SEP11 Liveupdate EventID 13

By Roger on August 10, 2008 10:05 AM | 3 Comments | No TrackBacks

Late last week I began noticing an error in the Application event logs on some of my SEP11 systems

Event ID 13: "LiveUpdate returned a non-critical error. Available content updates may have failed to install."

Over at Symantec Forums people report receiving a couple different answers from tech support. Looks like the definitive answer is:

The Event ID 13 error is due to a defective patch that went out via LU on August 4, 2008. It was pulled from LU on the 7th, but machines that already downloaded the patch will display these symptoms.

Besides cluttering logs, these errors are not detrimental to system performance or security.

When the new patch to replace the defective one goes out sometime next week, the errors will stop happening.

I'm assuming the fix they are referring to is the Symantec Eraser update scheduled for Monday.

Symantec expects to post its quarterly update to the Eraser engine in the certified definitions of Monday, August 11th, US Pacific Time. This release includes internal enhancements and does not address any specific customer issues seen in the field. Eraser file versions will be 2008-2.0.125. This update will cause the size of the xdb file to temporarily increase.

Categories:

Tags:

No TrackBacks

TrackBack URL: http://www.infosecblog.org/mt-tb20071121.pl/769

3 Comments

songmay | August 12, 2008 12:46 AM | Reply

how can i solve this problem
thx

Rik | August 12, 2008 5:37 AM | Reply

On the afternoon of the 11th $hit hit the fan as most, but not all, of our workstations running SEP went into an infinite reboot loop. The computers that started rebooting had the same definition revisions as the computers that didn't reboot. Still investigating, but so far it looks like the computers that rebooted all were previously logging the error 13, while the computer that weren't rebooting had clean event logs. The only way we could remotely get the computers to stop rebooting was to bang a script against them to delete the Aug 11 r16 definition folder, since you only had the time between obtaining an IP and SEP loading to attempt any remediation before the system would reboot again. Wondering if PCs that received the earlier botched update are being made worse by the possible release of a "fix". Could be unrelated to this post, but I doubt it. Just throwing it out.

Author Profile Page Roger replied to comment from Rik | August 12, 2008 8:56 AM | Reply

that's not good.

Leave a comment

Categories

Archives

Please contact me by leaving a comment where appropriate. Otherwise, you can click here to reveal an email address for me.
Follow me on Twitter
Got Backups? Get Safe Online Remember Rick Rescorla
Powered by Movable Type 4.31-en

Search

About this Entry

This page contains a single entry by Roger published on August 10, 2008 10:05 AM.

Knowing What you Have was the previous entry in this blog.

Thanks Mr X is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.