Symantec Endpoint Protection (SEP) clients fail when attempting to update definitions. The content download to the SEP client fails because the Symantec Endpoint Protection Manager (SEPM) is configured to block full.zip content downloads.
There are two content lists being tracked in the SEPM.
High priority content
Normal priority content
High priority content is processed first, then normal content. The lists are handled as first in- first out (FIFO). After the SEP client fails the download, LiveUpdate will start up again at the next session at the top of the list.
SEP clients are unable to request the next set of content available in the content download queue and fail the content download.
When the SEPM is configured to block full.zip content downloads the following message will appear:
"You have chosen to prevent clients from downloading full definition packages from the management server.
To make sure that your clients continue to receive the most current protection, you should let them download definition packages from LiveUpdate. Continue?"
When SEPM is configured to block full.zip content, Apache sends a "503 HTTP" response to the SEP client that is requesting the content.
When the SEP client receives a "503 HTTP" response from the SEPM, the client believes the SEPM server is busy and stops trying to download content.
The Apache response to the SEP client has been changed to a "404 HTTP" response when the SEPM is configured to block full.zip content.
The Apache response "404 HTTP" does not block other content from being downloaded by the SEP client.
This issue is fixed in SEP14, Version 14.0.1904.0000.
Subscribing will provide email updates when this Article is updated. Login is required.