You have installed multiple Symantec Endpoint Protection Managers (SEPM) for redundancy and failover in the same site. The first installed SEPM is first in the list when clicking on the Admin tab and selecting the Servers view. When a filter is applied to the logs in the Monitors tab of the SEPM console, the logs show LiveUpdate activity for other SEPM servers with the exception of the server in question. Coincidently the first installed server is the only server with Internet access for your domain and as a result LiveUpdate fails on the other SEPM servers used and clients are not updating virus definitions. You are using the "Continuously" option for the LiveUpdate schedule. You want to know why the first SEPM in the site is not being used or selected by LiveUpdate and how to force it to use the first SEPM that has internet connectivity.
When multiple SEPMs exist in the same site any SEPM server can randomly run the LiveUpdate download. Once the selected SEPM server starts the task, the other SEPM servers will skip the download. A special use case can exist when not all SEPMs have access to download LiveUpdate content creating a failure to retrieve definitions.
This issue has been fixed in Symantec Endpoint Protection 11 Release Update 7 (RU7). For information on how to obtain the latest build of Symantec Endpoint Protection, read TECH 103088: Obtaining an upgrade or update for Symantec Endpoint Protection 11.x or Symantec Network Access Control 11.x
In this release we added a configuration option “
scm.server.liveupdate.disabled=x” to the conf.properties file location in the SEPM installation directory under \tomcat\etc.
When the value “
scm.server.liveupdate.disabled=1” is added to the file and saved, the LiveUpdate function will be skipped at current SEPM server. You should add this value to each SEPM server's conf.properties file that you wish to limit or disable running of LiveUpdate process. This gives you control over which SEPMs will randomly be selected to run LiveUpdate. To bypass the randomization you should add the value to all but one of the SEPMs in the site that you desire to run the LiveUpdate process.