Video Screencast Help

LiveUpdate has been locked by administrator, cannot download latest definitions

Created: 15 Dec 2008 • Updated: 10 Sep 2010 | 11 comments

Hi all,


I have recently downloaded SEP on my personal PC as an unmanaged client, and I am not networked in with any other computers.  I am the administrator for my computer, however in the home screen for SEP it says "Proactive Threat Protection is disabled" and when I click "fix" it says it has requested updated definitions from the server and the problem will disappear when the updates are downloaded.  The problem is that it has been saying this for 2 days now and no updates have been downloaded.  Also, along the left hand side of the home screen where the links to the different pages of SEP the link for LiveUpdate is grayed out and I cannot select it.  When I move the mouse over it I get a text box saying "Your administrator has locked this feature."  I go into my control panel and find LiveUpdate there, but there are no options allowing me to unlock LiveUpdate, nor does it say anywhere that LiveUpdate is locked.  A couple other notes, I am on Vista Home Premium, and am running the 64 bit version of SEP. 


Please help.  



Comments 11 CommentsJump to latest comment

zer0's picture

Just run liveupdate by running luall from the run command.

You can also schedule this to run with luall -s which will do it silently.





KingHu's picture

Just run liveupdate by running luall from the run command.

You can also schedule this to run with luall -s which will do it silently.


I got the exact same problem. I had run "Luall" manually and it is running to get all updates. But SEP's Virus definition still older? Please have one advise?

Shadow658's picture

My case is just similar to BradUSMC and KingHu
I installed Unmanaged Version SEP11.0.4 (MR4) without SEPM in the laptop (32bit Window Vista Business) today

I had an error of Antivirus and Antispyware Protection out of function just after installation
And I got the Intelligent Updater today, which was 20090520-034-vXXXX.exe
Then, it seems to work fine.
Only the LiveUpdate button is grayed out, and showed "Your administrator has locked this feature."
It also locked "Change settings -> (Client Management)Configure Settings -> Scheduled Updates -> Enable automatic updates" (I can't click the check box)

Then, I used the above solution, set up a scheduled task "luall -s"
But, later, I found out that my desktop can update the virus version to "Wednesday, May 20, 2009 r54" (which should be Managed Version SEP11.0.2)
The laptop can't update to r54 by using luall, it kept at r34

But the process of luall is fine
The different of luall process between laptop and desktop version is laptop one only "Downloading catalog file (1 of 9), product up-to-date"
And desktop is "Downloading catalog file (1 of 14), product up-to-date"

Does the unmanaged version SEP can't get the updatest version?'s picture

1) make sure that you have live update installed (from add-remove panel)
2) restart the services.
3) since it is personal PC you can even try uninstall and reinstall of the symantec software; as sometimes corrupt files may lead to improper functionality.

If this not resolve qyery let us know; we will try another option.

Shadow658's picture

Thx for your help firsrt

1. LiveUpdate should be installed

2. Restart the services? You mean start the service at Control Panel -> Administrative Tools -> Services?
LiveUpdate has the Startup Type "Manual", and I try to start it, then run luall, it still not work

3. I uninstall and reinstall the SEP and LiveUpdate. This time, it work fine after the installation.
The definition of three protection type are 14 January 2009 r24, 20 August 2008 r1 and 09 November 2007 r1.
The LiveUpdate button still locked. And I try luall, it can't update any definition.
The process of luall only show "Downloading catalog file (1 of 4), product up-to-date.". Four file also are "product up-to-date"
Even I restart the laptop to try again, LiveUpdate is still not working.

I found out that the top part of log of processing luall has some different of desktop version and laptop version
Is this important?

Desktop version (managed client, Version 11.0.2) shown:
The following Symantec products and components are installed on your computer.
> Antivirus and antispyware definitions
> Intrusion Prevention signatures
> LiveUpdate
> Submission Control signatures
> Symantec Endpoint Protection client
> Symantec Security Software
> Symantec Security Software Update
> Symantec Shared Components

But laptop version only shown:
The following Symantec products and components are installed on your computer.
> LiveUpdate
> Symantec Security Software
> Symantec Security Software Update

Shadow658's picture

I try to reinstall SEP and LiveUpdate again
But I delete the registry data as well , all registry under "Symantec" is deleted before I installed the SEP
And this time, the LiveUpdate button is clickable and the schedule part is editable
The LiveUpdate can work well also

I through the problem caused by the first fail installation, and the registry is kept and affected later installation's picture

i have given the same solution in my earlier post.

its good that your problem is solved;

SEP Errrm's picture

I have disabled the 'LiveUpdate' button on the clients from the management console and now want to re-enable it.  On the Live Update policy when I click the 'Server Settings' link the option to 'Allow the user to manually run Live Update' is greyed out.

Please can someone expalin why it is greyed out and how I make the option available again.  I know I can enable the button by changing hte registry key on my local machine HKLM\Software\Symantec\Symantec Endpoint Protection\LiveUpdate\ then change 'Allow manual update from 0  to 1 but I need to do it for all desktops not just a single machine.


SEP Errrm's picture

OOOps, I have managed to resolve this so thought I'd post incase anyone else has the same problem.

The tick box is greyed out because under 'server setting' on the liveupdate policy, I had selected to use the default management server (recomended) ticked.  underneath this option there is a tick box to use a live update server and a radio button to use the deafult liveupdate server.  Once I changed this setting the 'enable users to manually run liveupdate becomes available to check.  Hope that makes sense, it took me half a day to figure outr!!!!