Symantec Endpoint Protection (SEP) 14 for Mac clients are configured to update definitions from an internal LiveUpdate Administrator (LUA).  The client is directed to access LUA with the following URL:

• https://LUAhost:7070/clu-prod

The client never updates from the LUA server because the server cannot be selected due to ssl certificate errors. The download can be accessed by entering the URL https://LUAhost:7070/clu-prod/minitri.flg into the Safari web browser and returns no certificate errors by using the "curl" command in terminal.

From the devlux debug log:

ServerSelector.cpp:57 03/15/17 17:48:19.905898 GMT [INFO] :  :  : Attempting to select LiveUpdate server...
ServerSelector.cpp:177 03/15/17 17:48:19.905965 GMT [INFO] :  :  : Contacting potential LU server: url=[https://10.10.10.10:7070/clu-prod/minitri.flg]
DataStore.cpp:1326 03/15/17 17:48:19.906219 GMT [INFO] :  :  : No default proxy found: protocol=[2]
InventoryManager.cpp:650 03/15/17 17:48:19.906250 GMT [INFO] :  :  : Default proxy did not exist in datastore: protocol=[2]
ServerSelector.cpp:225 03/15/17 17:48:19.906280 GMT [INFO] :  :  : No default proxy set: protocol=[2]
curlTransport.cpp:173 03/15/17 17:48:19.906333 GMT [DEBUG] :  :  : Encoded URL: https://10.10.10.10:7070/clu-prod/minitri.flg
curlTransport.cpp:70 03/15/17 00:48:19.909678 GMT [ERROR] :  :  : No ssl certificates found
curlTransport.cpp:485 03/15/17 00:48:19.909809 GMT [ERROR] :  :  : Failed to download file: error 58, error signaled by ssl ctx callback
ServerSelector.cpp:275 03/15/17 17:48:19.909861 GMT [WARNING] :  :  : Server could not be selected

From lux.log:

16:03:03.434391     [Server - START]
16:03:03.434426         Host ID: {LUAHOST.EN_US}
16:03:03.434457         Status Code: 1
16:03:03.434486         Status Message: Server was not selected
16:03:03.434520         Transport Return Code: 0x80010731
16:03:03.434550         Transport Return Message: FAIL - download failed
16:03:03.434579         Protocol: HTTPS
16:03:03.434607         Hostname: LUAhost
16:03:03.434637         Port: 7070
16:03:03.434670         Path: clu-prod
16:03:03.434875         Proxy ID: {00000000-0000-0000-0000-000000000000}
16:03:03.434934         Proxy Bypass: false
16:03:03.434965     [Server - END]

LUX process on client cannot verify ssl certificates and thus will not download files from the LUA server.

To work around this, use HTTP connections for Mac LU downloads from LUA servers.

This issue is otherwise fixed in Symantec Endpoint Protection 14.2. Note that LiveUpdate will require a properly signed HTTPS certificate from target server (self-signed certificates, for example, will not work).  For information on how to obtain the latest build of Symantec Endpoint Protection, see Download the latest version of Symantec Endpoint Protection.