Virus Definitions not updating on Symantec Antivirus Corporate Edition 9.0 clients

Hi all,

We are upgrading from NAV 7.6 to Symantec AntiVirus (SAV) 9.0 here at work. I have been rolling the new clients out from our brand new server (using NT client install), running SAV 9.0. It is our only SAV server and therefore is running as a Primary server. Now, we are rolling out to XP SP1a machines, NT SP6a machines, 2000 machines - servers, workstations the lot. Most are working absolutely fine but some are having problems. I am experiencing two problems but this question is specifically about the clients that are failing to recieve virus definitions updates from the server.

The failing clients are a mixture of XP, 2000, NT and are all on different hardware so I can find no similarities there. They are all picking up their policies from the server and are displaying our customised message that pops up when the virus definitions get out of date so it's strange that they don't see there is a virus update too.

Some of the clients are just keeping the virus definitions that were part of the install (13th Feb 2004) but some seem to have picked up an update but then stopped picking any further ones up.

As I said, most clients are fine but a few are having trhese problems.

What is even more concerning is that on the PCs with the problem I've uninstalled SAV through add&remove programs and even done it manually from the Symantec manual uninstall document but each time I reinstall it those PCs have the same problem. I'm losing hair quickly!

Can anybody advise me on this? It's very frustrating as you can imagine as the Symantec site doesn't appear to be very useful for this problem.

This is an urgent request, unfortunately for me

Many thanks!

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I read recently (can't remember where!) that this can be caused by the clients not knowing about the license file that SAV installs when it's activated/registered.

Have you tried doing a manual Live Update on the workstations. I assume you're running your own Live Update server?

We had some problems recently where Live Update was installed on a W2K Domain Controller with LAN and Internet NICs and as a result the Active Directory DNS zone for the domain kept being updated by NetLogon.

It would add the public IP addresses into the zone file against the LAN name of the server and as a result some LAN clients would get given the Internet IP address (because MS DNS server uses a round-robin process to returning multiple IP addresses for load-balancing).

That meant the clients couldn't connect to the Live Update server because of firewall rules and it would silently fail.

You can check by searching the DNS Cache for the server name and checking the IP

C:\>ipconfig /displaydns

If its wrong flush it

C:\>ipconfig /flushdns

and fix up your DNS zone file.

In the end we used the Live Update server's LAN IP address in the server settings and that fixed all the failed update problems.

There are some articles at Symantec about Live Update problems and the client upgrade process.

Unfortunately their URLs aren't very user friendly so if you seach for the documents by ID its easier

2004052713264748  see the section on "Installing Symantec AntiVirus Corporate Edition
" > Installing Symantec AntiVirus Clients

1999051716282513 "LiveUpdate Administration Utility is configured correctly but fails to update clients"

2000102014521913 "LiveUpdate fails when downloading updates for Symantec products that are not installed"

2001020610103613 "All Symantec products installed on your computer are up to date . . ."
matthewcapstickAuthor Commented:
Thanks for all that!!!

With regards how our client update, we just update the primary server and then all teh clients update from that. I presume that's not classed as a client LiveUpdate? We haven't set up a secific site LiveUpdate server.

I will check those links. Thanks.

You're running an internal Live Update server. It gets the updates from Symantec, all your clients get their updates from your Live Update server.

There are some LU management tools installed by default.

We're still with version 8.1 so config options might be different, but try this...

You can get to the LU configuration from the SSC. When you've got your AV Server selected, right-click, choose All Tasks then choose Live Update then choose Configure.

Especially with Symantec it's always best to explore the menus and options because they sure know how to hide the good stuff away.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.