Symantec Endpoint Protection Manager could not update Client Intrusion Detection System signatures 12.1.

book

Article ID: 157154

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

User upgraded SEPM from version 11 to 12.1 RU1 MP1. SEPM got definition update from an internal LUA. All definition succeeded to update except the client intrusion detection system signatures 12.1. From the event log,it is shown as follows.
Log Name:      Symantec Endpoint Protection Manager
Source:        SEPM
Date:          10/3/2012 7:06:43 AM
Event ID:      7201
Task Category: Content
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      ******

Description:
Info:Content download to the server failed.
Symantec Endpoint Protection Manager could not update Client Intrusion Detection System signatures 12.1.

 

Product:Client Intrusion Detection System signatures 12.1
Version:
Language:
Monikers:,{C8C42A08-0AB4-F6D4-00BE-1539101AB358}
Sequence:
PublishDate:
Revision:0
Source:Private LiveUpdate Server (Internal LiveUpdate server)
Size(in bytes):-1

 

From the C:\ProgramData\Symantec\Liveupdate\log.liveupdate, it showed:

10/3/2012, 5:09:17 GMT -> Progress Update: DOWNLOAD_FILE_START: URL: "1349139787jtun_sepmcurd25.x86", Estimated Size: 1537518, Destination Folder: "C:\ProgramData\Symantec\LiveUpdate\Downloads"
10/3/2012, 5:09:17 GMT -> HttpSendRequest (status 200): Request succeeded
10/3/2012, 5:09:18 GMT -> Download complete: Original estimated file size: 1537518; Actual bytes downloaded: 1537518
10/3/2012, 5:09:18 GMT -> Progress Update: DOWNLOAD_FILE_FINISH: URL: "1349139787jtun_sepmcurd25.x86", Full Download Path: "C:\ProgramData\Symantec\LiveUpdate\Downloads\1349139787jtun_sepmcurd25.x86" HR: 0x0 
---------------From the log above, it meant the download was successful.

10/3/2012, 5:09:18 GMT -> EVENT - PRODUCT UPDATE SUCCEEDED EVENT - Update available for SEPM CIDS Signatures v12.1 - MicroDefsB.CurDefs - SymAllLanguages. Update for CurDefs takes product from update 0 to 120929001. Server name - ngwzsep-sspp01, Update file - 1349139787jtun_sepmcurd25.x86, Signer - cn=Symantec Corporation,ou=Locality - Culver City,ou=Product Group - LiveUpdate,ou=SymSignature 2005,o=Symantec Corporation, package install code 0. The Update executed with a result code of 1800, => Success
--------------From the log above, although it returned a code of 1800 which meant success, it did not update it.It should be showing "from update 'an old date' to 'current date'" if it really succeeded.

Cause

Local legacy temp file prevent post processing.

Resolution

1.       Delete all files under C:\ProgramData\Symantec\Definitions\SymcData\spcCIDSdef\, if prompted Access Denied, please stop SEPM service first from services.msc

2.       Delete all files under C:\ProgramData\Symantec\LiveUpdate\Downloads\

3.       Run liveupdate in SEPM, type luall in Start>Run to trigger it

Applies To

Windows Server 2008 R2