Beginning with Symantec Endpoint Protection 12.1 RU4 for Macintosh (SEP for Mac 12.1.4), LiveUpdate for Macintosh has been updated to version 6.0.
New features, differences, and improvements in LiveUpdate 6.x for Macintosh:
Architecture -- High Level -- Two Main Parts: GLUE and Regular Usage Daemon
GLUE (General LU Engine)
At the highest level, GLUE performs a single cycle of LiveUpdate updating. This includes running the cycle multiple times due to forced updates. GLUE is told what task to perform, gathers pertinent data installed on the user’s machine, makes network requests to determine what’s available, queries the user on whether or not to update some things, makes network requests to download update packages, performs updating, and performs post-processing. GLUE attempts to be generic about what it updates and how it updates. Product-specific functionality is called at specific points using product plug-ins.
Regular Usage Daemon
The LiveUpdate daemon is used as the primary means of LiveUpdate after the product has been installed. The daemon is launched using launchd manually or by schedule. The daemon runs as root. The daemon calls GLUE continuously using the commands it is given until all updates have been applied. Once all updates for a command are applied, the next command is run. If there are no more commands pending and a specific period of idleness passes, LiveUpdate quits.
Troubleshooting
Generally, setup a packet trace and sylink debugging, reproduce unsuccessful/successful LiveUpdate sessions, disable debugging and gather data. References: Mac OS X: How to capture a packet trace and Debugging Sylink communications with Symantec Endpoint Protection for Macintosh
Logs and error codes -- these logs are gathered in the GatherSymantecInfo diagnostic tool used in sylink debugging:
/Library/Application Support/Symantec/LiveUpdate/liveupdate.log
/Library/Application Support/Symantec/SMC/sepplugin.log
/Library/Application Support/Symantec/SMC/smc_debug.log
Look for text "error" <error no>
Error Codes:
0 | No Error |
2, 3 | Could not load LU Plugin |
4 |
Could not find valid Host |
5 | License Invalid |
6,7,8 | TRI file error (Brinks Error) |
9 | Download Error |
10,11,12,13 | Update Failed |
15 | Could not connect to Daemon |
16 | Done with Error |
18 | No network connection |
19 | Custom proxy not reachable or Authentication Failed |
If LiveUpdate seems to be running indefinitely for some reason:
Look for "LiveUpdateDaemon" or "LUTool" process and kill
Example:
sh-3.2# ps -ax | grep "LiveUpdateDaemon" 34435 ?? 0:00.10 /Library/Application Support/Symantec/LiveUpdate/LiveUpdateDaemon.bundle/Contents/MacOS/LiveUpdateDaemon sh-3.2# kill -9 34435
No error? ... but Definitions are not updated:
Check if AV/IPS definition updates are turned off in SEPM and LU content policy
Installed Files
/Applications/Symantec Solutions/LiveUpdate.app
/Library/Application Support/Symantec/LiveUpdate
LiveUpdateDaemon.bundle
LUMacGFS
LUMicroDefs2.dylib
LUMicroDefs25.dylib
LUTool - see How to run Macintosh LiveUpdate 6.x from the Command Line
NewRegistry: contains registry plist files
ActiveRegistry: contains active registry plist files for each component registered with LiveUpdate
PlugIns: contains plug-ins
/Library/Application Support/Symantec/SymQuickMenu/LiveUpdateQM.plugIn
/Library/LaunchDaemons
com.symantec.liveupdate.daemon.ondemand.plist
com.symantec.liveupdate.daemon.plist
/private/etc/liveupdate.conf
Applies To
Macintosh OS X
SEP 12.1 RU4 or newer