Virus definitions are out of date on the Symantec Endpoint Protection Manager (SEPM), and this is affecting the Symantec Endpoint Protection (SEP) clients to which it provides content.
As a best practice, ensure that the SEPM is upgraded to the very latest release of Symantec Endpoint Protection 12.1.
The issue causing the update issue may be resolved by the improved processing and enhanced features available in a software version later than what is running.
Most common reasons for update failure:
- Symantec Endpoint Protection Manager definitions are corrupted;
- LiveUpdate is unable to access / read the LiveUpdate catalogue file;
- An incorrect or incompatible LiveUpdate client version is installed on the server;
- A proxy server is preventing LiveUpdate to connect properly to Symantec LiveUpdate servers, or is modifying the files that must be used
|Several important steps are illustrated in the short videos Troubleshooting Out-of-date Definitions on Clients (Part 1) and Troubleshooting Out-of-date Definitions on Clients (Part 2) on SymantecTV|
What you need:
1) Latest Certified Definitions from Symantec.
Please download the latest certified definitions from Symantec website at: http://www.symantec.com/security_response/definitions/download/detail.jsp?gid=sep
Download the definitions for Symantec Endpoint Protection Manager 12.1 (.jdb format). File may be saved as .zip, please rename the file to .jdb when the download is complete.
2) LiveUpdate Installer shipped with the release of Symantec Endpoint Protection in use.
The file is located in the SEPM folder on the installation media.
The filename is lusetup.exe
Step 1) Check the Symantec LiveUpdate version installed.
This can be done by locating the log.liveupdate file on the computer. The file should be in one of these locations:
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate
At the beginning of each LiveUpdate cycle, the LiveUpdate version will be shown. Check that the version is 220.127.116.11 or higher.
Please proceed to Step 4, if the correct version is shown.
Step 2) LiveUpdate Installer
Assume the wrong LiveUpdate version is installed on the system, locate the LiveUpdate installer shipped with your release of Symantec Endpoint Protection as per above.
Step 3) Remove LiveUpdate and install the correct version for SEP 12.1
- Uninstall "Symantec LiveUpdate" from the Windows Control Panel,
- Reboot the server,
- Install the LiveUpdate shipped with your release of Symantec Endpoint Protection.
Step 4) Cleanup the LiveUpdate Catalog and Re-register Symantec Endpoint Protection Manager with LiveUpdate.
Open a command prompt and change directory to the following path (or the relevant path for the current installation).
C:\Program Files\Symantec\Symantec Endpoint Protection Manager\bin
Type the following commands:
Step 5) Apply latest certified definitions.
Move the .jdb file previously downloaded into this folder (or the relevant folder for the installation)
C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\content\incoming
File will be processed, and within a few minutes virus definitions will be updated on the SEPM Console and to the respective clients.
Click “Refresh” on the Console home page, if this is not the case.
Step 6) Proxy Settings
For environments with a corporate proxy, allow HTTP port 80 or FTP ports 20, 21 and port 443 connections to these hosts:
Note that IP address obtained by DNS resolution, should not be used, as this may be subject to change due to system updates and load balancing. It is highly recommended that the provided host names are used.
Disable content caching and AV scan in the proxy for those connection to avoid corruption of the definition files.
Step 7) Monitor System
Allow 24 hours to verify that LiveUpdate is now working properly. Monitor the system for a few days to ensure that updates are downloaded and installed properly.
Symantec Endpoint Protection 12.1