SPE 8.2.x - 9.x downloads virus definitions but does not apply virus definitions
search cancel

SPE 8.2.x - 9.x downloads virus definitions but does not apply virus definitions

book

Article ID: 237249

calendar_today

Updated On:

Products

Protection for SharePoint Servers Protection Engine for Cloud Services

Issue/Introduction

After upgrade to Symantec Protection Engine (SPE) 8.2.x - 9.x, SPE downloads but does not apply pattern files.  

In report.xml and on the local UI, the date of the Antivirus definitions does not change.

In lux.log, the return code 0x80011003 or 0x00011003 appears.

Environment

SPE 8.2.x

SPE 9.x

Resolution

 

Broadcom is investigating at this time.

Broadcom reproduced this behavior in a Support test lab environment with a customer provided license file.

 

To confirm the issue via Linux bash prompt

  1. To check the current date, type:
    date

  2. To check whether virus definitions updated in the last 24 hours, type:
    grep "AntiVirus DefinitonDateTime" /opt/SYMCScan/bin/report.xml

  3. To check whether LiveUpdate recorded result code 0011003, type:
    grep "0011003" /opt/SYMCScan/bin/definitions/Stargate/logs/lux.log

 

To confirm the issue via Windows cmd prompt

  1. To check the current date and time, type:
    date /T; time /T

  2. To check whether virus definitions updated in the last 24 hours, type:
    find "AntiVirus" "C:\Program Files\Symantec\Scan Engine\report.xml"

  3. To check whether LiveUpdate recorded result code 0x80011003, type:
    find "0011003" "C:\Program Files\Symantec\Scan Engine\Definitions\Stargate\logs"

 

 

To confirm the issue via Windows powershell

  1. To check the current date and time, type:
    date

  2. To check whether virus definitions updated in the last 24 hours, type:
    Select-String -Path "C:\Program Files\Symantec\Scan Engine\report.xml" -Pattern "AntiVirus"

  3. To check whether LiveUpdate recorded result code 0x80011003, type:
    Select-String -Path "C:\Program Files\Symantec\Scan Engine\Definitions\Stargate\logs" -Pattern "0011003"

 

To workaround

  1. Delete the Stargate\bin_back folder.
  2. If the Stargate\bin_back folder does not exist, delete the Stargate\bin folder
  3. Restart the Symantec Protection Engine service.

if the above does not work do the following:  

     1. Take a backup of the Stargate home directory.
     2. Stop SPE service,
     3. Remove the sef folder from Stargate home dir.  sef folder to remove in Windows: \Scan Engine\Definitions\Stargate\data\sef
     4. Also, delete the definition revision available under "Scan Engine\Definitions\Stargate\digest\Definitions\stargate\" 
     5. Restart the SPE service.

This will resolve the Stargate engine version issue and virus definitions update if exists. 

 

 

 

Additional Information

To investigate with Broadcom support

  1. Run symdiag on the machine where SPE is installed. Select all available Symantec products.
  2. Create a zip archive of the contents of the C:\ProgramData\Symantec Shared\Licenses folder
  3. Create a zip archive of C:\Program Files\Symantec\Scan Engine\Definitions\Stargate and all subfolders
  4. Create a support case, cite this KB, and attach the evidence files to the case.

 

Powered by Wolken Software