Go Premium for a chance to win a PS4. Enter to Win


Symantec Endpoint Protection Clients not updating

Posted on 2008-10-08
Medium Priority
Last Modified: 2013-12-09
I  have a SBS 2003 Server with SEP installed (MR2). The LiveUpdate function appears to work and the home page of the Endpoint Protection Manager shows that the info is up to date.

If I look at the "Show LiveUpdate Downloads" screen, it is empty and says "No LiveUpdate Content has been downloaded".

The folder "\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads" has lots of folders, but "\Program Files\Symantec\Endpoint Protection Manager\Inetpub\content" is empty except for an empty "ContentInfo.txt" file.

I have reinstalled both manager and client, I have searched this forum and Google but have found nothing that helps!

Other details, such as policy updates, enable/disable features, etc all work from the server to the client. It appears to be just the AntiVirus/etc definitions that are not being updated - and it "seems" like they are not being put in the right place by LiveUpdate or something else.

Any ideas?
Question by:ascendinternet

Expert Comment

ID: 22668255
Hi ascendinternet,

If you click "Download LiveUpdate Content" above "Show LiveUpdate Satatus" does anything happen? If so what? Do any of the clients have up to date deffinitions? If you click start then run and type luall.exe on one of the clients will the client download the definitions? I think the problem might be that the client package was configured to be unmanaged.

Author Comment

ID: 22668463
"Download LiveUpdate Content" shows that LiveUpdate starts, checks for updates and does/does not download them as appropriate.

None of the clients have up to date definitions. I haven't tried to download the definitions on any of the clients themselves as it kind of defeats the object of having a managed solution! :-)

Today, I uninstalled the manager software and the client software from the server. I then reinstalled, following the Symantec "Best Practice" for SBS 2003 Servers. The Clients appear in the client list and I can send instructions such as "Disable Network Threat Protection" to the client from the server and it works. Does that mean they ae managed rather than unmanaged?

It just seems as though LiveUpdate is storing the updates in one place and the clients (manager?) are looking for them somewhere else, hence there never being any new updates!?

Expert Comment

ID: 22668954
The reason I wanted you to try live update on the client computer is so we can identify if the client is being managed or not. Luall.exe won't update anything if the computer is managed. Since you can send instructions to the clients, obviously the clients are being managed. After you reinstalled the Symantec Endpoint Protection Manager software did you rebuild the client install package? If you run luall.exe on the server does it download anything?
WatchGuard Case Study: Museum of Flight

“With limited money and limited staffing, we didn’t have a lot of choices in terms of what we could do to bring efficiency. WatchGuard played a central part in changing that.” To provide strong, secure Wi-Fi access within the museum, Hunter chose to deploy WatchGuard’s AP120 APs.


Author Comment

ID: 22674388
I have run a number of tests that I found in one of the Symantec documents, to test the client - server communication and all appears to be OK.

As far as I understand it, the folder C:\Program Files\Symantec\Endpoint Protection Manager\Inetpub\content is where clients get updates from ... but the folder is empty!?

LiveUpdate put's it's stuff in C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads

I am seriously thinking about going back to v10.2 at the moment!!

Accepted Solution

ascendinternet earned 0 total points
ID: 22720684
After 2 days of trying and 2.5 hours on the phone to Symantec support, it was not possible to get Endpoint Protection working on our server (we only have one server).

It worked perfectly on my laptop but that's not a suitable location for it.

So, the only solution was to reinstall version 10, which is once again working perfectly.

We may try again when our server is upgraded in a few months ...

Expert Comment

by:Michael L
ID: 26419949
I found this in a Symantec article:
Verify that the SEPM content is updated:
a. To verify that the SEPM content has been updated, look in the following folder:
"C:\Program Files\Symantec\Symantec Endpoint Protection Manger\Inetpub\content\{C60DC234-65F9-4674-94AE-62158EFCA433}"
b. Typically, there will be 3 numbered folders present. The folder naming convention is "ymmddxxx". For example "90721055". This is the date and build number of the definition set installed. Please note that the definition set installed may have been published the previous day and a set for the current day may not yet be available.
c. Looking inside the folder that matches the set downloaded and installed, There should be a folder named "Full" and a zip file named "Full.zip".
d. Looking inside the "Full" folder, there should be the files typically associated with a virus definition set.

Is this path (UNC) listed on line a. the path we point our internal servers to?

Expert Comment

ID: 33477362
This solution seemed to work for me:

"...Step 1:-->  Connect to ftp://ftp.symantec.com/AVDEFS/symantec_antivirus_corp/jdb/ 
Step 2-->   Save the latest definition file on the Desktop.  
Step 3--> Paste this definition file in the (default)  location C:\Prog~Files\Symantec Endpoint Protection  Manager\data\inbox\content\incoming - (Obviously on your server)..."

I hope that helps!

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question