Symantec Endpoint Protection Clients not updating

Posted on 2008-10-08
Last Modified: 2013-12-09
I  have a SBS 2003 Server with SEP installed (MR2). The LiveUpdate function appears to work and the home page of the Endpoint Protection Manager shows that the info is up to date.

If I look at the "Show LiveUpdate Downloads" screen, it is empty and says "No LiveUpdate Content has been downloaded".

The folder "\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads" has lots of folders, but "\Program Files\Symantec\Endpoint Protection Manager\Inetpub\content" is empty except for an empty "ContentInfo.txt" file.

I have reinstalled both manager and client, I have searched this forum and Google but have found nothing that helps!

Other details, such as policy updates, enable/disable features, etc all work from the server to the client. It appears to be just the AntiVirus/etc definitions that are not being updated - and it "seems" like they are not being put in the right place by LiveUpdate or something else.

Any ideas?
Question by:ascendinternet

Expert Comment

ID: 22668255
Hi ascendinternet,

If you click "Download LiveUpdate Content" above "Show LiveUpdate Satatus" does anything happen? If so what? Do any of the clients have up to date deffinitions? If you click start then run and type luall.exe on one of the clients will the client download the definitions? I think the problem might be that the client package was configured to be unmanaged.

Author Comment

ID: 22668463
"Download LiveUpdate Content" shows that LiveUpdate starts, checks for updates and does/does not download them as appropriate.

None of the clients have up to date definitions. I haven't tried to download the definitions on any of the clients themselves as it kind of defeats the object of having a managed solution! :-)

Today, I uninstalled the manager software and the client software from the server. I then reinstalled, following the Symantec "Best Practice" for SBS 2003 Servers. The Clients appear in the client list and I can send instructions such as "Disable Network Threat Protection" to the client from the server and it works. Does that mean they ae managed rather than unmanaged?

It just seems as though LiveUpdate is storing the updates in one place and the clients (manager?) are looking for them somewhere else, hence there never being any new updates!?

Expert Comment

ID: 22668954
The reason I wanted you to try live update on the client computer is so we can identify if the client is being managed or not. Luall.exe won't update anything if the computer is managed. Since you can send instructions to the clients, obviously the clients are being managed. After you reinstalled the Symantec Endpoint Protection Manager software did you rebuild the client install package? If you run luall.exe on the server does it download anything?
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline


Author Comment

ID: 22674388
I have run a number of tests that I found in one of the Symantec documents, to test the client - server communication and all appears to be OK.

As far as I understand it, the folder C:\Program Files\Symantec\Endpoint Protection Manager\Inetpub\content is where clients get updates from ... but the folder is empty!?

LiveUpdate put's it's stuff in C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads

I am seriously thinking about going back to v10.2 at the moment!!

Accepted Solution

ascendinternet earned 0 total points
ID: 22720684
After 2 days of trying and 2.5 hours on the phone to Symantec support, it was not possible to get Endpoint Protection working on our server (we only have one server).

It worked perfectly on my laptop but that's not a suitable location for it.

So, the only solution was to reinstall version 10, which is once again working perfectly.

We may try again when our server is upgraded in a few months ...

Expert Comment

by:Michael L
ID: 26419949
I found this in a Symantec article:
Verify that the SEPM content is updated:
a. To verify that the SEPM content has been updated, look in the following folder:
"C:\Program Files\Symantec\Symantec Endpoint Protection Manger\Inetpub\content\{C60DC234-65F9-4674-94AE-62158EFCA433}"
b. Typically, there will be 3 numbered folders present. The folder naming convention is "ymmddxxx". For example "90721055". This is the date and build number of the definition set installed. Please note that the definition set installed may have been published the previous day and a set for the current day may not yet be available.
c. Looking inside the folder that matches the set downloaded and installed, There should be a folder named "Full" and a zip file named "".
d. Looking inside the "Full" folder, there should be the files typically associated with a virus definition set.

Is this path (UNC) listed on line a. the path we point our internal servers to?

Expert Comment

ID: 33477362
This solution seemed to work for me:

"...Step 1:-->  Connect to  
Step 2-->   Save the latest definition file on the Desktop.  
Step 3--> Paste this definition file in the (default)  location C:\Prog~Files\Symantec Endpoint Protection  Manager\data\inbox\content\incoming - (Obviously on your server)..."

I hope that helps!

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Change your it now!. Probably the easiest point of access to your account is through guessing your password. If your password is guessable, do change it now. If not for your sake but for everyone else in your friends list. Remember …
For those of you actively in the Malware fightling business, we now have available an amazing new tool in the malware wars (first recommended to me by rpggamergirl (, the Zone Advisor for the Virus and …
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now