LiveUpdate
Goh Pog Siew
|
March 19th, 2010
ok,newbie here.i have a problem with my SEP(v11.0) My computer broke down in febuary and only got it working in march. when i switch on my SEP,my antivirus and antispyware definations were out of date...
After clicking on liveupdate,it takes a long time,then an error message regarding that i have multiple live updates running pops out.
If i press fix,then the SEP will lag for a while then there is this: switch to-retry message.When i press switch to,my start menu pops up but does nothing.
when i press switch to again,same thing happens...
help please!
5 comments
Albert Widjaja
|
March 19th, 2010
Hi All,
I've just finished installing SEP 11 MR5 Client manually in all of my laptop in new site, can I assume that those clients is automatically updating to Liveupdate website through the internet without SEP Manager ?
and last thing is that how can I convert those unmanaged SEP client into the managed one ? Shall I just manually create GPO login script to copy sylink.xml into the respective directory ?
Thanks
Agents, Security, 11.x, Best Practice, IT Risk Management, LiveUpdate, Installing, Endpoint Protection (AntiVirus)
2 comments
MLSDC
|
March 19th, 2010
Hi,
Don't know if anybody can answer this question here, but i'm having some trouble configuring SEPM. We have a company that exists of one HQ and 5 other sites connected through dedicated lines.
Now i would like to configure SEP in a way that we have 1 SEPM (in the HQ) that downloads virus defs from symantec and distributes them to it's clients and the other SEPM's in the 5 sites. In their turn the other SEPM's will distribute their virus defs to their clients.
I've included a small visio drawing to clarify my point.
The question is: how do i configure SEPM for this setup?
- do i create a seperate site in SEPM for each geographical site ?
- do i need to install a liveupdate server in the HQ for the other SEPM's to download their defs from?
- ...
I hope you understand my question... :)
thanks in advance.
13 comments
jsun7383
|
March 18th, 2010
My environment:
1 - liveupdate administrator server
10 - SEPM installations
500 - SEP clients, some that also have pcanywhere, backupexec, or ghost server installed
updates are downloaded to liveupdate server > SEPM downloads updates from liveupdate server > clients download updates from SEPM.
So far AV definition and product updates are working on all my client PCs...but when I run a liveupdate from pcanywhere or ghost from one of these machines, they all look to SEPM who who won't support these products. What should I do?
Best Practice, LiveUpdate, Endpoint Management and Virtualization, Configuring, Downloads, Windows, Patch, Troubleshooting, Upgrade, Ghost Solution Suite
0 comments
jsun7383
|
March 18th, 2010
My environment:
1 - liveupdate administrator server
10 - SEPM installations
500 - SEP clients, some that also have pcanywhere, backupexec, or ghost server installed
updates are downloaded to liveupdate server > SEPM downloads updates from liveupdate server > clients download updates from SEPM.
So far AV definition and product updates are working on all my client PCs...but when I run a liveupdate from pcanywhere or ghost from one of these machines, they all look to SEPM who who won't support these products. What should I do?
LiveUpdate, Endpoint Management and Virtualization, Configuring, Downloads, Windows, Patch, Troubleshooting, Upgrade, pcAnywhere
0 comments
jsun7383
|
March 18th, 2010
My environment:
1 - liveupdate administrator server
10 - SEPM installations
500 - SEP clients, some that also have pcanywhere, backupexec, or ghost server installed
updates are downloaded to liveupdate server > SEPM downloads updates from liveupdate server > clients download updates from SEPM.
So far AV definition and product updates are working on all my client PCs...but when I run a liveupdate from pcanywhere or ghost from one of these machines, they all look to SEPM who who won't support these products. What should I do?
Security, LiveUpdate, Downloads, Installing, Windows, Patch, Endpoint Protection (AntiVirus), Troubleshooting, Upgrade
3 comments
anthonymel
|
March 17th, 2010
Did the folks at Symantec take the day off in honor of St. Patricks day? It's 5pm EST and I still see we are at yesterdays virus definitions. What's up?
6 comments
hmlones
|
March 17th, 2010
I installed SEP ru5 on a network that has no internet connectivity. I cannot connect that network to a machine that can talk to the internet. so i will need to manually load files to a disk and transfer it to that network. i do have SEP installed on a network with internet. my problem is i have both 32bit and 64bit clients. when i go download the .jdb file and place it in the appropriate folder it only updates the 32 bit clients. how can i update the 64bit clients with no internet connectivity?
Security, 11.x, LiveUpdate, Configuring, Downloads, Windows, Endpoint Protection (AntiVirus), Troubleshooting
13 comments
leonstr
|
March 17th, 2010
Hi,
I've got SEP 11.0 (11.0.1000.1375) installed on a set of servers controlled by SEPM installed on one of the servers.
I've upgraded SEPM on this server to RU5 (11.0.5002.333) and the SEP client is also RU5 on this server.
I'm now trying to upgrade SEP on the remaining servers following the instructions in 'Migrating to Symantec Endpoint Protection 11.0 RU5' (http://service1.symantec.com/SUPPORT/ent-security....).
However, I can't get this to work.
I've added the RU5 package to the Install Packages for one group only which only contains one server (so I can minimize the impact during testing) but nothing happens.
Can anyone suggest what I've missed here? Are there any logs on the client or server which might indicate what is preventing the rollout?
Thanks in advance,
Leon...
8 comments
Albert Widjaja
|
March 16th, 2010
Hi All,
I'm having problem in installing the SEP 11 MR5 64 bit client package on my 64 bit workstation, from my SEP Mgr. console it was successfully "pushed" and i can see the green dot pf "SUCCESSFULL" deployment status, however in the client desktop, i cannot see any SEP on the tray icon.
but instead the installation left one directory C:\TEMP\Clt-Inst in all of my 64 bit workstation, for all of the 32 bit workstations (XP, Vista and 7) everything is working fine.
no firewall is enabled at the moment in all of my workstation, so can anyone help me here please ?
Thanks.
7 comments
erikace
|
March 16th, 2010
Hi
I am currently running SEPM v11.0.5002.333 with LUA 2.2.2.9. I have one Management Server at my head office with Live Update Administrator downloading updates from the Symantec website. I have several branch offices connected via ADSL WAN link with single servers at those sites each running Live Update Administrator, downloading updates from the head office server. Updates are scheduled to download and distribute overnight and it is working well updating clients. My branch servers and clients Communications Settings are set to Pull info from the Management Server every three hours.
I have been monitoring network activity on my branch offices, and tomcat5.exe (which I beleive is Live Update Administrator) uploads data to my head office throughout the day in blocks of 2-40MB at a time. Since I have my LUA Download and Distribute jobs set to run overnight (and they are donig so successfully), I was wondering why LUA is talking back to my Management Server.
Any feedback would be...
Security, 11.x, Best Practice, State & Local Government, LiveUpdate, Monitoring, Performance, Endpoint Protection (AntiVirus)
2 comments
xnih
|
March 16th, 2010
This is not an issue with constant high CPU usage, lets get that clear now. We are seeing disk and CPU spikes on a regular cycle that can be tracked back to the Symantec Service.
In our VM environment this is easy to see on both CPU and Disk due to ability to look at current stats for the past hour/day/month on a VM.
SAV 10 clients: (10.1.6.6000, 10.1.7.7000 and 10.1.8.8000, on 2003 and XP clients)
Every 3 mins and 20 seconds you'll see a CPU and disk spike. Disk usage will be 4-8 KB/s and then jump to between 3-12 MB/s usage for about 20-40 seconds. Upon investigating with filemon we see that SAV is going out and rereading in its definition files again.
SEPM 11 clients (latest for sure, know we saw it in earlier clients also, 2008, 2003, xp, etc)
Similiar to SAV 10, except every 5 mins and 40 seconds on the machine I was just looking at.
Simple fix is to go in and restart the Symantec service, if it is a SAV 10 box, this fixes it until the...
11 comments
nia
|
March 16th, 2010
Hi all,
We have an installation with 2x scanners and one control center.
We have upgraded first the 2x scanners to 9.0-20 without any issues.
When we tried to update the control center, we have the following error:
Error During Software Update: An error has occurred during software update. Err Inappropriate ioctl for device.
Any ideas?
Scanners seem to connect without any issues but we do not have mail traffic!!!
Thanks in advance,
Nikos
9 comments
Micah H
|
March 16th, 2010
I noted that within the LiveUpdate policy that you can specifiy both internal server as the liveupdate source but can also specify Symantec LiveUpdate server as the update source simultaneously. With both selected, I would figure that each client would try to use the internal server before going out to the internet however that's not the case.
So the question is, with both LiveUpdate sources being selected, is there a way to set a preference as to which the client tries first? I would like both selected because if for some reason the internal server is unavailable, I would like the client to continue to update via the internet.
To anyone that has any idea, thanks in advance ;)
3 comments
ShadowsPapa
|
March 15th, 2010
My app control blocked this today --is it legit?
I've never seen this happen before on any other computer, and there's nothing being installed or setup as far as SEP, AFAIK....
Event type:
Application Control Rules
Event time:
03/15/2010 10:48:52
Severity:
Critical
Begin time:
03/15/2010 10:48:51
End time:
03/15/2010 10:48:51
Rule name:
Bad-BHO-File and Folder Access Attempts_Write File
Alert:
Yes
Send SNMP trap:
0
Caller Process ID:
384
Caller Process Name:
C:/Program Files/Symantec/LiveUpdate/LSETUP.EXE
Target:
C:/Documents and Settings/Mary.McLaren/Local Settings/Temp/LUInit.exe
3 comments
mclemson
|
March 15th, 2010
I have an issue where servers running SAV CE 10.2.4 (or 10.2.0, for that matter -- but I'm in the process of updating those) do not update automatically from the parent server. From what I can tell, they have never updated automatically if the OS is Windows Server 2008. Every Windows Server 2008 server does not work, and every other Windows Server 2003 server does work. They all share the same (only) parent server.
If I run LiveUpdate manually on a 2008 system, it updates. If I right-click from the SSC and choose 'Update Virus Definitions Now..', it updates. But it won't happen automatically. As I've said, updating to 10.2.4 hasn't helped.
Any ideas? I'll assign a solution if someone finds one. Are there logs on the server or client that would explain why a client doesn't get those definitions?
5 comments
anthonymel
|
March 13th, 2010
We just replicated our old End Point Protection Manger server (11.5) over to our new Windows 2008 R2 server. We assigned all our polices over to the new server and took down the old server. We removed the old server from the replication lists and policy lists. All client now use the new server for policy and updates.
However, the new server can't proccess any liveupdates. All attempts come back with a return code of 1. At the same time liveupdate is running I also see this error "Failed to create a folder to which to publish the package" which to means that it can't save the updates to publish to clients. I gave the Authenticated users full control over the symantec end point protection manager folder under Program Files (x86) as well.
Anyone have ideas on resolving this? I rather have my clients protected.
6 comments
silvana
|
March 12th, 2010
I need to execute Intelligent Updater in some computers.
Normally when executing it a new window appears asking if you really want to execute the update, and waiting a response (Yes or No) from the user to continue the execution.
I would like to know how to "skip" that question to execute the update.
I have to write a script or something like that. So if there is a parameter to set the response to "Yes" it would be fine.
Thanks a lot.
7 comments
Lane McMullen
|
March 11th, 2010
I have SAV Corporate Edition 8.1 with about 100 clients in their own group. Symantec System Center is version 5.0, and I can see all of the clients in the console without a problem and they are listed correctly. I noticed however that the client machines are going out to LiveUpdate to update their definitions every day instead of pulling them from the parent server. This therefore is killing our bandwidth during certain times of the day. The clients are all running Win XP SP3 with the firewall disabled. I have verified that the Update Definition Manager is set for the group to update their definitions from the parent server. The clients and server are on the same subnet without a firewall between them. What else can I check to make sure the clients are pulling from the parent server and not out to the internet through LiveUpdate? I read a KB article that if the client cannot communicate with the parent server, then it will use LiveUpdate instead. I appreciate any direction you can...
13 comments
Ezekyl
|
March 11th, 2010
Hi,
I have one question about the update proces of Norton AntiVirus 10. All server are up to date with right definitions.
On the Sytem Center Console, I have one server group. This server group contains one primary server and 3 servers. All servers and primary server are configured with this parameters :
- In All tasks ==> LiveUpdate ==> Configure... I selected "internall LiveUpdate Server" with correct parameters and operationnal internal Live Update server.
- In All tasks ==> Symantec AntiVirus ==> Virus definition Manager : I selected "Update only primary server of this server group".
In Configure, next to "Update only primary server of this server group", I selected "Update Source LiveUpdate(Win32) / FTP (NetWare)" with ftp.symantec.com.
My question is : On which server, Primary server or FTP symantec or internall Live Update server, will the servers download virus definitions ?
Sorry for my bad english...
Best...
5 comments
nia
|
March 10th, 2010
Hi,
One of our customers has an issue with a Brightmail appliance that is not updating the AV definitions. (SBG 8.0.3)
I have checked licensing -> OK
We have changed the frequency of liveupdate to 2hours and timeout at 40 mins.
Rapid responses work fine but when not selected, we have the error: The JLU process appears to be hanging and will be terminated
Bellow you can see the log files from the jlu_controller.log
2010-03-10T10:40:02+02:00 (INFO:26927.3071923904): [54041] AV definitions update is available.
2010-03-10T10:40:02+02:00 (INFO:26927.3071923904): [54030] Poll for new AntiVirus Definitions was successful.
2010-03-10T10:40:00+02:00 (INFO:26927.3071923904): [54010] Poll for new AntiVirus Definitions was successfully started.
2010-03-10T10:40:00+02:00 (DEBUG:26927.3071923904): [54043] Executing /usr/java/jre1.6.0_02/bin/java -classpath /opt/Symantec/LiveUpdate/jlu.jar com.symantec.liveupdate.LiveUpdate --available-list /data/scanner/stats/jluGwfUxo [ -p SMS for SMTP...
7 comments
Wally
|
March 10th, 2010
Hello all,
I have a small number of unmanaged clients that were installed directly from the CD1 directory (i.e. not using SEPM). They are getting content updates directly from the Symantec LiveUpdate server.
How can I set these unmanaged clients to get product updates directly from the Symantec LiveUpdate server? Is there a setting in the client's LiveUpdate to enable product update retrieval without having to use SEPM to set a LiveUpdate policy.
It is my understanding that in eariler releases of SEP that even though the product update policy field existed in SEPM, it was ignored because the feature had not been implemented.
So - in SEP 11.0.5 can (1) unmanaged clients retrieve product updates through LiveUpdate and (2) can I configure an unmanaged, stand alone client to get product and content updates directly from the Symantec LiveUpdate server without using SEPM to set the LiveUpdate...
8 comments
Dennis Man
|
March 10th, 2010
Hi All,
We have about 700 clients connecting to one SEPM server and they are in the same LAN. For virus definition (as well as other content) updates, we use the option "Use the default management server (recommended)"and do not use LiveUpdate for the clients. However, we have found that the update schedule of the clients varied greatly.
For instance, the SEPM server retrieved the update-to-date virus defintion at 08:00am, when the clients were started at 09:00am, only some of them retrieved virus definition updates from the management server immediately. For other clients, some of them retrieved the updates at 01:00pm and some of them at 05:00pm. The update time is consistent, that means clients retrieving updates at 01:00pm will always retrieve them at around the same time, no matter the server is busy or not. Also, we have checked that the server is not busy all the time.
So, may I ask what's the update...
8 comments
jdwhitcomb
|
March 10th, 2010
Our setup here has a sepm server, sav server, and mail security for exchange on our exchange servers. Our outbound connections are low bandwidth and high latency. SO in an effort to consolidate we are trying to migrate everything to pull from a single liveupdate administrator server.
The lua server is set up and trying to work, however it has issues downloading any kind of larger file. The behavior of the sepm server of breaking any kind of download into smaller 3.something meg chucks allowed it to work flawlessly, is there any way for lua to duplicate that behavior?
5 comments
futare
|
March 9th, 2010
I re-installed the live update component and SEP but still it connects to old internal server. How can I fix this? Any help would be appreciated.
5 comments