Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Source: Norton AntiVirus|
Download of virus definition file from LiveUpdate server failed. 00000001
|English: Request a translation of the event description in plain English.|
I had this issue on a W2K3 server that went through a proxy server to do live updates. Manual updates worked but auto updates were timing out. The solution was to use Windows Scheduler to schedule the live updates (vpdn_lu.exe). Apparently, that causes the proxy logon first.
This event occurred with Symantec AntiVirus Enterprise Edition when Groups are configured in Symantec System Center and Virus Definition Manager is scheduled to retrieve updates if the computer is off or unable to perform the task at the scheduled start time. For example 8 hours or less.
To resolve the issue open System Center, right click on the group with computers having this event, go to Virus Definition Manager, click on Schedule, then Advanced, and uncheck option “Retry the task within designated period of time”. It may also depend on another option listed in the same window “Perform update within plus or minus 480 minutes”.
The point is that if the server is scheduled to retrieve updates say at 8 am and Virus Definition Manager will distribute them at 8.30 am supposedly, the timeframe should be sufficient to complete.
As per Symantec: "This error message appears when LiveUpdate cannot download the virus definitions from the parent server. There may be several reasons for this problem. To determine whether LiveUpdate is functioning correctly, run LiveUpdate manually from the Norton AntiVirus user interface on the NAVCE Server. Make sure that you have sufficient rights for downloading files and writing to the folders". See "Symantec Knowledge Base ID: 2000091912194248", "Symantec Support Document ID:2003112011274048", and "Symantec Support Document ID:2003071410400048" for more details.
If you use a ISA server see the link to "Allowing Norton AntiVirus software LiveUpdate through ISA Server" for details on using Symantec's LiveUpdate through an ISA server.
I have seen this same error. It would not let my server or clients get the updated virus definitions. The cause was my newly downloaded virus definitions were corrupt. See Symantec Knowledge Base ID: 2002102209110448 to fix this problem.
I found that this event is due to a scheduled download of AV updates that couldn't complete due to misconfigured Live update connection proxy settings.
|Private comment: Subscribers only. See example of private comment|
|Links: Symantec Knowledge Base ID: 2002102209110448, Symantec Knowledge Base ID: 2000091912194248, Symantec Support Document ID:2003112011274048, Symantec Support Document ID:2003071410400048, Allowing Norton AntiVirus software LiveUpdate through ISA Server|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated