search cancel

Endpoint Protection for Linux continues to run LiveUpdate although schedule is disabled


Article ID: 163637


Updated On:


Endpoint Protection


Example scenario: Symantec Endpoint Protection (SEP) for Linux has been installed on a machine that has no connection to the internet, or is otherwise blocked from directly accessing Symantec's LiveUpdate site. The default LiveUpdate schedule has been disabled by following instructions in "How to disable LiveUpdate in Endpoint Protection for Linux" and definitions are being updated manually per "How to update a Linux-based computer with Intelligent Updater". But, LiveUpdate continues to run at regular intervals in an unsuccessful attempt to update definitions. Why is this happening?

Repeated LiveUpdate sessions and errors logged in liveupdate.log or lux.log (depending on SEP version)
ref: Overview of log and configuration files in Symantec Endpoint Protection for Linux

Session Result Message: FAIL - failed to select server


The Java LiveUpdate session did not complete successfully.
Return code = -2,001


SEP for Linux


This behavior is by design. Since the initial installation of SEP for Linux does include virus definitions it will automatically run LiveUpdate. LiveUpdate will also automatically run at any other time that definitions are missing or corrupt. When LiveUpdate runs in these situations it will create the following file:


As long LuRemediateReq exists, even if you have disabled the LiveUpdate schedule, LiveUpdate will continue to run at regular intervals until successful.


To prevent this behavior, you may choose to allow LiveUpdate to connect to Symantec's LiveUpdate site, or if definitions have already been updated via some other method then simply delete the LuRemidateReq file yourself to stop the LiveUpdate attempts. Note: the LuRemidateReq file will be recreated the next time rtvscand restarts and there are no valid definition files present.