Using SEP 12 (latest).
Due to SEP client proxy settings not being persisted on client side (see https://www-secure.symantec.com/connect/forums/sep-121-configuration-values-rollback) we are investigating the ideea of 3rd party content management and delivery for our setup ("unlimited number" of clients each with different proxy settings).
The intention is to have a separate component on client side that would download the content from server side (using the available proxy settings) and then push them to the SEP client.
Current I'm not able to have a POC for this "3rd party content management".
I was not able to have the SEP load the definitions which I manually put in the inbox folder. I've tried the esyest (?) way, to just manually push the full definitions to the client.
Steps so far:
- create TPMState (dword) with value 128 (0x80) under HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC
- reboot
- copy the index2.dax for my policy under "xxx\inbox"
- copy the full AV definitions under the needed folder structure
xxx\inbox{535CB6A4-441F-4e8a-A897-804CD859100E}\120706036\full.zip
The files just get into the "xxx\Invalid" folder.
The logs content ("c:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Lue\Logs\Log.Lue") does not help too much, I see some errors but they do not make too much sense nor do I know if they are relevant for this issue. Log below.
Does anyone has any ideea on troubleshooting this?
Symantec LiveUpdate Engine 2.0.3.6 (Release)
OS: Windows XP Professional 32-bit
VerInfo: 5.1
ServicePack: 3.0
LanguageID: 00000409
WinHttp.dll Version: 5.1.2600.6175
TcpMaxDataRetransmissions: 5
----------------------------------------------------------------------------------------------------
Session started at: 2012/08/24 17:18:02.444 (UTC +00:00)
ProcessId: 904, ThreadId: 5980, SessionId: 74
Machine ID: 9DE16F11-3181-B69B-5330-6802B4B2FEE8
Agent Field: SEP/12.1.1101.401 MID/{9DE16F11-3181-B69B-5330-6802B4B2FEE8} SID/74
----------------------------------------------------------------------------------------------------
Component: Moniker: {535CB6A4-441F-4e8a-A897-804CD859100E}, P: SEPC Virus Definitions Win32 v12.1, V: MicroDefsB.CurDefs, L: SymAllLanguages.
Component: Moniker: {6AAE5D6B-C70C-4cdf-96C9-110AA1378E8C}, P: SEPC Virus Definitions Win32 v12.1, V: MicroDefsB.Error, L: SymAllLanguages.
Component: Moniker: {6F678702-6A34-479b-9166-2C2EA45C68E4}, P: SESC AntiVirus Client Win32, V: 12.1, L: English.
OnNotify() method for callback {72DA128F-2591-43f2-B272-29DA5452A197} returned 0x0
OnNotify() method for callback {72DA128F-2591-43f2-B272-29DA5452A197} returned 0x0
OnNotify() method for callback {72DA128F-2591-43f2-B272-29DA5452A197} returned 0x0
* Inventory SetAbort called on Moniker {535CB6A4-441F-4e8a-A897-804CD859100E} (Inventory Module), with abort code 500
* Inventory SetAbort called on Moniker {6AAE5D6B-C70C-4cdf-96C9-110AA1378E8C} (Inventory Module), with abort code 500
* Inventory SetAbort called on Moniker {535CB6A4-441F-4e8a-A897-804CD859100E} (Inventory Module), with abort code 500
* Inventory SetAbort called on Moniker {6AAE5D6B-C70C-4cdf-96C9-110AA1378E8C} (Inventory Module), with abort code 500
* OnNotify() method for callback {72DA128F-2591-43f2-B272-29DA5452A197} failed; err = 0x80004005
* Inventory SetAbort called on Moniker {535CB6A4-441F-4e8a-A897-804CD859100E} (Inventory Module), with abort code 517
* Inventory SetAbort called on Moniker {6AAE5D6B-C70C-4cdf-96C9-110AA1378E8C} (Inventory Module), with abort code 517
* Inventory SetAbort called on Moniker {535CB6A4-441F-4e8a-A897-804CD859100E} (Inventory Module), with abort code 517
* Inventory SetAbort called on Moniker {6AAE5D6B-C70C-4cdf-96C9-110AA1378E8C} (Inventory Module), with abort code 517
* Callback {72DA128F-2591-43f2-B272-29DA5452A197} is a PostSession callback. Callback Failed. Result -2147467259
* Update Failed - PostSession for moniker {535CB6A4-441F-4e8a-A897-804CD859100E}
* Update Failed - PostSession for moniker {6AAE5D6B-C70C-4cdf-96C9-110AA1378E8C}
Update for moniker: {535CB6A4-441F-4e8a-A897-804CD859100E}, P: SEPC Virus Definitions Win32 v12.1, V: MicroDefsB.CurDefs, L: SymAllLanguages, package: 1345679428jtun_sep12ennful26.m26, SeqName: CurDefs, SeqNum: 120822019, has update status code: 208
* Reporting error: 0x80004005 Update failed PVL=SEPC Virus Definitions Win32 v12.1 MicroDefsB.CurDefs SymAllLanguages
* PostSession Callbacks Failed. Update status code for moniker {535CB6A4-441F-4e8a-A897-804CD859100E}, P: SEPC Virus Definitions Win32 v12.1, V: MicroDefsB.CurDefs, L: SymAllLanguages is: 0x D0.
Update for moniker: {6AAE5D6B-C70C-4cdf-96C9-110AA1378E8C}, P: SEPC Virus Definitions Win32 v12.1, V: MicroDefsB.Error, L: SymAllLanguages, package: 1342510013jtun_sep12ennful26.m26, SeqName: HubDefs, SeqNum: 120716018, has update status code: 208
* Reporting error: 0x80004005 Update failed PVL=SEPC Virus Definitions Win32 v12.1 MicroDefsB.Error SymAllLanguages
* PostSession Callbacks Failed. Update status code for moniker {6AAE5D6B-C70C-4cdf-96C9-110AA1378E8C}, P: SEPC Virus Definitions Win32 v12.1, V: MicroDefsB.Error, L: SymAllLanguages is: 0x D0.
***** Session Results *****
Total Updates Available: 2
Total Updates Succeeded: 0
Total Updates Succeeded - Reboot Req: 0
Total Updates Skipped: 0
Total Updates Failed: 2
RunLiveUpdate result code: 0x00000000
Session max recursion count = 1
* Fail to submit error report: 0x80070422
----------------------------------------------------------------------------------------------------
Session ended at: 2012/08/24 17:19:51.741 (UTC +00:00)
See the folowing references
http://www.symantec.com/business/support/index?page=content&pmv=print&impressions=&viewlocale=&id=HOWTO26819
http://www.symantec.com/business/support/index?page=content&id=TECH106028
http://www.symantec.com/business/support/index?page=content&id=TECH106032