• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 29345
  • Last Modified:

Symantec Endpoint Protection Clients not updating

I  have a SBS 2003 Server with SEP installed (MR2). The LiveUpdate function appears to work and the home page of the Endpoint Protection Manager shows that the info is up to date.

If I look at the "Show LiveUpdate Downloads" screen, it is empty and says "No LiveUpdate Content has been downloaded".

The folder "\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads" has lots of folders, but "\Program Files\Symantec\Endpoint Protection Manager\Inetpub\content" is empty except for an empty "ContentInfo.txt" file.

I have reinstalled both manager and client, I have searched this forum and Google but have found nothing that helps!

Other details, such as policy updates, enable/disable features, etc all work from the server to the client. It appears to be just the AntiVirus/etc definitions that are not being updated - and it "seems" like they are not being put in the right place by LiveUpdate or something else.

Any ideas?
1 Solution
Hi ascendinternet,

If you click "Download LiveUpdate Content" above "Show LiveUpdate Satatus" does anything happen? If so what? Do any of the clients have up to date deffinitions? If you click start then run and type luall.exe on one of the clients will the client download the definitions? I think the problem might be that the client package was configured to be unmanaged.
ascendinternetAuthor Commented:
"Download LiveUpdate Content" shows that LiveUpdate starts, checks for updates and does/does not download them as appropriate.

None of the clients have up to date definitions. I haven't tried to download the definitions on any of the clients themselves as it kind of defeats the object of having a managed solution! :-)

Today, I uninstalled the manager software and the client software from the server. I then reinstalled, following the Symantec "Best Practice" for SBS 2003 Servers. The Clients appear in the client list and I can send instructions such as "Disable Network Threat Protection" to the client from the server and it works. Does that mean they ae managed rather than unmanaged?

It just seems as though LiveUpdate is storing the updates in one place and the clients (manager?) are looking for them somewhere else, hence there never being any new updates!?
The reason I wanted you to try live update on the client computer is so we can identify if the client is being managed or not. Luall.exe won't update anything if the computer is managed. Since you can send instructions to the clients, obviously the clients are being managed. After you reinstalled the Symantec Endpoint Protection Manager software did you rebuild the client install package? If you run luall.exe on the server does it download anything?
Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

ascendinternetAuthor Commented:
I have run a number of tests that I found in one of the Symantec documents, to test the client - server communication and all appears to be OK.

As far as I understand it, the folder C:\Program Files\Symantec\Endpoint Protection Manager\Inetpub\content is where clients get updates from ... but the folder is empty!?

LiveUpdate put's it's stuff in C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads

I am seriously thinking about going back to v10.2 at the moment!!
ascendinternetAuthor Commented:
After 2 days of trying and 2.5 hours on the phone to Symantec support, it was not possible to get Endpoint Protection working on our server (we only have one server).

It worked perfectly on my laptop but that's not a suitable location for it.

So, the only solution was to reinstall version 10, which is once again working perfectly.

We may try again when our server is upgraded in a few months ...
Michael LPr. SysadminCommented:
I found this in a Symantec article:
Verify that the SEPM content is updated:
a. To verify that the SEPM content has been updated, look in the following folder:
"C:\Program Files\Symantec\Symantec Endpoint Protection Manger\Inetpub\content\{C60DC234-65F9-4674-94AE-62158EFCA433}"
b. Typically, there will be 3 numbered folders present. The folder naming convention is "ymmddxxx". For example "90721055". This is the date and build number of the definition set installed. Please note that the definition set installed may have been published the previous day and a set for the current day may not yet be available.
c. Looking inside the folder that matches the set downloaded and installed, There should be a folder named "Full" and a zip file named "Full.zip".
d. Looking inside the "Full" folder, there should be the files typically associated with a virus definition set.

Is this path (UNC) listed on line a. the path we point our internal servers to?
This solution seemed to work for me:

"...Step 1:-->  Connect to ftp://ftp.symantec.com/AVDEFS/symantec_antivirus_corp/jdb/ 
Step 2-->   Save the latest definition file on the Desktop.  
Step 3--> Paste this definition file in the (default)  location C:\Prog~Files\Symantec Endpoint Protection  Manager\data\inbox\content\incoming - (Obviously on your server)..."

I hope that helps!

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now