Endpoint Protection

I have tried everything to get this to work. We have one server that our SEPM is on and about 120 clients.
Clients communicate with the server. I have tested this with updating content and starting a scan with an option to delay. My clients get the pop up and the scan starts. They all have green dots. They all have a current last check in time.

I can update the definitions on SEPM. I can see them download. I have all my proxy exceptions set correctly. My clients have  NO ISSUE communicating with the server. But the clients will simply not get the latest virus definitions.

I have tried deleting the virus defs on the server and re-downloading them. I have tried almost every solution I could find. The only thing that works for me is if I make a policy to have the client update from the symantec site itself.

I am running the 11.0.5002.333 version.

I ran the SylinkMonitor on a client and got a log while doing an update command from SEPM. If anyone could help me that would be great.

Are you running a SEP client on your server? Make sure the firewall is not blocking your download attempts from the LiveUpDate server.

How to determine whether your firewall is blocking LiveUpdate

http://service1.symantec.com/SUPPORT/sharedtech.nsf/d3c44a1678bd8f45852566aa005902cb/c0aeb869920b38b688256d980074e389?OpenDocument&prod=Symantec%20AntiVirus%20Corporate%20Edition&ver=10.0&src=ent&pcode=sav_ce&dtype=corp&svy=&prev=&miniver=sav_ce_10

https://www-secure.symantec.com/connect/articles/troubleshooting-liveupdate-issues

https://www-secure.symantec.com/connect/articles/troubleshooting-liveupdate-issues

Yes I am running the SEP client on the server as well.

I have all the appropriate update sites unblocked.
I have all the appropriate ports open;
LiveUpdate requires access to ports 80 (HTTP), 21 (FTP) and 443 (HTTPS)

I can run the LUALL.exe on the server and it updates the content just fine. I can run the update from the SEPM and it downloads the new defs just fine. My clients have no errors when I run the support tool. I simply cannot get my clients to update from the server.

I have read both of the posts you put links to. I already tried the downloading the files. It downloaded just fine.

Any other ideas?

In the client start--->run luall and click ok see what happens..
In liveupdate policy how it is defined.?
Client has to take update directly from management server,GUP,Live update server?

Here is a really good troubleshooting guide on content update problems

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/45b4f4fa81bc7a588825755800612e99?OpenDocument

It goes over things like how to verify that the client is communicating with the SEPM, or how to compare a definition on the client with one on the SEPM and much more.

Hopefully it helps,
Grant

After going through the log file that you have attached to this thread I feel that your SEPM is not downloading 32bit defintions.
Please check under SEPM > Admin > Local sites > Show liveupdate downloads. and see if the SEPM has the latest 32 bit & 64 bit defintions.
If the SEPM does not have 32 bit defintions then apply the JDB file check this document for help.

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007100820002048

 

Hey, Thanks for all the replies!

@kavin --> I removed all the virus definitions on the server and followed the guide to clearing those out to make sure they weren't corrupt. Then I launched the live update from the SEPM again and It shows that I have the latest virus definitions for both the 64bit and 32bit. See attached image: liveUpdate.jpg

@Grant_Hall--> I agree that is a great KB article, and I have read it a couple times. I pretty much went down that list originally trying each suggestion and passing. I just don't get it
 - Clients can ping the server by name and IP address
 - Clients don't return any errors from the support tool
 - Clients can update directly from the symantec update servers
 - Clients all show a green dot (some with no dot due to them being off) See attached image: SEPM.jpg
 - Clients all show a current last check-in so they are communicating with the server. See attached image: lastCheckIn.jpg

@AravindKM--> I am trying to make the client's get the updates directly from our management server. I have the "Use the default management server(recommended)" as the only thing checked. No GUP at all. I have it assigned to all the groups on my SEPM.

I have never been able to get Endpoint protection to work properly. I have tried every KB and forum post I could find on getting this issue and another issue of pushing the install out to unmanaged clients and have been unable to solve these two issues. I am about to just wipe it clean and install it on a different server.

Thanks for the replies, any other questions/troubleshooting/solutions I can try?

Whwn we run luall, Managed Clients are getting updates from internet rahter than getting updates from SEPM.
 

 

Clients Update Issue

@Santosh Dangle..

When you  manually run luall , the clients would always try conncting  to internet, and not  to sepm...