Endpoint Protection

 View Only

  • 1.  Client on SEPM Manager - no definition updates?

    Posted Jan 11, 2010 03:07 AM
    The client on the manager itself won't update definitions - they stay at 15th April 2009 which is what was included with the MR4 MP2 release. All other clients are updating happily and there are no errors in the log. Any ideas - I'm downloadng the intelligent updater now to try it as a workaround...


  • 2.  RE: Client on SEPM Manager - no definition updates?

    Posted Jan 11, 2010 03:09 AM
    I should add that this machine was running SAV 10 with SSC which I just uninstalled since I'd migrated the last legacy client to SEP 11. The server is running WIndows 2003 R2 and has been rebooted a couple of times since I installed the SEP client. The client was installed via the deployment wizard.


  • 3.  RE: Client on SEPM Manager - no definition updates?

    Posted Jan 11, 2010 03:32 AM
    IU does nothing - I've appended the log. Seems to think there's no SEP client there but since it doesn't actually say which key it's looking for this doesn't help much...

    Mon Jan 11 19:16:05 2010 : ******************************************************************
    Mon Jan 11 19:16:05 2010 :         Starting Intelligent Updater - Version 5.0.1.4
    Mon Jan 11 19:16:05 2010 : ******************************************************************
    Mon Jan 11 19:16:05 2010 : AUTH SYMSIGNED BEGIN: Started.
    Mon Jan 11 19:16:05 2010 : AUTH SYMSIGNED CLASS3 BEGIN: Entering CriticalSection Initialization .
    Mon Jan 11 19:16:05 2010 : AUTH SYMSIGNED CLASS3: Succeeded find the class 3 ID, returning TRUE.
    Mon Jan 11 19:16:05 2010 : AUTH SYMSIGNED END: Finished processing. Returns TRUE
    Mon Jan 11 19:16:05 2010 : IU RES SYMSIGNED SUCCESS: Successfully verified Symantec Signature for the iuResource.dll
    Mon Jan 11 19:16:05 2010 : IU RES LOAD: Successfully loaded the resource file..
    Mon Jan 11 19:16:05 2010 : IU MODE: IU is running is FULL mode.
    Mon Jan 11 19:16:13 2010 : CONFIG LOAD SUCCESS: Successfully loaded the configuration file: iuConfig.xml.
    Mon Jan 11 19:16:13 2010 :     IU INFO: File-name : 20100110-017-v5i32.EXE
    Mon Jan 11 19:16:13 2010 :     IU INFO: Creation-date : 20100110
    Mon Jan 11 19:16:13 2010 : PROCESSING ENTRY: VIRSCAN.zip - Virus Definitions
    Mon Jan 11 19:16:13 2010 : Entry details:
    Mon Jan 11 19:16:13 2010 :     Update-File:             VIRSCAN.zip
    Mon Jan 11 19:16:13 2010 :     Update-Desc:             Virus Definitions
    Mon Jan 11 19:16:13 2010 :     Auth DLL Name:             SAVIUAuth
    Mon Jan 11 19:16:13 2010 :     Auth DLL Location:         local
    Mon Jan 11 19:16:13 2010 :     Auth Content-Type:         virus definitions x32
    Mon Jan 11 19:16:13 2010 :     Deploy Content-Type:         virus definitions x32
    Mon Jan 11 19:16:13 2010 :     Deplo DLL Name:         SAVIUDeploy
    Mon Jan 11 19:16:13 2010 :     Deploy DLL Location:         local
    Mon Jan 11 19:16:13 2010 : AUTH DLL LOCATION: IU will read the DLL location from registry - SAVIUAuth
    Mon Jan 11 19:16:13 2010 : REG SUCCESS: Success while opening key
    Mon Jan 11 19:16:13 2010 : REG SUCCESS: Success while fetching the path for DLL : C:\Program Files\Symantec\Symantec Endpoint Protection\IU\LuAuth.dll
    Mon Jan 11 19:16:13 2010 : DEPLOY DLL LOCATION: IU will read the DLL location from registry - SAVIUDeploy
    Mon Jan 11 19:16:13 2010 : REG SUCCESS: Success while opening key
    Mon Jan 11 19:16:13 2010 : REG SUCCESS: Success while fetching the path for DLL : C:\Program Files\Symantec\Symantec Endpoint Protection\IU\DefUDply.dll
    Mon Jan 11 19:16:13 2010 : AUTH SYMSIGNED BEGIN: Started.
    Mon Jan 11 19:16:13 2010 : AUTH SYMSIGNED CLASS3 BEGIN: Entering CriticalSection Initialization .
    Mon Jan 11 19:16:13 2010 : AUTH SYMSIGNED CLASS3: Succeeded find the class 3 ID, returning TRUE.
    Mon Jan 11 19:16:13 2010 : AUTH SYMSIGNED END: Finished processing. Returns TRUE
    Mon Jan 11 19:16:13 2010 : AUTH SYMSIGNED SUCCESS: Successfully verified Symantec Signature for the authorization dll C:\Program Files\Symantec\Symantec Endpoint Protection\IU\LuAuth.dll
    Mon Jan 11 19:16:13 2010 : AUTH LOAD SUCCESS: Successfully loaded the authorization dll - C:\Program Files\Symantec\Symantec Endpoint Protection\IU\LuAuth.dll
    Mon Jan 11 19:16:13 2010 : AUTH SYMSIGNED BEGIN: Started.
    Mon Jan 11 19:16:13 2010 : AUTH SYMSIGNED CLASS3 BEGIN: Entering CriticalSection Initialization .
    Mon Jan 11 19:16:13 2010 : AUTH SYMSIGNED CLASS3: Succeeded find the class 3 ID, returning TRUE.
    Mon Jan 11 19:16:13 2010 : AUTH SYMSIGNED END: Finished processing. Returns TRUE
    Mon Jan 11 19:16:13 2010 : DEPLOY SYMSIGNED SUCCESS: Successfully verified Symantec Signature for the deployment dll C:\Program Files\Symantec\Symantec Endpoint Protection\IU\DefUDply.dll
    Mon Jan 11 19:16:13 2010 : DEPLOY LOAD SUCCESS: Successfully loaded the deployment dll - C:\Program Files\Symantec\Symantec Endpoint Protection\IU\DefUDply.dll
    Mon Jan 11 19:16:13 2010 : AUTHORIZATION SUCCESSFUL: VIRSCAN.zip is successfully authorized for deployment.
    Mon Jan 11 19:16:13 2010 : DEPLOY PATH SUCCESS: VIRSCAN.zip will be deployed at location C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\tmp1c39.tmp
    Mon Jan 11 19:16:13 2010 : AUTH SYMSIGNED BEGIN: Started.
    Mon Jan 11 19:16:13 2010 : AUTH SYMSIGNED CLASS3 BEGIN: Entering CriticalSection Initialization .
    Mon Jan 11 19:16:13 2010 : AUTH SYMSIGNED CLASS3: Succeeded find the class 3 ID, returning TRUE.
    Mon Jan 11 19:16:13 2010 : AUTH SYMSIGNED END: Finished processing. Returns TRUE
    Mon Jan 11 19:16:13 2010 : UNRAR LOAD SUCCESS: Successfully loaded the UNRAR DLL.
    Mon Jan 11 19:16:13 2010 : UNRAR OPEN SUCCESS: Success opening RAR file VIRSCAN.zip
    Mon Jan 11 19:16:33 2010 : UNRAR EXTRACT SUCCESS: Succesfully extracted VIRSCAN.zip to C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\tmp1c39.tmp
    Mon Jan 11 19:17:35 2010 : POST PROCESS FAILURE: Failure reported while post processing VIRSCAN.zip
    Mon Jan 11 19:17:35 2010 : Failure occurred while post processing the deployed content - VIRSCAN.zip.
    Mon Jan 11 19:17:35 2010 : PROCESSING ENTRY: VIRSCAN.zip - Virus Definitions
    Mon Jan 11 19:17:35 2010 : Entry details:
    Mon Jan 11 19:17:35 2010 :     Update-File:             VIRSCAN.zip
    Mon Jan 11 19:17:35 2010 :     Update-Desc:             Virus Definitions
    Mon Jan 11 19:17:35 2010 :     Auth DLL Name:             ISAuthDLL
    Mon Jan 11 19:17:35 2010 :     Auth DLL Location:         local
    Mon Jan 11 19:17:35 2010 :     Auth Content-Type:         virus definitions x32
    Mon Jan 11 19:17:35 2010 :     Deploy Content-Type:         virus definitions x32
    Mon Jan 11 19:17:35 2010 :     Deplo DLL Name:         ISDeployDLL
    Mon Jan 11 19:17:35 2010 :     Deploy DLL Location:         local
    Mon Jan 11 19:17:35 2010 : AUTH DLL LOCATION: IU will read the DLL location from registry - ISAuthDLL
    Mon Jan 11 19:17:35 2010 : REG SUCCESS: Success while opening key
    Mon Jan 11 19:17:35 2010 : REG FAILURE: Failed while reading the value for key named
    Mon Jan 11 19:17:35 2010 : DEPLOY DLL LOCATION: IU will read the DLL location from registry - ISDeployDLL
    Mon Jan 11 19:17:35 2010 : REG SUCCESS: Success while opening key
    Mon Jan 11 19:17:35 2010 : REG FAILURE: Failed while reading the value for key named
    Mon Jan 11 19:17:35 2010 : IGNORE ENTRY: Ignoring entry for VIRSCAN.zip because of registry read failure. Error occurred while reading the path for the Authorization DLL from the registry.
    Mon Jan 11 19:17:35 2010 : IU failed while deploying V because a compatible product could not be found on the system. Please make sure that a compatible Symantec product is installed on the system.
    Mon Jan 11 19:17:35 2010 : PROCESSING ENTRY: VIRSCAN.zip - Virus Definitions
    Mon Jan 11 19:17:35 2010 : Entry details:
    Mon Jan 11 19:17:35 2010 :     Update-File:             VIRSCAN.zip
    Mon Jan 11 19:17:35 2010 :     Update-Desc:             Virus Definitions
    Mon Jan 11 19:17:35 2010 :     Auth DLL Name:             Norton X32 AuthDLL
    Mon Jan 11 19:17:35 2010 :     Auth DLL Location:         local
    Mon Jan 11 19:17:35 2010 :     Auth Content-Type:         VirusDefs
    Mon Jan 11 19:17:35 2010 :     Deploy Content-Type:         VirusDefs
    Mon Jan 11 19:17:35 2010 :     Deplo DLL Name:         Norton X32 DeployDLL
    Mon Jan 11 19:17:35 2010 :     Deploy DLL Location:         local
    Mon Jan 11 19:17:35 2010 : AUTH DLL LOCATION: IU will read the DLL location from registry - Norton X32 AuthDLL
    Mon Jan 11 19:17:35 2010 : REG SUCCESS: Success while opening key
    Mon Jan 11 19:17:35 2010 : REG FAILURE: Failed while reading the value for key named
    Mon Jan 11 19:17:35 2010 : DEPLOY DLL LOCATION: IU will read the DLL location from registry - Norton X32 DeployDLL
    Mon Jan 11 19:17:35 2010 : REG SUCCESS: Success while opening key
    Mon Jan 11 19:17:35 2010 : REG FAILURE: Failed while reading the value for key named
    Mon Jan 11 19:17:35 2010 : IGNORE ENTRY: Ignoring entry for VIRSCAN.zip because of registry read failure. Error occurred while reading the path for the Authorization DLL from the registry.
    Mon Jan 11 19:17:35 2010 : IU failed while deploying V because a compatible product could not be found on the system. Please make sure that a compatible Symantec product is installed on the system.



  • 4.  RE: Client on SEPM Manager - no definition updates?

    Posted Jan 11, 2010 12:39 PM


    Use the i32 updater instead of v5i32.

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009022715105548?Open&seg=ent


  • 5.  RE: Client on SEPM Manager - no definition updates?

    Posted Jan 11, 2010 12:52 PM
    Is the Client on the server communicating with SEPM manager ?
    Go to Help and Support -Troubleshooting -and check what is the status is it showing SEPM servername/ip, or offline or Self0Managed ? 


  • 6.  RE: Client on SEPM Manager - no definition updates?

    Posted Jan 12, 2010 07:15 PM
    Interesting - I have found out that when I run either the v5i32 or the i32 the system seems to apply them and then immediately regress as per this from the system log:

    12/01/2010 11:31:31 AM,Definition File Loaded,EPICUTILITY,graham,System,Previous virus definition file loaded. Version: 110415ag.
    12/01/2010 11:31:28 AM,Definition File Loaded,EPICUTILITY,graham,System,New virus definition file loaded. Version: 120111c.
    12/01/2010 11:31:06 AM,Definition File Loaded,EPICUTILITY,graham,System,Previous virus definition file loaded. Version: 110415ag.
    12/01/2010 9:46:04 AM,Definition File Loaded,EPICUTILITY,graham,System,New virus definition file loaded. Version: 120111c.
    11/01/2010 12:40:04 AM,Definition File Loaded,EPICUTILITY,SYSTEM,System,Previous virus definition file loaded. Version: 110415ag.
    11/01/2010 12:37:26 AM,Definition File Loaded,EPICUTILITY,SYSTEM,System,New virus definition file loaded. Version: 120109f.

    Is this possibly a symptom of the great 1st Jan 2010 cock-up?


    Is there some way I can destroy the 15th April 2009 files source so there is no way it can regress once I install up-to-date defs?