Symantec Endpoint Protection Clients not updating

Posted on 2008-10-08
Last Modified: 2013-12-09
I  have a SBS 2003 Server with SEP installed (MR2). The LiveUpdate function appears to work and the home page of the Endpoint Protection Manager shows that the info is up to date.

If I look at the "Show LiveUpdate Downloads" screen, it is empty and says "No LiveUpdate Content has been downloaded".

The folder "\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads" has lots of folders, but "\Program Files\Symantec\Endpoint Protection Manager\Inetpub\content" is empty except for an empty "ContentInfo.txt" file.

I have reinstalled both manager and client, I have searched this forum and Google but have found nothing that helps!

Other details, such as policy updates, enable/disable features, etc all work from the server to the client. It appears to be just the AntiVirus/etc definitions that are not being updated - and it "seems" like they are not being put in the right place by LiveUpdate or something else.

Any ideas?
Question by:ascendinternet

Expert Comment

ID: 22668255
Hi ascendinternet,

If you click "Download LiveUpdate Content" above "Show LiveUpdate Satatus" does anything happen? If so what? Do any of the clients have up to date deffinitions? If you click start then run and type luall.exe on one of the clients will the client download the definitions? I think the problem might be that the client package was configured to be unmanaged.

Author Comment

ID: 22668463
"Download LiveUpdate Content" shows that LiveUpdate starts, checks for updates and does/does not download them as appropriate.

None of the clients have up to date definitions. I haven't tried to download the definitions on any of the clients themselves as it kind of defeats the object of having a managed solution! :-)

Today, I uninstalled the manager software and the client software from the server. I then reinstalled, following the Symantec "Best Practice" for SBS 2003 Servers. The Clients appear in the client list and I can send instructions such as "Disable Network Threat Protection" to the client from the server and it works. Does that mean they ae managed rather than unmanaged?

It just seems as though LiveUpdate is storing the updates in one place and the clients (manager?) are looking for them somewhere else, hence there never being any new updates!?

Expert Comment

ID: 22668954
The reason I wanted you to try live update on the client computer is so we can identify if the client is being managed or not. Luall.exe won't update anything if the computer is managed. Since you can send instructions to the clients, obviously the clients are being managed. After you reinstalled the Symantec Endpoint Protection Manager software did you rebuild the client install package? If you run luall.exe on the server does it download anything?
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.


Author Comment

ID: 22674388
I have run a number of tests that I found in one of the Symantec documents, to test the client - server communication and all appears to be OK.

As far as I understand it, the folder C:\Program Files\Symantec\Endpoint Protection Manager\Inetpub\content is where clients get updates from ... but the folder is empty!?

LiveUpdate put's it's stuff in C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads

I am seriously thinking about going back to v10.2 at the moment!!

Accepted Solution

ascendinternet earned 0 total points
ID: 22720684
After 2 days of trying and 2.5 hours on the phone to Symantec support, it was not possible to get Endpoint Protection working on our server (we only have one server).

It worked perfectly on my laptop but that's not a suitable location for it.

So, the only solution was to reinstall version 10, which is once again working perfectly.

We may try again when our server is upgraded in a few months ...

Expert Comment

by:Michael L
ID: 26419949
I found this in a Symantec article:
Verify that the SEPM content is updated:
a. To verify that the SEPM content has been updated, look in the following folder:
"C:\Program Files\Symantec\Symantec Endpoint Protection Manger\Inetpub\content\{C60DC234-65F9-4674-94AE-62158EFCA433}"
b. Typically, there will be 3 numbered folders present. The folder naming convention is "ymmddxxx". For example "90721055". This is the date and build number of the definition set installed. Please note that the definition set installed may have been published the previous day and a set for the current day may not yet be available.
c. Looking inside the folder that matches the set downloaded and installed, There should be a folder named "Full" and a zip file named "".
d. Looking inside the "Full" folder, there should be the files typically associated with a virus definition set.

Is this path (UNC) listed on line a. the path we point our internal servers to?

Expert Comment

ID: 33477362
This solution seemed to work for me:

"...Step 1:-->  Connect to 
Step 2-->   Save the latest definition file on the Desktop.  
Step 3--> Paste this definition file in the (default)  location C:\Prog~Files\Symantec Endpoint Protection  Manager\data\inbox\content\incoming - (Obviously on your server)..."

I hope that helps!

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Locky virus 9 81
macbook with parasites / two issues 4 101
What to do: microsoft scam where someone connects to PC remotely 7 94
anti virus for Blackberry 6 56
These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now