ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

How to disable LiveUpdate in Endpoint Protection for Linux

book

Article ID: 161634

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

How to disable LiveUpdate in Symantec Endpoint Protection (SEP) for Linux. You may wish to do this temporarily for troubleshooting purposes or for limiting updates to other methods (e.g. Intelligent Updater). The "/opt/Symantec/symantec_antivirus/sav liveupdate" command has options to run/view/edit the LiveUpdate schedule, but no option to disable it. Also, LiveUpdate policy settings for managed clients do not have an option to disable LiveUpdate.

Environment

SEP for Linux

Resolution

On unmanaged clients, SEP for Linux LiveUpdate can be disabled on unmanaged clients by setting a value in the settings registry. Run the commands below from the "/opt/Symantec/symantec_antivirus/" directory:

Disable LiveUpdate:

sudo ./symcfg add -k'\Symantec Endpoint Protection\Liveupdate\Schedule' -v Enabled -d 0 -t REG_DWORD

Enable LiveUpdate:

sudo ./symcfg add -k'\Symantec Endpoint Protection\Liveupdate\Schedule' -v Enabled -d 1 -t REG_DWORD

NOTE: in SEP for Linux versions older than 12.1 RU5, the registry path above is '\Symantec Endpoint Protection\AV\PatternManager\Schedule'

View the current status of LiveUpdate:

sudo ./sav liveupdate -v

The command above should return something similar to the following:

Frequency: Daily - 07:30
Missed Events: Enabled
State: Disabled

On managed clients, the LiveUpdate settings will be overwritten by any policy updates from the SEP Manager (SEPM). To disable LiveUpdate on managed SEP clients, configure LiveUpdate policy at the SEPM to point to a non-existent internal server.