Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Symantec Endpoint Protection Clients not updating

Posted on 2008-10-08
7
Medium Priority
?
29,256 Views
Last Modified: 2013-12-09
I  have a SBS 2003 Server with SEP installed (MR2). The LiveUpdate function appears to work and the home page of the Endpoint Protection Manager shows that the info is up to date.

If I look at the "Show LiveUpdate Downloads" screen, it is empty and says "No LiveUpdate Content has been downloaded".

The folder "\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads" has lots of folders, but "\Program Files\Symantec\Endpoint Protection Manager\Inetpub\content" is empty except for an empty "ContentInfo.txt" file.

I have reinstalled both manager and client, I have searched this forum and Google but have found nothing that helps!

Other details, such as policy updates, enable/disable features, etc all work from the server to the client. It appears to be just the AntiVirus/etc definitions that are not being updated - and it "seems" like they are not being put in the right place by LiveUpdate or something else.

Any ideas?
0
Comment
Question by:ascendinternet
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 2

Expert Comment

by:Corewar
ID: 22668255
Hi ascendinternet,

If you click "Download LiveUpdate Content" above "Show LiveUpdate Satatus" does anything happen? If so what? Do any of the clients have up to date deffinitions? If you click start then run and type luall.exe on one of the clients will the client download the definitions? I think the problem might be that the client package was configured to be unmanaged.
0
 

Author Comment

by:ascendinternet
ID: 22668463
"Download LiveUpdate Content" shows that LiveUpdate starts, checks for updates and does/does not download them as appropriate.

None of the clients have up to date definitions. I haven't tried to download the definitions on any of the clients themselves as it kind of defeats the object of having a managed solution! :-)

Today, I uninstalled the manager software and the client software from the server. I then reinstalled, following the Symantec "Best Practice" for SBS 2003 Servers. The Clients appear in the client list and I can send instructions such as "Disable Network Threat Protection" to the client from the server and it works. Does that mean they ae managed rather than unmanaged?

It just seems as though LiveUpdate is storing the updates in one place and the clients (manager?) are looking for them somewhere else, hence there never being any new updates!?
0
 
LVL 2

Expert Comment

by:Corewar
ID: 22668954
The reason I wanted you to try live update on the client computer is so we can identify if the client is being managed or not. Luall.exe won't update anything if the computer is managed. Since you can send instructions to the clients, obviously the clients are being managed. After you reinstalled the Symantec Endpoint Protection Manager software did you rebuild the client install package? If you run luall.exe on the server does it download anything?
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 

Author Comment

by:ascendinternet
ID: 22674388
I have run a number of tests that I found in one of the Symantec documents, to test the client - server communication and all appears to be OK.

As far as I understand it, the folder C:\Program Files\Symantec\Endpoint Protection Manager\Inetpub\content is where clients get updates from ... but the folder is empty!?

LiveUpdate put's it's stuff in C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads

I am seriously thinking about going back to v10.2 at the moment!!
0
 

Accepted Solution

by:
ascendinternet earned 0 total points
ID: 22720684
After 2 days of trying and 2.5 hours on the phone to Symantec support, it was not possible to get Endpoint Protection working on our server (we only have one server).

It worked perfectly on my laptop but that's not a suitable location for it.

So, the only solution was to reinstall version 10, which is once again working perfectly.

We may try again when our server is upgraded in a few months ...
0
 

Expert Comment

by:Michael L
ID: 26419949
I found this in a Symantec article:
Verify that the SEPM content is updated:
a. To verify that the SEPM content has been updated, look in the following folder:
"C:\Program Files\Symantec\Symantec Endpoint Protection Manger\Inetpub\content\{C60DC234-65F9-4674-94AE-62158EFCA433}"
b. Typically, there will be 3 numbered folders present. The folder naming convention is "ymmddxxx". For example "90721055". This is the date and build number of the definition set installed. Please note that the definition set installed may have been published the previous day and a set for the current day may not yet be available.
c. Looking inside the folder that matches the set downloaded and installed, There should be a folder named "Full" and a zip file named "Full.zip".
d. Looking inside the "Full" folder, there should be the files typically associated with a virus definition set.

Is this path (UNC) listed on line a. the path we point our internal servers to?
0
 
LVL 6

Expert Comment

by:univision-computers
ID: 33477362
This solution seemed to work for me:
http://www.symantec.com/connect/forums/endpoint-protection-live-update-not-updating-win32-definitons-win64-date

"...Step 1:-->  Connect to ftp://ftp.symantec.com/AVDEFS/symantec_antivirus_corp/jdb/ 
 
Step 2-->   Save the latest definition file on the Desktop.  
 
Step 3--> Paste this definition file in the (default)  location C:\Prog~Files\Symantec Endpoint Protection  Manager\data\inbox\content\incoming - (Obviously on your server)..."

I hope that helps!
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question