SONAR definition is not updated by LiveUpdate on Endpoint Protection Manager.

book

Article ID: 171122

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

SONAR definition is not updated to the latest by LiveUpdate on Endpoint Protection Manager (SEPM). When check SEPM console - [Admin] - [Servers] - [Local Site] - [Show LiveUpdate downloads], "SONAR Heuristics engine 14.0 RU1" revision is around "02/19/2018 r1". Running LiveUpdate manually does not resolve the issue.

  • <SEPM path>\Tomcat\logs\SesmLu.log contains following error.

02/23 01:17:34 [15ac:1864] ERROR      spcBASH MicroDefs25DefUtilsContentHandler DU_E_MISSING_DEFINFOat MicroDefs25DefUtilsContentHandler.cpp[397]
02/23 01:17:34 [15ac:1864] WARNING    spcBASH DefaultDefUtilsContentHandler Require download full definition set in next LiveUpdate session: true
02/23 01:17:34 [15ac:1864] INFO(Low)  spcBASH DefaultDefUtilsContentHandler CDefUtils::InitWindowsApp(SesmInstallApp) - start (File = defutils.cpp, Line = 1149
02/23 01:17:34 [15ac:1864] INFO(Low)  spcBASH DefaultDefUtilsContentHandler CDefUtils::InitWindowsApp(): end, returning true. (File = defutils.cpp, Line = 1201
02/23 01:17:34 [15ac:1864] INFO(Low)  spcBASH DefaultDefUtilsContentHandler CDefUtils::StopUsingDefs() - start; m_pszAppID: SesmInstallApp (File = update.cpp, Line = 2449
02/23 01:17:34 [15ac:1864] INFO(Low)  spcBASH DefaultDefUtilsContentHandler CDefUtils::GetCurrentDefs() - start. (File = defutils.cpp, Line = 2020
02/23 01:17:34 [15ac:1864] INFO(Low)  spcBASH DefaultDefUtilsContentHandler Missing USAGE.DAT; exiting. (File = defutils.cpp, Line = 2053
02/23 01:17:34 [15ac:1864] INFO(Low)  spcBASH DefaultDefUtilsContentHandler CDefUtils::StopUsingDefs() - returning DU_E_APPID_NOT_REGISTERED (File = update.cpp, Line = 2463
02/23 01:17:34 [15ac:1864] WARNING    spcBASH DefaultDefUtilsContentHandler DU_E_APPID_NOT_REGISTERED
02/23 01:17:34 [15ac:1864] INFO(Med)  spcBASH AbstractLuContentHandler Moniker:{9F018B25-0AB4-F6D4-011B-1FC437E6A122},Set LASTPATCH.STATUS = FAIL : Succeed.
02/23 01:17:34 [15ac:1864] INFO(Med)  spcBASH SesmLu PostSession failed!

 

  • C:\ProgramData\Symantec\Definitions\SymcData\spcBASH folder does not have <YYYYMMDD.xxx> folder, e.g. <20180227.001>

Environment

Symantec Endpoint Protection Manager 14.0.1 (RU1), 14.0.1 MP1 (RU1 MP1)

Resolution

This issue was fixed with "SONAR Heuristics engine 14.0 RU1" revision "03/04/2018 r1". Please update this content via LiveUpdate server again.