Hi we have an installation of SEP 12.1.5 which recently clients have stopped updating Virus and Spyware Protection, however Network Threat Protection and Proactive Threat Protecion both update fine.

The weird thing is this is happening across 2 seperate sites on different networks. We have 2 LUA's that download updates and 2 SEPM's which take the updates and the clients update themselves from the SEPM's. The last time the virus defs were updated was the 17th November.  

Nothing has chagned in terms of the SEPM/SEP setup.  The clients are still communicating with the SEPM's and are in their correct groups and all policies are as they should be.

I've even tried manually applying the virus defs update via http://www.symantec.com/security_response/definitions/download/detail.jsp?gid=sep using the latest .jdb file and placing it in the SEPM's incomming folder.  This gets processed successfully and disappears and even updates the dashboard homepage to say the Lastest on Manager: todays date.... yet the SEP Clients still wont update.

Any ideas as to how to resolve or other troubleshooting steps to take?

Thanks

Is this happening on all clients? Run the symhelp tool on one affected client.

Troubleshooting computer issues with the Symantec Help support tool

http://www.symantec.com/docs/HOWTO80839

It will also determine if any other issues exist.

You can also enable sylink debugging on the same client to see if it shows any problems with communication, etc.

Enable sylink debugging for Endpoint Protection clients

If you manually run LiveUpdate on the machine, does it update?

Hi Brian, unfortunately it's a restricted environment so clients dont have internet access and cant run liveupdate.  they get their updates from the SEPM's  It's only the LUA that can connect to the internet to download the latest defs.  

I'll run the symhelp tool on one of the clients and see if it shows anything.

No changes to LUA? Is it getting updates?

Yeah the LUA is getting updates and distribution job is running successfully after the updates have been downloaded.  The only thing i find weird is that the SEPM dashboard isn't showing the clients as being out of date even though the virus defs haven't been updated since 17th November.  

Could this be becuase Threat Protection is updating?  Yet if you log onto a client machine it throws up the out of date pop up and the yellow dot on the SEP shield in the system tray....weird!

Does SEPM console update Latest defination ?

Try below article

Corrupt definitions prevent Endpoint Protection clients from receiving updates

John, 

Sylink.log will give more info as why clients are not downloading from SEPM, Please enable and post it here

Clearing out the SEPM's defs seems to have resolved my issue, cheers for the suggestion