How to disable LiveUpdate in Symantec Endpoint Protection (SEP) for Linux. You may wish to do this temporarily for troubleshooting purposes or for limiting updates to other methods (e.g. Intelligent Updater). The "/opt/Symantec/symantec_antivirus/sav liveupdate" command has options to run/view/edit the LiveUpdate schedule, but no option to disable it. Also, LiveUpdate policy settings for managed clients do not have an option to disable LiveUpdate.
On unmanaged clients, SEP for Linux LiveUpdate can be disabled on unmanaged clients by setting a value in the settings registry. Run the commands below from the "/opt/Symantec/symantec_antivirus/" directory:
sudo ./symcfg add -k'\Symantec Endpoint Protection\Liveupdate\Schedule' -v Enabled -d 0 -t REG_DWORD
sudo ./symcfg add -k'\Symantec Endpoint Protection\Liveupdate\Schedule' -v Enabled -d 1 -t REG_DWORD
NOTE: in SEP for Linux versions older than 12.1 RU5, the registry path above is '\Symantec Endpoint Protection\AV\PatternManager\Schedule'
View the current status of LiveUpdate:
sudo ./sav liveupdate -v
The command above should return something similar to the following:
Frequency: Daily - 07:30
Missed Events: Enabled
On managed clients, the LiveUpdate settings will be overwritten by any policy updates from the SEP Manager (SEPM). To disable LiveUpdate on managed SEP clients, configure LiveUpdate policy at the SEPM to point to a non-existent internal server.