You notice a lot of Linux clients are stuck with outdated antivirus definitions.

Symantec endpoint protection for Linux

Linux Server

Live update administrator (LUA)

The problem began after an initial series of LiveUpdate failures over HTTPS due to what appeared to be an SSL certificate issue with internal LiveUpdate Administrator (LUA) server.

Although the policy to use a valid HTTP server, the affected clients failed to resume updates. Our investigation revealed that the LiveUpdate (LUX) component on these clients entered a persistent failed state. It was no longer attempting new update sessions, as evidenced by a lack of new entries in its log files and immediate session failures. The root cause appears to be that the initial certificate errors left the LUX component in a non-recoverable state, unable to process the new, valid HTTP configuration.

The issue was resolved by restarting the agent services (`sisamddaemon`, `cafagent`) and clearing the LiveUpdate component's state. A script to automate this workaround is available if you have multiple endpoints that requires the fix, please reach out to support to provide the script.