Endpoint Protection

Hi,

I'm having the following problem.
Some of my clients simply don't update into the new virus/Proactive/network definitions.
This situation only happens in clients with version 11.0.5002 32bits or 64bits is equal.
My infrastructure is:
SEPM - last version RU5 (with the last definitions version)
Clients - 11.0.4000 / 11.0.4202 / 11.0.5002 - Few still on version 11.0.3
I have clients all around the world(2500 + -)
1 - SEPM and a GUP per site to use for definitions update.
Already test everything that regards Firewall - all communications are OK.
Ex. - I can have in one site several clients with the last version and another with 1 day older other with 2/3/4 days older.

This situation start's to happen more frequently after the 31/12/2009 bug.

PS -  We don't allow clients to do a direct liveupdate into the Symantec Site, that is not an option.

Thanks for any help.
 

Symantec Endpoint Protection: LiveUpdate Troubleshooting Flowchart 

Hello,

Already had done that.
This is not a communications problem with the GUP or even with the SEPM because and just for exemple in the same site I have clients that update every day as it is suppose and others simple don't.

But thanks anyway.

Any similarity between the clients which is not updating like same group,version etc..? 

Yes apart of the group this situation happens by default in clients with version 11.0.5002.
I have also downgraded a client into version 11.4202 and he start's to update correctly.
It appears to be some clients with corrupted definitions.

Make a RU5 client as GUP in each group and see any difference is present.

Has you can see the select one is the GUP already in client version RU5 and is w2003-sp2 (SPTSNA1000)
also inside this group (server's) is the only one with the version RU5 and the only that have the wrong version of definitions.

Do you verified in the client?
Whether it is old definition only? 

The server that I use for GUP is with version RU5 and his own definitions are old at least 2 days, other server in the same site but with version 11.4000 are OK.
Clients in the same site with version 11.400 are ok and Clients with version 11.5202 RU5 are in the best case with 2 days old they will eventualy update but not in the same day as the others with older client versions.
Also we are talking of clients that are allways ON.
This is very strange.

 

Check the technical information in below doc
Symantec Endpoint Protection (SEP) client cannot update definitions from Symantec Endpoint Protection Manager (SEPM) 

But in my case i have atm least 1000 pc with that problem.
Can anyone help me.

since i migrated 50.000+ clients from RU4 to RU5, they stop retrieving patterns. as soon as i change policy from multiple gups to sepm to download defs, the clients are updating.
i tested the following:
-open ports (yes on 2967)
-gups active (yes they are and have a filled sharedupdate folder)

but somehow the clients don't get the defs, well they are not updating.

i'm having this since i fully migrated to RU5.

i'm investigating on this the next days. but i'm having a bad feeling about this.

RU6 is available, has anybody tested with that build?

i just ended my migration to ru5. i can't start over again. i'm talking about 50.000+ clients.

There is a known issue with multiple GUPs in RU5. It is fixed in RU6.

Basically the clients look for the GUP list in a location on the server that is incorrect, if you have ever moved the SEPMs data folder via the server configuration wizard.

RU6 will fix this.

GUP content update fails when the data folder is customized
Fix ID: 1893500
Symptom: The Sylink log shows "HTTP 500 internal error" when making requests with action code 310. 
Solution: Instead of using the installation path, use the data folder path to publish GUP files to the correct folder.

Grab the sylinkmonitor utility and use it all the time for this sort of troubleshooting.
It makes the comms process between the SEP clients, SEPM and GUP's completely transparent!!

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/4be077e14183395388257348007a2472?OpenDocument

can i solve this by just upgrading the sepm servers or do i have to upgrade all the clients too?