Video Screencast Help

What are my SEP Clients downloading from liveupdate.symantecliveupdate.com?

Created: 01 Feb 2013 • Updated: 05 Feb 2013 | 13 comments
This issue has been solved. See solution.

It was brought to my attention a short time back that several of our workstations are communicating directly with http://liveupdate.symantecliveupdate.com/  Per our LiveUpdate Policy configuration this should not occur. If a SEP client requires an update it will only attempt to connect to our GUP or the SEPMs. In reviewing our Web Filter logs I was able to identify what exactly they were requesting to download.  My problem now is what are these items that some of these machines are attempting to download?  Below is an example of one of the file paths I found. Note how ridiculously long the path is.  Does anyone know what its doing? 

 

http://liveupdate.symantecliveupdate.com/F200%5E$ab$88$d9$ff$b0$1fM$1e_F201%5E$ab$88$d9$ff$b0$1fM$1e_F202%5E$f43$60$d1$60$f2$f9$ad_F203%5E$9b$acv$83$d1$06$1b$f9$04$e7$95z$ea$af$d1$e1_F204%5E$9ey$e5TGM1t$a4$e0T$94$d48f$9b$90lx$89$b7$8b$a2$d81$e6$cd$b0$5bW$a7$0d4$fe$03K_$81$9f$9dL$12$f7o$8c$87%5E$01$22$ad$7dQ$b1$e8$b3f_F205%5Ea4kPqwZLZB+Wfbif9u2tcPWa/xYedoIUQAAAAA_F206%5E$10$9f$bb$00$14$93$c24

Comments 13 CommentsJump to latest comment

.Brian's picture

In you LU policy, did you uncheck "Use a LiveUpdate server"?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SMLatCST's picture

What version of SEP are you using?  This has been known to happen on some of the older versions (i.e. use LiveUpdate even when it's not mean to):

http://www.symantec.com/docs/TECH95946

SEP_FMI's picture

After reviewing the link provided I believe this is exactly what I'm experiencing.  It appears that since we're primarily running SEP 11 RU6 MP2 we're experiencing the bug associated with these previous versions.  It sounds like once we move to 12.1 RU2 this will be eliminated.

Thank you for your help.

SEP_FMI's picture

Brian -

"Use a LiveUpdate Server" is unchecked.  The only fields checked are GUP and Use Default Management Server.  And within the GUP settings only Use a Single GUP Provider is checked.

Aashish -

According to the SEPM and the SEP Client the machines in question do have the most up to date Policy applied to them.  So they should not be making any attempts to LiveUpdate Servers.

SMLatCST -

We're currently running 12.1 RU2 on all SEPMs and GUPs.  The machines currently exhibiting this issue are running primarily 11 RU6 MP2

SMLatCST's picture

It is down to the way the clients process the policy, so upgrading the client should (hopefully) do the trick!  The version of the SEPM or GUP would have no bearing on how the v11 client chooses to (mis)behave

SebastianZ's picture

Have you tried recreating the LU Policy for this client - looks like if it was corrupted somehow, or clients were not able to properly process it.

cus000's picture

Roughly how many clients affected?

 

Your settings sounds good.... might be bug/issue with LU policy at client end...

Sumit G's picture

Hi,

 

Kindly check the below step

http://www.symantec.com/business/support/index?pag...

 

Maximum time that clients try to download updates from a Group Update Provider before trying the default management server This option lets clients bypass a Group Update Provider if they try and fail to connect to the Group Update Provider. You can specify a length of time after which clients can bypass the Group Update Provider. When clients bypass the Group Update Provider, they get content updates from the default server.

Select one of the following options:

  • Check Never if clients only get updates from the Group Update Provider and never from the server. For example, you might use this option if you do not want client traffic to run over a wide area connection to the server.
  • Check After to specify the time after which clients must bypass the Group Update Provider. Specify the time in minutes, hours, or days. 

 

 

Regards

Sumit G.

zafar1907's picture

Hi,

you might be used RU1 before RU2.Is that the problem was with RU1 also?
Because if you gone through all the above comments I dont think is there any setting issue with your case.
Try to recreate the package and reinstall.
otherwise it could be a bug.

Thanks,
Zafar

Thanks and Regards,

Mohammad zafar

Please Mark as solution if this comment solved your Issue....

Mick2009's picture

Hi there,

Below is an example of one of the file paths I found. Note how ridiculously long the path is.  Does anyone know what its doing?

http://liveupdate.symantecliveupdate.com/F200%5E$ab$88$d9$ff$b0$1fM$1e_F201%5E$ab$88$d9$ff$b0$1fM$1e_F202%5E$f43$60$d1$60$f2$f9$ad_F203%5E$9b$acv$83$d1$06$1b$f9$04$e7$95z$ea$af$d1$e1_F204%5E$9ey$e5TGM1t$a4$e0T$94$d48f$9b$90lx$89$b7$8b$a2$d81$e6$cd$b0$5bW$a7$0d4$fe$03K_$81$9f$9dL$12$f7o$8c$87%5E$01$22$ad$7dQ$b1$e8$b3f_F205%5Ea4kPqwZLZB+Wfbif9u2tcPWa/xYedoIUQAAAAA_F206%5E$10$9f$bb$00$14$93$c24
 

That is anonymous telemetry data rather than a request for a file.  These can safely be ignored. This article has some more information:

LiveUpdate Administrator 2.x Distribution Center logs contain "400 - URL" or "404 0 3" Entries
http://www.symantec.com/docs/TECH171531 
 

 

With thanks and best regards,

Mick

SOLUTION