How to disable LiveUpdate in Symantec Endpoint Protection (SEP) for Linux. You may wish to do this temporarily for troubleshooting purposes or for limiting updates to other methods (e.g. Intelligent Updater). The "/opt/Symantec/symantec_antivirus/sav liveupdate" command has options to run/view/edit the LiveUpdate schedule, but no option to disable it. Also, LiveUpdate policy settings for managed clients do not have an option to disable LiveUpdate.

NOTE: This article is only for SEP for Linux versions 14.3 MP1 (build 14.3.1169) or older.

On unmanaged clients, SEP for Linux LiveUpdate can be disabled on unmanaged clients by setting a value in the settings registry. Run the commands below from the "/opt/Symantec/symantec_antivirus/" directory:

Disable LiveUpdate:

sudo ./symcfg add -k'\Symantec Endpoint Protection\Liveupdate\Schedule' -v Enabled -d 0 -t REG_DWORD

Enable LiveUpdate:

sudo ./symcfg add -k'\Symantec Endpoint Protection\Liveupdate\Schedule' -v Enabled -d 1 -t REG_DWORD

View the current status of LiveUpdate:

sudo ./sav liveupdate -v

The command above should return something similar to the following:

Frequency: Daily - 07:30
Missed Events: Enabled
State: Disabled

On managed clients, the LiveUpdate settings will be overwritten by any policy updates from the SEP Manager (SEPM). To disable LiveUpdate on managed SEP clients, configure LiveUpdate policy at the SEPM to point to a non-existent internal server.