Endpoint Protection

 View Only
Expand all | Collapse all

LiveUpdate Schedule and security risk exceptions

Migration User

Migration UserApr 19, 2009 02:44 AM

Migration User

Migration UserApr 20, 2009 11:10 AM

  • 1.  LiveUpdate Schedule and security risk exceptions

    Posted Apr 18, 2009 11:50 AM
    I have two questions, if that's okay to discuss here.

    The first is that everytime I start up my computer, my client SEP finds a tracking cookie, and removes it. This always happens when I turn on the computer. So I put "Tracking cookie" on the list of "centralized exceptions", is that okay? Will the active scan upon startup keep logging this as an infection, or ignore this cookie forever?

    The second question is, I can't make LiveUpdate schedule at a specifc time in the day. I change the "schedule automatic updates" to "daily" at "5:15 PM", but this never happens. I notice that SEP gets new definitions exactly 41 minutes after I start up the computer. How do I fix this so that this happens at a time I chose?

    Thanks,

    Shomik



  • 2.  RE: LiveUpdate Schedule and security risk exceptions

    Posted Apr 18, 2009 01:57 PM
    1) No. It's not okay. You are basically excluding a threat. Possibly there can be an infection on your compuer that is downloading this and when the computer starts up, It checks the load points and this is where it gets caught. Run a full system scan.

    2) Exactly 41 minutes? Thats really odd.
    Schedule the liveupdate to say 2 or 3 minutes from now, Now goto the task manager and make it show all process. Do you see the Luall.exe and other helper processes running(All starting with "L")



  • 3.  RE: LiveUpdate Schedule and security risk exceptions

    Posted Apr 18, 2009 03:31 PM
    1) Before I had Symantec Antivirus v10, and it never picked up this tracking cookie. It had the same settings as SEP and I'm wondering why this cookie is getting picked up now. Or could it be I didn't have well-known virus and security risk locations checked in SAV v10?

    2) LiveUpdate (LuConfig.exe) has the Use Automatic LiveUpdate box unchecked. It is not allowing me to set it at 2-3 minutes since it's below the minimum value of 30 minutes. I was using the SEP's Client Management Settings to enable automatic updates. Is this why it was not working?




  • 4.  RE: LiveUpdate Schedule and security risk exceptions

    Posted Apr 19, 2009 02:44 AM
    That may have been your problem...



  • 5.  RE: LiveUpdate Schedule and security risk exceptions

    Posted Apr 20, 2009 11:10 AM
    I'm sorry, but what does this mean?


  • 6.  RE: LiveUpdate Schedule and security risk exceptions

    Posted Apr 20, 2009 05:42 PM
    I did not do the change as you suggested, but when LiveUpdate did run, I did see LUALL.exe and other services running. So I think there's a scheduling issue somewhere.


  • 7.  RE: LiveUpdate Schedule and security risk exceptions

    Posted Apr 20, 2009 06:36 PM
    Sorry just to be clear when LiveUpdate did run did you see LUALL.exe right at 5:15PM or 41 min later?


  • 8.  RE: LiveUpdate Schedule and security risk exceptions

    Posted Apr 20, 2009 07:50 PM
    What happens is that once I turn on my computer, LiveUpdate starts up around 40 minutes later, even when I have scheduled it to start at 5:15 PM daily through SEP 11. I don't want it to do that. I want LiveUpdate to occur at my scheduled time. I have the box checked under "Client Management Settings".

    I do not have the box checked in LuConfig.exe 's  "Use Automatic LiveUpdate".

    But when it did update, yes, I did see LUALL.exe as well as other programs like Lu_CallBackProxy, etc.



  • 9.  RE: LiveUpdate Schedule and security risk exceptions

    Posted Apr 20, 2009 08:26 PM
    About the tracking cookie, it is not fine.
    But check your browsing pattern and you should know.
    Lots of website uses cookies to track their visitor.
    Evaluate the websites you normally frequent and evaluate the risk accordingly.

    For me, I don't exclude tracking cookies as I check them whenever my scans pick it up :) 
    Some reading about tracking cookies en.wikipedia.org/wiki/HTTP_cookie

    About defs update : 

    As said by you : " I notice that SEP gets new definitions exactly 41 minutes after I start up the computer." ,
    it means that after you schedule Liveupdate to run, it goes out to the net and pull down definition and then apply it.
    The scheduling is for the AV to run Liveupdate to fetch definition.
    When it arrives and applied to your box is a different issue as network connection varies from node to node.

    Same like video recorder analogy. You set the time ,you set the hour to start and finish the record.
    But if the TV company starts the movie 1 minutes later, you will miss the last minute of that movie :)

    + what time do you startup [ I assume a cold boot] your computer? 

    Hope this helps.







  • 10.  RE: LiveUpdate Schedule and security risk exceptions

    Posted Apr 20, 2009 08:41 PM
    1) I think I know why it is picking up the tracking cookie. It is because of IE7. There have been times where SEP has not picked up the cookie, and that is because I cleared the browsing history in IE7, thus removing them. But when I don't do that, SEP picks up the cookies again and deletes them.

    I think it's because of IE7 that SEP keeps finding cookies everytime I turn on the computer. The more I don't clear browsing history in IE7, the more SEP will find this cookie and delete it.

    2) But then why won't it get these definitions at my scheduled time? I never chose 41 minutes, I chose an exact time every day. This never happened with SAV v10.


  • 11.  RE: LiveUpdate Schedule and security risk exceptions

    Posted Apr 20, 2009 08:54 PM
    For #1, yep .. clearing browsing history is a good habit.
    I normally alert my Firefox browser about it after everytime when I hit the close button.

    For #2, open your log.liveupdate file.
    The timestamp is in GMT. You can check when it was ran and how long the process was.
    If you still findings the info unsatisfactory, do give Symantec Support a call.
    We can help you to solve this puzzle.






  • 12.  RE: LiveUpdate Schedule and security risk exceptions

    Posted Apr 20, 2009 09:11 PM
    1) Yes, for Firefox it clears the cookies for me after I close it. I bet if I only used FF then these cookies wouldn't come up on SEP.

    2) How do I open this file? I want to change the time when it does its updates. I don't want it to occur 40 minutes after I boot up the computer.


  • 13.  RE: LiveUpdate Schedule and security risk exceptions

    Posted Apr 20, 2009 10:09 PM
    for q 2 ,

    Use your favourite text editor , ie. Notepad to open it up. Its just a plain text log file.



  • 14.  RE: LiveUpdate Schedule and security risk exceptions

    Posted Apr 20, 2009 10:29 PM
    Okay, I do see that the times in GMT are adding up to the Live Updates in my time zone (ET), even the ones that are not at the scheduled time. How do I fix this now?


  • 15.  RE: LiveUpdate Schedule and security risk exceptions

    Posted Apr 20, 2009 10:55 PM
    imagebrowser imageMake sure the ones circled are not ticked. This setting is available under UI -> Change settings -> Client Management -> Schedule updates.

    And ensure that the scheduled time well pass the time you boot up your computer.

    Again if problem persist, you might to give support a call to analyze your log better.


  • 16.  RE: LiveUpdate Schedule and security risk exceptions

    Posted Apr 21, 2009 04:00 PM
    Yes, neither of those boxes are checked. The scheduled time is quite past the time I turn on the computer, around 2-3 hours ahead.


  • 17.  RE: LiveUpdate Schedule and security risk exceptions

    Posted Apr 22, 2009 07:34 AM
    Please do not put the threat in exception. However, check whether "Keep trying for (in hours)" and "Randomize the start time to be + or - (in hours)" is checked or not.