• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 12589
  • Last Modified:

Virus Definitions Distribution - Not Updating

Good day Experts

I am currently running Symantec Endpoint Protection v11.0.4202. The server is running fine with out any problems. I have noticed the last couples of days that my Virus Definition Distribution is not actually distribution any updates. I have made no changed to any internet/firewall settings.

The latest virus definition is: "2010-01-12 rev. 053"

As per my screenshot, my console is showing the following:  
   2010-01-11 rev. 024  1
   2010-01-04 rev. 017  23  
   2009-12-31 rev. 123 14

I have managed to find this atricle online and have been able to test all that is suggested and I am still not having any luck.
http://www.symantec.com/connect/articles/troubleshooting-liveupdate-issues-symantec-endpoint-protection

As per above mentioned link, I have done the test with the below results:
-------------------------------------------------------------------------------------------------------
Troubleshoot Communication issue:
PASSED - 1. Make sure that you are able to browse to the websites below:
a. Liveupdate.symantecliveupdate.com
b. Liveupdate.symantec.com
c. Symantec.com
2. Make sure that the perimeter firewall has exceptions for the websites above
3. Run a packet capture and contact support for analysis
Check Connectivity between SEP & SEPM:
PASSED - 1. Do a Secars test to Test Connectivity between SEP and SEPM
Testing Communication from an Endpoint Protection client to the Endpoint Protection Manager

In Progress - 2. Get the sylinkmonitor logs to check the communication for any errors
SylinkWatcher and SylinkMonitor - tools for real-time debugging of SPA 5.x and SEP 11.x

DONE - Remove corrupt definitions
1. How to clear out corrupted definitions for a Symantec Endpoint
Check if SEPM has Latest Definitions:
DONE - 1. Open SEPM->Admin->Servers->Local Site
2. Show Liveupdate Downloads
3. Make sure that the date for 32 bit and 64 Definitions for Virus & Spyware Definitions is up-to-date.
-------------------------------------------------------------------------------------------------------

Could I please ask for assistance into how I can get my Symantec Endpoint Proctection server to distribute the definitions again.

Kind regards,
mustekkzn

Symantec-Endpoint-Protection.JPG
0
mustekkzn
Asked:
mustekkzn
1 Solution
 
jhalapradeepCommented:
Hi,

First of all try to do liveupdate from SEPM console: Admin->local site-> download liveupdate content
->If this process displays any errors like return code 4 or the liveupdate does not complete then follow this document to uninstall liveupdate and reinstall liveupdate and re-register SEPM with liveupdate:

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007100907303548

Regards,

Pradeep Jhala
0
 
mustekkznAuthor Commented:
Hi Pradeep

Thank you for your post. As per my screenshot, I have done as you suggested.
How long does it normally take to distribute the updates to all the workstations?

As you can see, I didnt receive any errors. I will take this as good news....
Is it safe to presume that I dont do the uninstall and reinstall of liveupdate then?

Thank you once again for your assistance. Hopefully I will be able to get to the bottom of this quickly with your help.

Kind regards,
mustekkzn
Symantec-Endpoint---Update.JPG
0
 
mustekkznAuthor Commented:
Hi Pradeep

Its been about an hour + now since the update and I am still not having any luck what so ever. I
The status of the definition updates are still the same.

Any other suggestions please?

Kind regards,
mustekkzn
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
josh2780Commented:
Symantec apparently ran into a Y2K10 and any updates beyond 12/31/2009 23:59:59 are being interpreted by SEPM as old.

See this article:
http://www.symantec.com/connect/forums/official-status-sepm-definitions-stay-31-12-2009-last-updated-04-jan-2010

Based on your first screenshot, it looks like you are receiving the latest virus definitions (the most current I believe is rev 124).  Symantec's work-around for right now is to leave the date on the file as 12/31/2009 and increment the rev #.
0
 
mustekkznAuthor Commented:
Hi josh2780

Thank you for your post.

It seems like it is describing my error to the T. Just a quick question, will this "error" show the " yellow" icon, instead of the normal green icon on users workstations? I presume it would as this is how I noticed that there is a problem? (Please see attached screenshot)
I just find it strange that not all my workstations are affected. I only have the 14 workstations that seems be an issue.

Also, according to the below link, there is a patch out for this problem. How/where do I have to look to see if I have it installed?
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010010308571348

Thank you once again for your post...I am relieved to find out that the problem is in Symantec's side of things.

Kind regards,
mustekkzn


Symantec---Showing-Yellow-Icon.JPG
0
 
josh2780Commented:
I'm experiencing the same issue with the back dated virus definitions.  However, my clients show the green ball on the shield...  which I believe just means that the client is communicating with SEPM.  I'm not sure of the meaning of the yellow ball... but I would suspect that there is something wrong between the client and SEPM server.

I think the patch for the 12/31/2009 problem is only available for MR3.  Click on your "about" link in the upper right to know what maintenance release you are on.  I'm on 5, which does not have the patch as of yet.
0
 
mustekkznAuthor Commented:
Hi Josh2780

I pressume you are talking about the version number? Please see attached screenshot, the area maerked in red to confirm.

Kind regards,
mustekzn
Symantec---About.JPG
0
 
josh2780Commented:
Yup - looks like you are running MR4... which according to the link I sent (which seems to be updated on a regular basis with the latest information regarding the bug) does not yet have a patch.  Keeping watching that page for updates.
0
 
mustekkznAuthor Commented:
Hi josh2780

Just had a look again at my list of updates.

Have you also find that only some of your workstations are showing the status of being out of date?
I am still experiencing the issue of these workstations showing a yellow icon, instead of the normal green one.
Have you perhaps come across of any issues relating to the distribution updating issue that Symantec is facing at the moment as per your given link below?
http://www.symantec.com/connect/forums/official-status-sepm-definitions-stay-31-12-2009-last-updated-04-jan-2010

Kind regards,
mustekkzn
0
 
mustekkznAuthor Commented:
Hi experts

Just want to see if I am the only person that experienced the following with Symantec Endpoint Protection. Please see attached screenshot.
Is this related to their current problem?

Please inform me if I should be concerned.

Kind regards,
mustekkzn



Symatec---Error.JPG
0
 
jimmymcp02Commented:
the issue that you are describing in your question appaers to be the following bug.
 
Symantec Endpoint Protection clients cannot update antivirus definitions from the Symantec Endpoint Protection Manager
Fix ID: 1543985
Symptom: Symantec Endpoint Protection clients cannot update antivirus definitions from the Symantec Endpoint Protection Manager.
Solution: Added a dependency relationship for SMC service and System Event Notification service at startup.
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007121216360648?Open&docid=2009072315130848&nsf=ent-security.nsf&view=docid
 
It looks like you have a combination of a bug and a defect for the sep version that you are running
0
 
mustekkznAuthor Commented:
Hi josh2780

Just want to see if you have managed to get to resolve your issue as yet? Also, have you perhaps seen the above error occur on your workstations lately?

Any response would be greatly appreciated.

Kind regards,
mustekkzn
0
 
josh2780Commented:
I've seen that on some managed workstations, however, it's due to a network issue and they are unable to reach the SEPM server.  As for resolving the issue, Symantect has not yet released a patch for my version of SEPM... so I'm still waiting.
0
 
mustekkznAuthor Commented:
Hi josh2780

Thank you for getting back to me on this. So it is basically a waiting game from here onwards then?

Can I please ask; are you also experiencing that only some of your workstations are experiencing this issue? Where as others are not? Or is it your whole network?
It just concerns me the fact that some of our users are still getting the yellow icon.

Kind regards,
mustekkzn
0
 
josh2780Commented:
All of the workstations that were previsouly managed in 2009 and are now getting updates with 12/31/09 rev 126 are not throwing any errors.  They show a green icon on the shield.  I'm not sure why you get the yellow icon on the others.  I'd check to see if they are at least getting the latest 12/31/09 rev ### that your SEPM server shows is the latest.  If not, you likely have an issue with clients connecting to SEPM.  If they have the latest, I'd just wait until Symantec patches SEPM...  but that's up to you.
0
 
barb007Commented:
I have experienced the issue you discussed . . .if the client logged on and received the box that indicated that they did not have the latest definitions, and they checked the box that said "remind me after the next update"  then their shield will show the green instead of the yellow.
0
 
mustekkznAuthor Commented:
Good day Experts

I am very happy to report back this morning that it seems like my problem has been resolved. As per attached screenshot, my Symantec Endpoint Protection server status is back to normal again.

In this case all the points has to go to josh2780 as he had it spot on. Thanks so much for that!

Thank you once again for all your comments.

Kind regards,
mustekkzn
Symantec--Status-Correct.JPG
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now