When you update Symantec Endpoint Detection and Response (SEDR) to a new version, the upgrade seems to hang.

Symantec Endpoint Detection and Response (either virtual machine or appliance), formerly known as Advanced Threat Protection (ATP) Platform

To check the status of the update

Run the following command, at the command line interface (CLI), to check the status of the update:

update status

Repairing a failed update

If the update failed, clear the failed update, and manually download and install the update.

To clean up and download the update:

1. In the CLI, run the following command:
   update clean_all
    
2. Once that command completes, run the following command to download and cache the install package:
   update download
   Note: If you connect to the CLI with PuTTY, do not close the session during this process.

If the update download fails or does not complete in a reasonable time, you can dump the packets from the network interface to help determine why the download is slow or stopped. A 15-minute packet dump should provide sufficient data. You can use the following command to create the packet dump:

tcpdump -s 0 -q -C 20 -w eth0.pcap -i eth0 -Z root

After about 15 minutes, press CTRL+C to stop the packet capture. The packet capture file appears in the directory from which you ran the command, and has the name "eth0.pcap".

To install the cached package

1. If the download completes successfully, install the package with the following command:
   update install
   Note: The install command prompts for a reboot when it completes:
    
2. After the reboot, allow sufficient time for the processes to load. If the message "Under construction" appears when you attempt to connect, the startup is not complete. After all processes are started, you can log in to the console.