Endpoint Protection

I have SAV Corporate Edition 8.1 with about 100 clients in their own group. Symantec System Center is version 5.0, and I can see all of the clients in the console without a problem and they are listed correctly. I noticed however that the client machines are going out to LiveUpdate to update their definitions every day instead of pulling them from the parent server. This therefore is killing our bandwidth during certain times of the day. The clients are all running Win XP SP3 with the firewall disabled. I have verified that the Update Definition Manager is set for the group to update their definitions from the parent server. The clients and server are on the same subnet without a firewall between them. What else can I check to make sure the clients are pulling from the parent server and not out to the internet through LiveUpdate? I read a KB article that if the client cannot communicate with the parent server, then it will use LiveUpdate instead. I appreciate any direction you can provide.

SAV 8.x has been END of Life long time back..So it will not update from Parent Servers..Its not very far that it will stop getting definitions even from the internet..

Strongly recommend to upgrade to atleast SAV 10.1.9.9000 or SEP 11.x 

Title: 'After Applying Recent Virus Definitions to a Symantec AntiVirus 8.x Server or Client, the User Interface does not update or is blank'
Document ID: 2008011814394548
> Web URL: http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008011814394548?Open&seg=ent

I have also learned that the parent server was migrated to a new domain (child.domain.local to domain.local). I can also see that port 2967 is not listening when performing a NETSTAT, and I am not able to telnet to it. I am wondering if the migration of this server also caused some problems.

 You can try pasting the GRC.dat on few clients and check if they are downloading the def from SAV servers..if they do then you can call symantec and get makedrop utility with which you can replace grc on all the clients.

I am able to get the GRC.dat file on the machine successfully. How can I tell if the client is getting the definitions from LiveUpdate, or from the parent server? Is there a log somewhere that I can check?

 C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate

Log.liveupdate

If you open the settings.liveupdate you will find what they are configured to
you will find host/0 www.symantec.com or liveupdate.com where it has to be your parent server.
 

As expected, I copied the GRC.dat file, and upon checking those logs I see the following:

rogress Update: TRYING_HOST: HostName: "liveupdate.symantecliveupdate.com" URL: "http://liveupdate.symantecliveupdate.com" HostNumber: 0
HOSTS\0\ACCESS=liveupdate.symantecliveupdate.com
HOSTS\0\ACCESS2=http://liveupdate.symantecliveupdate.com

Do I have something misconfigured on my parent server somewhere? I have verified that the settings for the group are set to update from Parent Server.

No, he cannot call us to get anything unforunately. The product is unsupported. Which means we do not support it, that includes providing any tools to help support it. As you mentioned earlier in the post the product has been discontinued.

Lane

Please don't take any offense, but continuing to run SAV 8.1 with expectations that it will protect you from today's threats is living in a fantasy world. The absolute minimum SAV version is the current 10.1.9.

If your support contract is current, you can download that version from FileConnect and migrate forward.

MJD

 well now even SAV 10.x is coming to END of Life..so better upgrade to SEP 11

The problem is the SAV 8 product is not able to process the definitions files of the size they are today. Bottom line is, you will not be able to get this to work. You need to migrate up to at least SAV 10.1.9 or even SEP in order to get clients to update via the SAV/SEP server. There's no other way around it.

Okay, I wasn't aware that the older client cannot process the definition files due to their size. I will work with upgrading as quickly as possible.