AV defs can refuse to update for a variety of reasons. It's helpful to understand that Live Update is only a band-aid. If the client won't get updated defs, running Live Update (and getting current antivirus patterns) will only buy you time until the problem must be fixed.
The event logs inside of SAVCE will answer your question.
If the server actually has the most current definitions (see below), and the client's logs show that it's been trying to update cut cannot, then the easiest way to deal with it is to reinstall the client. There are many benefits to this course of action. You can even walk the user through doing it themselves over the phone. Have them browse to: \\servername\vphome\clt-inst\win32\setup.exe and follow the directions to reinstall. This will usually work. In the few cases it doesn't, uninstalling and then reinstalling almost always fixes it. In the few cases it doesn't, see the links below on clearing out corrupted virus definitions.
To determine the server AV defs: When you're in the SSC, and you click on the SAVCE Group (the one that must be unlocked) switch to the view that lets you see AV defs and scan times. Use this Virus Definition date as your guide in determining if the server is getting definitions or not. The SAVCE client on the server can occasionally give a different date.
Visit this link for information on updating an SSC/SAVCE server that isn't getting it's updates properly. http://securityresponse.symantec.com/avcenter/defs.download.html
Hint: it DOESN'T involve anything automatic or executable. If you aren't downloading an *.XDB file, you're not doing it properly. The .EXE file downloads are for clients only, not servers.
Either the server is unable to get definitions or it can't apply them.
- If it can't get the definitions, check for misconfigured FTP proxy settings, restrictive outbound Firewall settings. Perform a command line FTP to an FTP Server somewhere ("ftp ftp.netscape.com
" will get you started)
- If the server is unable to apply the definitions, it may be because they're corrupt. This happens more often than it should. Try these links, they talk about how to clear out the areas of the Server that hold definitions:
Error: "Norton AntiVirus services failed to start. Virus definition file is invalid. (CC001000)"
After you update the virus definitions, the service fails to start. If you are running Windows NT/2000, the application event log contains the error messages "Could not start Service Engine err =CC001000" and "Norton AntiVirus services failed to start. Virus definition file is invalid. (CC001000)."http://service1.symantec.com/SUPPORT/ent-security.nsf/pfdocs/2001121416223748?Open&dtype=corp
This doc says to back date the virus defs to fix. Provides a link:
How to manually repair or backdate virus definitions for Symantec AntiVirus Corporate Edition 8.x and 9.x
You updated the virus definitions on a computer that is running Symantec AntiVirus Corporate Edition, and now you see one or more of the following symptoms:
- The Symantec AntiVirus service fails to start.
- The number of Scan Omission errors in the Event Log is larger than normal.
You need to know how to revert to an earlier set of virus definitions.http://service1.symantec.com/SUPPORT/ent-security.nsf/pfdocs/2002102209110448?Open