Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 16 Source: NortonAntiVirus

Level
Description
Download of virus definition file from LiveUpdate server failed. 00000001
Comments
 
I had this issue on a W2K3 server that went through a proxy server to do live updates. Manual updates worked but auto updates were timing out. The solution was to use Windows Scheduler to schedule the live updates (vpdn_lu.exe). Apparently, that causes the proxy logon first.
This event occurred with Symantec AntiVirus Enterprise Edition when Groups are configured in Symantec System Center and Virus Definition Manager is scheduled to retrieve updates if the computer is off or unable to perform the task at the scheduled start time. For example 8 hours or less.
To resolve the issue open System Center, right click on the group with computers having this event, go to Virus Definition Manager, click on Schedule, then Advanced, and uncheck option “Retry the task within designated period of time”. It may also depend on another option listed in the same window “Perform update within plus or minus 480 minutes”.
The point is that if the server is scheduled to retrieve updates say at 8 am and Virus Definition Manager will distribute them at 8.30 am supposedly, the timeframe should be sufficient to complete.
As per Symantec: "This error message appears when LiveUpdate cannot download the virus definitions from the parent server. There may be several reasons for this problem. To determine whether LiveUpdate is functioning correctly, run LiveUpdate manually from the Norton AntiVirus user interface on the NAVCE Server. Make sure that you have sufficient rights for downloading files and writing to the folders". See "Symantec Knowledge Base ID: 2000091912194248", "Symantec Support Document ID:2003112011274048", and "Symantec Support Document ID:2003071410400048" for more details.
If you use a ISA server see the link to "Allowing Norton AntiVirus software LiveUpdate through ISA Server" for details on using Symantec's LiveUpdate through an ISA server.
I have seen this same error. It would not let my server or clients get the updated virus definitions. The cause was my newly downloaded virus definitions were corrupt. See Symantec Knowledge Base ID: 2002102209110448 to fix this problem.


I found that this event is due to a scheduled download of AV updates that couldn't complete due to misconfigured Live update connection proxy settings.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...