Symantec Endpoint Protection (SEP) for Macintosh downloads definitions via LiveUpdate, but after the download completes, the new definitions fail to load.
Reviewing the Liveupdate log at '/Library/Application Support/Symantec/Silo/NFM/LiveUpdate/Logs/lux.log' shows the following:
The avdefs group is being removed from the machine, potentially by a third party application. This will prevent the SEP client definitions from initializing after they are downloaded.
Symantec is aware of this issue and will update this article when a solution becomes available.
A workaround for this issue is available in the form of a plist file that will check for the presence of the avdefs group every 5 minutes and will add it if it does not exist. To implement this workaround, follow the steps below: