Managed Symantec Endpoint Protection (SEP) clients are configured by policy to retrieve their antivirus definitions and other updated content from a particular source (for example: an internal LiveUpdate Administrator 2.x server). The clients can successfully contact the LUA 2.x server's Distribution Center and check for new updates. Though it has been confirmed that up-to-date definitions are available in the LUA's Distribution Center (DC), the SEP client seems to ignore them.
log.liveupdate shows successful completion:
[Date] [Time] -> EVENT - SESSION END SUCCESSFUL EVENT - The LiveUpdate session ran in Express Mode. LiveUpdate found 0 updates available, of which 0 were installed and 0 failed to install. The LiveUpdate session exited with a return code of 100, LiveUpdate ran successfully. There are no new updates to your products.
Alternately, the log may indicate that certain components (for instance, "Symantec Security Software") were updated but others (the desired "SESC Virus Definitions Win32 v11") were not:
[Date] [Time] -> EVENT - SESSION END SUCCESSFUL EVENT - The LiveUpdate session ran in Silent Mode. LiveUpdate found 2 updates available, of which 2 were installed and 0 failed to install. The LiveUpdate session exited with a return code of 1800, Success
The LiveUpdate policy that is in effect for this client specifies a particular set date of definitions to use.
Change the LiveUpdate Policy in the Symantec Endpoint Protection Manager (SEPM) to "use latest available" definitions for that component.
- In Symantec Endpoint Protection Manager, click Policies > LiveUpdate.
- On the LiveUpdate Content tab, edit the existing LiveUpdate Content Policy that is assigned to the client group.
- In the policy, click on the component that has not updated.
- Select Use latest available.
- Click OK.
- Assign the new policy to all client groups that need this policy.
Additional troubleshooting information can be found in the referenced documents, below.