Symantec Endpoint Protection (SEP) for Macintosh downloads definitions via LiveUpdate, but after the download completes, the new definitions fail to load.
Reviewing the Liveupdate log at '/Library/Application Support/Symantec/Silo/NFM/LiveUpdate/Logs/lux.log' shows the following:
[Session Results - START]
Session Result Code: 0x00010000
Session Result Message: OK
[Component Result - START]
Component ID: {57BC15BB-2B85-4081-B21C-1CF22DE8E987}
Display Name: AntiVirus Signatures
PVL: SEPC Virus Definitions Mac 14.0 RU1_MicroDefsB.CurDefs_SymAllLanguages
Result Code: 0x00010000
Result Message: OK
[Package Result - START]
File: 1519099791jtun_macnis7en180206020.osi
Result Code: 0x80012001
Result Message: UNKNOWN
[Package Result - END]
[Component Result - END]
[Component Result - START]
Component ID: {B9B49C58-D354-4E68-8351-82589FF0A4B0}
Display Name: Vulnerability Protection for Mac
PVL: SEPC CIDS Signatures Mac 14.0 RU1_14.0 RU1_SymAllLanguages
Result Code: 0x00010000
Result Message: OK
[Package Result - START]
File: 1518718096jtun_ips_sepmac12_2180214001.x02
Result Code: 0x80012001
Result Message: UNKNOWN
[Package Result - END]
[Component Result - END]
[Component Result - START]
Component ID: {3AA6B4DD-A60D-4EE8-96F5-6A5F58065FA5}
Display Name: Submission Control Data for Mac
PVL: Submission Control Data for Mac_6_SymAllLanguages
Result Code: 0x00010000
Result Message: OK
[Component Result - END]
[Session Results - END]
[Session Summary - START]
Components: 3
Packages: 2
Success: 0
Fail: 2
[Session Summary - END]
The 0x80012001 result code is an initialization failure.
Open the resulting SymantecInfo.txt file and look at the section called '12. Definitions avdefs group check'
In this scenario we see the following in the avdefs group check:
'WARNING: avdefs group does not exist'.
A list of files for our definitions will be listed with root user and 501 group instead of root and avdefs.