You noticed that your Symantec Endpoint Protection (SEP) 12.1.x clients are no longer able to get content definitions from their Group Update Providers (GUPs). When looking at the GUPs SharedUpdates folder, many of the full and delta definitions show as 1 KB in size.

GUPs SharedUpdates folder location:
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\<version>\Bin\SharedUpdates\

SEP client debug.log from GUP:

2017/08/25 11:58:56.261 [6352:5928] GUProxy - **downloadHelper.CreateUrlRequest Succeed to GET://<SEPM IP Address>:8014/content/TempCache/{07B590B3-9282-482f-BBAA-6D515D385869}/170723008/xdelta170723008_To_170824021.dax, begin from 0 with size 1048576

2017/08/25 11:58:56.261 [6352:5928] GUProxy - Download failed GET://<SEPM IP Address>:8014/content/TempCache/{07B590B3-9282-482f-BBAA-6D515D385869}/170723008/xdelta170723008_To_170824021.dax  ResponseStatus=416

HTTP/1.1 416 Requested Range Not Satisfiable

Connection: close

In this case, customer using a Layer 7 firewall appliance that does HTTP Header checking that manipulated the traffic between the Symantec Endpoint Protection Manager (SEPM) and the GUPs.

The Layer 7 firewall appliance was configured to ignore HTTP Header checking for traffic between the SEPM and the GUPs.