After installing or updating to Symantec Endpoint Protection (SEP) 14.2, Symantec Mail Security for Microsoft Exchange (SMSMSE) 7.5.6 and earlier no longer update virus definitions automatically as expected.
If a debug log is obtained from SMSMSE per How to Obtain Debug Logs for Symantec Mail Security for Microsoft Exchange (SMSMSE) the following errors are observed:
[11856] SAVFMSESp(2E50)[1810] 2018-07-18 10:43:11 0313ms:
[11856] ..\..\..\src\Server\Savfmseeng\AVEngine.cpp(1740) :
[11856] Warning: Encountered problem while detecting latest definition set. DU Err = [32]
[11856]
[11856] SAVFMSESp(2E50)[1810] 2018-07-18 10:43:11 0313ms:
[11856] ..\..\..\src\Server\Savfmseeng\AVEngine.cpp(1783) :
[11856] Failed to retrieve virus definition location for App Id - SMSMSE
[11856]
[11856] SAVFMSESp(2E50)[1810] 2018-07-18 10:43:11 0313ms:
[11856] ..\..\..\src\Server\Savfmseeng\AVEngine.cpp(1788) :
[11856] Debug Trace: HRESULT=0xC0020190
LiveUpdate logs show that LiveUpdate was able to successfully download the virus definitions.
Tamper protection has been updated in SEP 14.2, and is blocking access to the registry keys SMSMSE accesses to update virus definitions.
The root cause of the problem has been identified and a fix is planned in SEP 14.2 MP 1. In the meantime, use the following workaround to allow SMSMSE to continue retrieving updates.
Workaround
C:\Program Files (x86)\Symantec\SMSMSE\7.5\Server\SAVFMSESp.exe
C:\Program Files (x86)\Symantec\SMSMSE\7.5\Server\SAVFMSETask.exe