I use Turkish version of NIS 2010 on Windows 7 x64 Professional. NIS version is 17.7.0.12.
Windows 7 and NIS always warn me that virus definition is out of date. When I run Live Update, it installs every update except virus definitions. I uninstalled and reinstalled. I deleted all Live update temporarily downloaded files. However, they don't solve my problem. When I download virus definitions packet from web page manually, it updates successfully. But after 2-3 days, NIS warn me and Live update fails again.
There appears to be a problem with Live Update for everyone for at least 2 hours now. If you were having problems with Live Update previously, this may perhaps be happening now to fix something. Please wait a while and see if the live updates to start to come up again.
I have had this exact same problem for about 4 - 5 days, and after chatting with 3 Norton analysts, it appears to be a problem with my router: after opening a DMZ, it fixed the problem. If any of you are using a Linksys WRT Series router, it may be that. However, an unrestricted DMZ is a major security risk on a network, so I am attempting to get the ip range of the LiveUpdate servers. Also, our problem is LAN-wide, between wireless/wired, and x32/x64, so there may be a hardware problem, as this started right after a reconfiguration of our router setup. Anything else that anyone else has?
Thank you for your attention. I am using Linksys WRT 110. You are right that opening DMZ is not a good solution. It is a potential risk. I dont understand why only virus definition step fails. Other updates are OK.
By the way, I updated router firmware to latest version last week.
When I go my home, I will try update without router. And also I will try to other possible solutions. I will inform you about results.
Supposedly, after speaking to 3 analysts from Norton, they put me to the "Engineering Support Team", who called when I told them not to and haven't called back. If I can get the ip (or ip range) of the LiveUpdate servers, then a DMZ is a viable option, as the DMZ can be set to receive transmissions from a range of IP's. I will inform you of those results, too.
Did anybody try downloading the Intelligent Updater from here and see if that fixes the problem? At the bottom of the page is the version for 64 bit OS.
Firstly, Intelligent Updater updates virus definitions succesfuly. OK, but after 2-3 days then NIS2010 and windows warn me again that virus definitions are out of date. Because Intelligent Updater doesnt solve Live Update problem. So, I should download IU 3 times a week.
When I try to run Live Update without using Linksys router, Live update works fine.
How can I tell this problem to Cisco, it is very difficult to explain. I think they will say "Please ask to Symantec technical team to solve your problem". When I ask to Symantc, they will say "your router causes this problem , it is not a bug".
I will try to reset router to factory settings tomorrow. I must wait 1 day to get new definitions.
Firstly, Intelligent Updater updates virus definitions succesfuly. OK, but after 2-3 days then NIS2010 and windows warn me again that virus definitions are out of date. Because Intelligent Updater doesnt solve Live Update problem. So, I should download IU 3 times a week.
When I try to run Live Update without using Linksys router, Live update works fine.
How can I tell this problem to Cisco, it is very difficult to explain. I think they will say "Please ask to Symantec technical team to solve your problem". When I ask to Symantc, they will say "your router causes this problem , it is not a bug".
I will try to reset router to factory settings tomorrow. I must wait 1 day to get new definitions.
also I will try DMZ solution, thank you
We all need to push Symantec Support to give us the server ip(/s) of the LiveUpdate servers to add them to the DMZ. A DMZ is a viable option, but ONLY if we have it restricted to a certain source. Also, attempt to call Cisco, maybe they'll be better than Norton Support (grrr...bad translators).
Also, IU just gives you the definitions, it doesn't fix the problem. Think of just using a rag on an open wound, you need stitches.
I should have asked you about this the first time (sorry for the delay); the first picture you posted showed an engine update to NIS. Have you rebooted your system since then?
No no, it doesnt matter. Thank you. I rebooted my PC more than one time.
a_p3rson -
I installed wireshark program to capture TCP/UDP packets of Live Update.
Firstly, Live Update program asks IP address of "liveupdate.symantecliveupdate.com" to DNS server.
(This is the bad news. Because, IP addresses of Live Update servers may change. DNS server may send different IPs)
I'm using Open DNS. It sends IP address of Live Update server as "92.123.65.121". Program starts to communicate on 80th port number. Also it usually uses standard HTTP messages.
Live Update Program requests following files and downloads them (list doesn't include all of them):
I think we can use this IP: "92.123.65.121". You are right that we need all IP addresses of servers. I'm not sure but I guess that Live Update program cannot register special ports using UPnP.
Symantec can not give you set IP addresses for LiveUpdate servers per se. They use Akamai Technologies to host the LiveUpdate servers around the world. There are other servers / URLs if Live Update fails to get the correct address for liveupdate.symantecliveupdate.com so it is not dependant on one URL only.
Now that you have that one address, did you get that set up in your router and did Live Update complete?
I tried to enter IP address of LU server in DMZ settings. It solve the problem. But it is a volatile solution. I saw 4 different server IPs in 15 minutes. DNS server usually returns different IP from previous request. I don't want to allow all traffic because of the security.
LU program shouldn't require DMZ in order to update NIS. I don't know absolute reason of the problem. I need technical explanation of the problem from Symantec. So I said that "I can't explain the problem to Cisco team. It is very difficult." Only I can say "LU doesn't work". Because I dont know the reason. Cisco team don't have source code of LU program and they dont know communication between server and program. I think only Symantec can determine and solve this problem. By the way, I don't think this is router firmware bug. I have sent 2 emails to Symantec, but they haven't replied yet. I want to chat with technical support team but I am not at home in working time .
I have sent you a PM requesting some more information if you are willing to do so. Check the envelope in the upper right hand corner for the message. Thanks.
:) No, it is just name similarity. I didn't know him. When I read your message, I interested and read his biograpy. It is interesting that I have similar job but I'm not a CEO :)
LiveUpdate only preforms DNS lookups and outbound connections to Symantec web servers. DMZ settings in your router 'shouldn't' make any difference. What can be happening, though, is that the router is performing either DNS or HTTP filtering of some sort or another which is preventing LiveUpdate from either finding its servers or connecting to them. Since putting the server in the DMZ solves the problem, it is probably the later -- an HTTP connection is not being allowed to the server. By putting the LU server in the DMZ you probably are disabling the router's filtering of the outbound HTTP connection.
I just had the same thing happen to me today after a prolonged power outage. I never had it happen before. I too have a Linksys WRT router. All I had to do was power cycle the router and the cable modem and all started working just fine again.
I would think that the error would be that the users could not find or connect to LU at all if the router was filtering / blocking the DNS or HTTP. Since they can connect and get some updates (but not all of them), would there be some other "sporadic" filtering going on? Maybe a buffer size is too small?
. I think there is a bug in x64 version. I use Windows 7 x64.
Thank you. I rebooted my PC more than one time.
