Beginning on October 11th 2013 the Symantec Endpoint Protection Manager (SEPM), version 11.0, stopped updating 64-bit AV definitions. On the 13th 32-bit AV definitions stopped updating as well. As a result 64-bit AV definitions will be stuck on October 10th 2013 and 32-bit AV definitions will be stuck on October 12th 2013. This only occurs if the SEPM is using a SQL 2005 database.
The SQL error logs show the following error:
Error ID: 4014
A fatal error occurred while reading the input stream from the network. The session will be terminated.
On October 11th 2013 Symantec's 64-bit AV content definitions reached a size that is beyond a known SQL 2005 database limitation. This same size limit was reached on October 13th 2013 for 32-bit definitions. Due to this, the SEPM server is unable to publish the definitions to the database as expected.
The solution to this limitation is to add a database connection setting (“packetSize”) in server.xml (RU6 and earlier) or root.xml (all of RU7).
Change to be implemented on the affected SEPM:
Make the following changes to either the server.xml or the root.xml depending on the SEPM version (see below):
1. Stop the Symantec Endpoint Protection Manager service.
2. Edit the XML file corresponding to the impacted version of the SEPM as outlined below. It is strongly recommended that a backup of the old file be made before editing.
3. Start the Symantec Endpoint Protection Manager Service
4. Rerun LiveUpdate from within the console
On SEP 11 RU6-MP3 and earlier, edit the server.xml within C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\conf\
Modified with workaround:
On SEP 11 RU7 or later, edit the ROOT.xml within C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\conf\Catalina\localhost\
Modified with Workaround:
Imported Document Id