST:  No updates found for SONAR scan whitelist Win32 11.0.  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 13.27.15 CEST:  No updates found for TruScan proactive threat scan commercial application list Win64 11.0.  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 13.27.15 CEST:  No updates found for AP Portal List 12.1 RU6.  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 13.27.15 CEST:  No updates found for SONAR scan commercial application engine 11.0.  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 13.27.15 CEST:  No updates found for Extended File Attributes and Signatures 12.1 RU6.  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 13.27.15 CEST:  No updates found for Power Eraser Definitions 12.1 RU6.  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 13.27.14 CEST:  Successfully downloaded the Virus and Spyware definitions Win64 12.1 RU6 security definitions from LiveUpdate. The security definitions are now available for deployment.  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 13.25.34 CEST:      Cleaned up 1 LiveUpdate downloaded content  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 13.25.32 CEST:  Successfully downloaded the Virus and Spyware definitions Win64 12.1 RU6 (reduced) security definitions from LiveUpdate. The security definitions are now available for deployment.  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 13.25.08 CEST:  No updates found for Windows Host Integrity content 12.1 RU2.  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 13.25.08 CEST:  No updates found for Symantec Endpoint Protection Manager Content Catalog 12.1 RU6.  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 13.25.08 CEST:  No updates found for Intrusion Prevention signatures Win32 11.0.  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 13.24.45 CEST:  LUALL.EXE has been launched.  [Site: *** - ***]  [Server: SEPM]
    11. august 2016. 13.24.45 CEST:  LiveUpdate started.  [Site: *** - ***]  [Server: SEPM]

    Cheers

     



  • 2.  RE: Virus & Spyware definitions DL/prepare time

    Posted Aug 11, 2016 09:03 AM

    Seems abnormally long. I would run the symdiag tool on the SEPM as a first step to see if it comes up with anything out of the ordinary:

    Download SymDiag to detect Symantec product issues



  • 3.  RE: Virus & Spyware definitions DL/prepare time

    Posted Aug 11, 2016 09:36 AM

    Hi Brian

    SymDiag results: all green except one warning (no SQL server), but that's ok because we are using embedded db.
    The only weird thing I've noticed is in the below screen. 

     

    SymDiag-SEPM.JPG