Tech Forum

Symantec will try to update, but if it gets out of date longer than 10 days or so it will not update. Because dial up is so slow, this is an ever present problem. The quarterly update is certainly better than any protection we have had on local unit machines in the past. LANDesk cannot deliver applications or patches over a dial up connection. As more units go on to broadband, we will probably configure LANDesk to work as a software delivery application. The FHC centers have always been on high speed so it is easier for them to use LANDesk and keep the viruses up to date. Most local units only turn on the machine a couple times a week at most and connect to the internet for a few minutes at most over a 20+k phone line so the amount of information we can get down to the local unit PC is limited.

DJC wrote:Symantec will try to update, but if it gets out of date longer than 10 days or so it will not update. Because dial up is so slow, this is an ever present problem. The quarterly update is certainly better than any protection we have had on local unit machines in the past. LANDesk cannot deliver applications or patches over a dial up connection. As more units go on to broadband, we will probably configure LANDesk to work as a software delivery application. The FHC centers have always been on high speed so it is easier for them to use LANDesk and keep the viruses up to date. Most local units only turn on the machine a couple times a week at most and connect to the internet for a few minutes at most over a 20+k phone line so the amount of information we can get down to the local unit PC is limited.

I appreciate this information, but I don't see how it fits with what I am actually seeing on my stake's administrative computer.

1. I manually updated the virus definitions on 4/6/2008.
2. The stake administrative computer was on broadband prior to that date
3. We do a Send/Receive at least twice a week; never does more than one week pass between MLS transmissions.
4. The computer is on for at least two hours each time.
5. The virus definitions are still dated 4/6/2008

So are you saying that Symantec should be doing the updates independent of any MLS transmission? We have a constant Internet connection (while the computer is on), so it certainly could do that, and it has had many hours to do that, so time is not an issue. But I see no evidence in the virus definition dates that this has happened.

With a broadband connection, I don't know why the updates would be restricted to an MLS Send/Receive session, but if that were the case, I suppose that it would be possible that the transmission session is actually too short to get the updates downloaded. But again, that makes no sense in a broadband configuration.

I can only conclude that

• The virus definitions are being updated, but the date reported by Symantec is not being changed (that's really hard to believe); or
• Symantec and/or LANDesk is not really configured (at least on my stake's installation of Desktop 5.5) the way you think it is, and the definitions are not being updated automatically.

I am now sitting at the stake computer with broadband internet access. The Symantec Antivirus has not updated itself since the last time I manually did it.

I checked for any auto-update feature in the software or anything related to Symantec that would auto-update. There is none. As already posted the LifeUpdate feature is deactivated.

I went to Symantec's web site to find out what I could. There are three ways to update virus definitions.

LiveUpdate. This is the easiest way to update definitions. The definitions file that LiveUpdate downloads is small. And, when you run LiveUpdate, you may be offered needed product updates as well.

• LiveUpdate virus definitions for Norton 2008 and newer are updated 3 times a day.
• LiveUpdate virus definitions for Norton 2006 and 2007 products are updated daily.
• LiveUpdate virus definitions for Norton 2005 and earlier products are updated weekly.

Intelligent Updater. This file is larger than the LiveUpdate file, so the download may take some time if you have a dial-up connection.

• Intelligent Updater virus definitions for Norton 2008 and later are updated 3 times a day.
• Intelligent Updater virus definitions for Norton 2007 and earlier are updated daily.

The third way is to first download the definitions file and then install it. That is the method described in the Desktop 5.5 instructions.

I used the Intelligent Updater. It took a while and it did indeed update the definitions to version 3 for 12 June 2008.

DJC wrote:With high speed internet, the symantec a/v definitions should stay up to date and eliminate the need to update them quarterly. The problem is that the window with a dial up connection is too short and it can't get the definitions down in the time allotted over dial up. Once they are out of date by more than 10 days, a whole dat file update is required.

High speed computers should not have a problem with this.

I would like to know how this auto-update is suppose to be happening.

jdlessley wrote:I would like to know how this auto-update is suppose to be happening.

I do not think it is, and I do not think it will. I think it is something CHQ hopes to implement in the future. It is in the plans, just as having CHQ manage the administrative desktop computers is in the plans for the future.

My source, of course, is the help desk. Therefore, as I have promised myself, I will speak no further.

I was just wondering - If the Symantec LiveUpdate was reinstalled would it override the deactivation?

It seems that having the LiveUpdate working for internet connected computers would be good to have. If there is a Church emplyee who can answer this I would like to get a response. I do not want to do something like that without weighing in with those in the right position to know.

I think that having an update each day the computer is turned on is the only reasonable thing to have - especially when Symantec thinks it is necessary to provide 3 updates a day for virus definitions.

I dragged the stake machine over to the FHC to give it a connection and see what it would do. I did find a way of manually triggering the Live Update. Simply run C:\Program Files\Symantec\LiveUpdate\LUALL.exe. It connected to something identified as "LDS Liveupdate" and then proclaimed all my files were up to date. I noticed that anti-virus definition updates were not listed in the things it was going to check for. In fact the only things listed was "LiveUdate" itself and "Symantec Security Software Update".

Again, LiveUpdate is not disabled, manual triggering from the client screen is what is disabled.

So far what I see is consistent with our clients being centrally managed. Our computers check in with our (LDS) server rather then going direct to Symantec. That's what "Corporate Edition" is all about.

Rummaging around the help file, I found the following: "Note: Your administrator may have specified a maximum number of days that the virus and security risk definitions can be out of date. After exceeding the maximum number of days, Symantec AntiVirus automatically runs LiveUpdate when an Internet connection is detected."

So, I wonder what this is set to? My definitions are a few months out of date. It's older then Alan's. But it still may not be old enough to trigger LiveUpdate. Remember, we've been asked to do quarterly updates. So it's wouldn't be set for less then 90 days.

So at this point I think our "myth" that old virus definitions could cause problems with MLS connections remains as "plausible". (An MLS connection looks just like an Internet connection to the computer. In fact it fires up the MLS dialup connection in the Network Neighborhood.) But you have to let the definitions lapse beyond the quarterly update that's been asked of us. A side effect of this is that SAV won't update on a daily or weekly schedule by itself when connected to broadband.

As a reminder, the above applies to administrative computers running Desktop 5.5, not FHC computers which are managed by a different policy.

RussellHltn wrote:So at this point I think our "myth" that old virus definitions could cause problems with MLS connections remains as "plausible". (An MLS connection looks just like an Internet connection to the computer. In fact it fires up the MLS dialup connection in the Network Neighborhood.) But you have to let the definitions lapse beyond the quarterly update that's been asked of us. A side effect of this is that SAV won't update on a daily or weekly schedule by itself when connected to broadband.

To my thinking, this is an unlikely conjecture, but I can't deny that it is possible. Yet if it is accounting for some significant use of bandwidth, then it is a very unfortunate mistake in implementation. The Church servers are already overworked -- witness the many Sundays when many MLS transmission sessions fail because there are too many administrative computers trying to connect for too long using too much bandwidth at the same time. If any significant portion of this bandwidth is being consumed by a pointless attempt to download anti-virus definitions (which it seems there is ample evidence don't actually lead to an actual update of those definitions on the target computer), then this is a regrettable waste of precious bandwidth.

As I said, I consider this unlikely, but if it is true, the Church should give high priority to reconfiguring administrative computers so that they never attempt to update anti-virus definitions. That would free up bandwidth, which would help everyone.

Regardless of the foregoing, another (lower) priority would be to figure out how to allow administrative computers with broadband connections to update their AV definitions. That could be done via Church servers (which may cause other bandwidth problems, but gives the Church more control over the update process) or directly with Symantec servers (which would have no impact on bandwidth for Church servers).

The quarterly updates may be better than what was done years ago, but as more computers are connected to the Internet, the risk of infection by new viruses goes up substantially, and so having current anti-virus protection is much more important. The technology for staying up to date exists and simply needs to be enabled for computers with broadband connections.

I've looked for it, but I can't find it - somewhere either here or on the list, someone had problems with long phone calls and maybe even failed send/receives. But once the AV was updated, they were fine.

That's the real test of the advice - does it fix a problem.

If an MLS computer is on Broadband, CHQ needs to add there computer name to a domain to allow live update via high speed connection. As we have not had to deal with a lot of high speed machines in the past, I hadn't thought the issue through. The reason that they are not updating is because we have not added them to the high speed live update domain. I have to fuigure out how we are going to do that. If any of you want to private message me with the computer name of your local machine, I will add it and see if it works.

For dial up connections, it should try and update every connection, as long as the connection time is longer than the time it takes to update the most recent definitions. It is personal experience that if there is not a connection for longer than 10 days, the a/v def file will be to big to download. This requires the manual update that we ask for every quarter.

DJC wrote:For dial up connections, it should try and update every connection, as long as the connection time is longer than the time it takes to update the most recent definitions.

Does this mean it actually is trying to update in the "background", i.e., is it sharing the line with the other zillions of files that upload and download, and if it is able to squeeze in, or if the operating system lets it squeeze in, the update makes it, but if MLS is otherwise finished and the definitions are not, MLS drops the connection anyway and the definitions lose?

Is that what is happening?