Hello,
So, Is the SEPM getting updates from the Liveupdate Administrator??
Is the Liveupdate Administrator, downloading the SONAR heuristic signatures?
When you configure content types for download in Symantec Endpoint Protection Manager, these are called SONAR heuristic signatures.
Could you check within the SEPM, if the SONAR heuristic signatures are up to date.
About the types of content that LiveUpdate can provide
Symantec Endpoint Protection 12.1 SONAR - Proactive Threat Protection or Download Insight False Positive Corrections
Hope that helps!!