When running Symantec Endpoint Protection (SEP) Linux LiveUpdate from client GUI, error "LiveUpdate failed" is displayed. When running LiveUpdate from command line the percentage progress for definitions processing stops before 100% and error is displayed "Command failed: Failure in post processing of micro definitions during update". In both instances, the initial download appears to complete OK (Return Code = 0 in liveupdt.log) and the failure is in post processing.
The RAM or disk space allocation errors are not always obvious.
Enable LiveUpdate defutil logging then gather Linux trace logging with the following command line:
sudo strace -f -o lutrace.log /opt/Symantec/symantec_antivirus/sav liveupdate -u
Be advised, the logging generated by strace can grow to be quite large (gigabytes in size) but should compress nicely, being plaintext.
Search lutrace.log for instances of "ENOMEM (Cannot allocate memory)" or "ENOSPC (volume/disk out of space)"
This may be caused by low RAM or disk space. The requirements for definition downloads and processing can be substantial. There have been some reports of LiveUpdate failing with ENOMEM error in strace logging, despite sufficient free RAM -- this can be caused by incomplete distributions of content at a LUA server (LiveUpdate Administrator) server: check your LUA configuration.