Endpoint Protection Manager does not update virus definitions through LiveUpdate

book

Article ID: 156026

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

  • Virus definitions are out of date on the Symantec Endpoint Protection Manager (SEPM)
  • Symantec Endpoint Protection (SEP) clients virus definitions are not up to date.


 

Cause

As a best practice, ensure that the SEPM is upgraded to the very latest release of SEP.  
The issue causing the update issue may be resolved by the improved processing and enhanced features available in a software version later than what is running.

Most common reasons for LiveUpdate failure

  • SEPM definitions are corrupted
  • LiveUpdate is unable to access / read the LiveUpdate catalogue file
  • An incorrect or incompatible LiveUpdate client version is installed on the server
  • A proxy server is preventing LiveUpdate to connect properly to LiveUpdate servers or is modifying the files that must be used

Resolution

 

What you need:

 1) Latest Certified Definitions from Symantec.
Please download the latest certified definitions from Symantec website at: http://www.symantec.com/security_response/definitions/download/detail.jsp?gid=sep

Download the definitions for SEPM (.jdb format). File may be saved as .zip, please rename the file to .jdb when the download is complete.

 2) LiveUpdate Installer shipped with the release of SEP in use.
The file is located in the SEPM folder on the installation media.
The filename is lusetup.exe

Procedure:

 Step 1) Check the LiveUpdate version installed.

This can be done by locating the log.liveupdate file on the computer. The file should be in one of these locations:

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate
C:\ProgramData\Symantec\LiveUpdate

At the beginning of each LiveUpdate cycle, the LiveUpdate version will be shown. Verify the version of LiveUpdate reflects the version you have installed on SEPM.
Please proceed to Step 4, if the correct version is shown.

Step 2) LiveUpdate Installer

Assume the wrong LiveUpdate version is installed on the system, locate the LiveUpdate installer shipped with your release of SEP as per above.

Step 3) Remove LiveUpdate and install the correct version for SEP

- Uninstall "Symantec LiveUpdate" from the Windows Control Panel,
- Reboot the server,
- Install the LiveUpdate shipped with your release of Endpoint Protection.

Step 4) Cleanup the LiveUpdate Catalog and Re-register SEPM with LiveUpdate.

Open a command prompt and change directory to the following path (or the relevant path for the current installation).
C:\Program Files\Symantec\Symantec Endpoint Protection Manager\bin

Type the following commands:

lucatalog -cleanup
lucatalog -forcedupdate

Step 5) Apply latest certified definitions.

Move the .jdb file previously downloaded into this folder (or the relevant folder for the installation)
C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\content\incoming

File will be processed, and within a few minutes virus definitions will be updated on the SEPM Console and to the respective clients.
Click “Refresh” on the Console home page, if this is not the case.

Step 6) Proxy Settings

 For environments with a corporate proxy, allow HTTP port 80 or FTP ports 20, 21 and port 443 connections to these hosts:

liveupdate.symantecliveupdate.com
liveupdate.symantec.com
update.symantec.com

Note that IP address obtained by DNS resolution, should not be used, as this may be subject to change due to system updates and load balancing. It is highly recommended that the provided hostnames are used.

Disable content caching and AV scan in the proxy for that connection to avoid corruption of the definition files.

Step 7) Monitor System

Allow 24 hours to verify that LiveUpdate is now working properly. Monitor the system for a few days to ensure that updates are downloaded and installed properly.