ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

After installing or updating to Endpoint Protection 14.2, Mail Security for Microsoft Exchange 7.5.6 and earlier no longer update virus definitions automatically as expected.

book

Article ID: 172196

calendar_today

Updated On:

Products

Mail Security for Microsoft Exchange Endpoint Protection

Issue/Introduction

After installing or updating to Symantec Endpoint Protection (SEP) 14.2, Symantec Mail Security for Microsoft Exchange (SMSMSE) 7.5.6 and earlier no longer update virus definitions automatically as expected.

If a debug log is obtained from SMSMSE per How to Obtain Debug Logs for Symantec Mail Security for Microsoft Exchange (SMSMSE) the following errors are observed:

[11856] SAVFMSESp(2E50)[1810] 2018-07-18 10:43:11 0313ms:
[11856] ..\..\..\src\Server\Savfmseeng\AVEngine.cpp(1740) :
[11856]  Warning: Encountered problem while detecting latest definition set. DU Err = [32]
[11856] 
[11856] SAVFMSESp(2E50)[1810] 2018-07-18 10:43:11 0313ms:
[11856] ..\..\..\src\Server\Savfmseeng\AVEngine.cpp(1783) :
[11856]  Failed to retrieve virus definition location for App Id - SMSMSE
[11856] 
[11856] SAVFMSESp(2E50)[1810] 2018-07-18 10:43:11 0313ms:
[11856] ..\..\..\src\Server\Savfmseeng\AVEngine.cpp(1788) :
[11856]  Debug Trace:  HRESULT=0xC0020190

LiveUpdate logs show that LiveUpdate was able to successfully download the virus definitions.

 

Cause

Tamper protection has been updated in SEP 14.2, and is blocking access to the registry keys SMSMSE accesses to update virus definitions.

Resolution

The root cause of the problem has been identified and a fix is planned in SEP 14.2 MP 1. In the meantime, use the following workaround to allow SMSMSE to continue retrieving updates.

 

Workaround

  1. Launch the SEPM console.
  2. Click on Policies>Exceptions
  3. Under Tasks below click on Add an Exceptions Policy
  4. In Overview for Policy name specify "Allow SMSMSE Virus Definition Updates"
  5. In Overview for Description specify "Unblock SMSMSE 7.5 LiveUpdate from Tamper Protection"
  6. In Exceptions click Add > Windows Exceptions > Tamper Protection Exception
  7. In Prefix variable select "[NONE]"
  8. In "File" specify C:\Program Files (x86)\Symantec\SMSMSE\7.5\Server\SAVFMSESp.exe
    Note: If the SMSMSE install path has been customized from default, use the custom file path instead.
  9. Click Okay.
  10. In Exceptions click Add > Windows Exceptions > Tamper Protection Exception
  11. In Prefix variable select "[NONE]"
  12. In "File" specify C:\Program Files (x86)\Symantec\SMSMSE\7.5\Server\SAVFMSETask.exe
    Note: If the SMSMSE install path has been customized from default, use the custom file path instead. 
  13. Click Okay, then click OK to complete Exceptions Policy.
  14. Under Exceptions Policies on the right highlight the " Allow SMSMSE Virus Definition Updates " policy.
  15. Under Tasks click "Assign the policy"
  16. Select a value that will include all SMSMSE deployments.  If there is no group that encompases all SMSMSE servers, assigning the policy globally will not cause a problem.
  17. Click Assign to roll out the Exclusion change
  18. In the SMSMSE Console click Admin > Liveupdate/Rapid Release Status.
  19. Under Tasks click Run LiveUpdate Certified Definitions to launch LiveUpdate.