LiveUpdate is scheduled to automatically update definitions on the Symantec Endpoint Protection Manager (SEPM) server but does not start. However LiveUpdate definitions can still be updated manually by clicking Download LiveUpdate in the Admin > Servers > Local Site page. The Admin > Servers > Local Site > console (lower right) may show "Unexpected server error" messages. The "Show the LiveUpdate status" may show a past date for the next run date. There are typically no messages in any logs indicating problems with LiveUpdate.

This problem can result from the SEPM being overwhelmed by frequent agent Heartbeat Intervals or when using PUSH mode connections.

Make sure that the clients are not overwhelming the SEPM with frequent Heartbeat Intervals or by using PUSH mode connections. Go into all of the client groups and subgroups and set the Heartbeat Interval to an appropriate check-in time and make sure all groups are using PULL mode. The default Heartbeat Interval is 5 minutes and is generally too low for most customers. SEPM > Clients > [group] > Policies > Communication Settings.

Examples of an appropriate Heartbeat Interval for large environments (1000+ endpoints), configure the Communication Settings of managed SEP clients to a minimum of a 30 minute (preferably 1 hour) heartbeat and set to use PULL mode.

For detailed information about setting the Heartbeat Interval, see KB article: Symantec Endpoint Protection Sizing and Scalability Best Practices White Paper