Hi,
i have the same issue. I tryed to debug the http connections with tcpdump and with Splunk logs in index=_internal source="*ta_symantec-ep.log
My thoughts is that the page where the app is looking for the updates has been dismissed. Look at these logs:
2016-05-26 16:20:26,149 INFO pid=40591 tid=MainThread file=malware_category_update.py:run:170 | The SPL is executed correctly.
host = splnkshmi-prd04.sky.local source = /splunkdata/splunk/var/log/splunk/ta_symantec-ep.log sourcetype = ta_symantec-ep
2016-05-26 16:20:25,833 INFO pid=40591 tid=MainThread file=malware_category_update.py:run:164 | Start the SPL
host = splnkshmi-prd04.sky.local source = /splunkdata/splunk/var/log/splunk/ta_symantec-ep.log sourcetype = ta_symantec-ep
2016-05-26 16:20:25,833 INFO pid=40591 tid=MainThread file=malware_category_update.py:run:162 | Start the SPL
host = splnkshmi-prd04.sky.local source = /splunkdata/splunk/var/log/splunk/ta_symantec-ep.log sourcetype = ta_symantec-ep
2016-05-26 16:20:25,671 INFO pid=40591 tid=MainThread file=malware_category_update.py:extract_xml:36 | Requesting url:http://www.symantec.com/xml/rss/azlistings.jsp?azid=_1234567890
host = splnkshmi-prd04.sky.local source = /splunkdata/splunk/var/log/splunk/ta_symantec-ep.log sourcetype = ta_symantec-ep
2016-05-26 16:20:25,645 INFO pid=40591 tid=MainThread file=malware_category_update.py:extract_xml:36 | Requesting url:http://www.symantec.com/xml/rss/azlistings.jsp?azid=Z
host = splnkshmi-prd04.sky.local source = /splunkdata/splunk/var/log/splunk/ta_symantec-ep.log sourcetype = ta_symantec-ep
2016-05-26 16:20:25,614 INFO pid=40591 tid=MainThread file=malware_category_update.py:extract_xml:36 | Requesting url:http://www.symantec.com/xml/rss/azlistings.jsp?azid=Y
host = splnkshmi-prd04.sky.local source = /splunkdata/splunk/var/log/splunk/ta_symantec-ep.log sourcetype = ta_symantec-ep
2016-05-26 16:20:25,587 INFO pid=40591 tid=MainThread file=malware_category_update.py:extract_xml:36 | Requesting url:http://www.symantec.com/xml/rss/azlistings.jsp?azid=X
host = splnkshmi-prd04.sky.local source = /splunkdata/splunk/var/log/splunk/ta_symantec-ep.log sourcetype = ta_symantec-ep
2016-05-26 16:20:25,553 INFO pid=40591 tid=MainThread file=malware_category_update.py:extract_xml:36 | Requesting url:http://www.symantec.com/xml/rss/azlistings.jsp?azid=W
host = splnkshmi-prd04.sky.local source = /splunkdata/splunk/var/log/splunk/ta_symantec-ep.log sourcetype = ta_symantec-ep
2016-05-26 16:20:25,528 INFO pid=40591 tid=MainThread file=malware_category_update.py:extract_xml:36 | Requesting url:http://www.symantec.com/xml/rss/azlistings.jsp?azid=V
host = splnkshmi-prd04.sky.local source = /splunkdata/splunk/var/log/splunk/ta_symantec-ep.log sourcetype = ta_symantec-ep
2016-05-26 16:20:25,502 INFO pid=40591 tid=MainThread file=malware_category_update.py:extract_xml:36 | Requesting url:http://www.symantec.com/xml/rss/azlistings.jsp?azid=U
host = splnkshmi-prd04.sky.local source = /splunkdata/splunk/var/log/splunk/ta_symantec-ep.log sourcetype = ta_symantec-ep
2016-05-26 16:20:25,474 INFO pid=40591 tid=MainThread file=malware_category_update.py:extract_xml:36 | Requesting url:http://www.symantec.com/xml/rss/azlistings.jsp?azid=T
host = splnkshmi-prd04.sky.local source = /splunkdata/splunk/var/log/splunk/ta_symantec-ep.log sourcetype = ta_symantec-ep
2016-05-26 16:20:25,449 INFO pid=40591 tid=MainThread file=malware_category_update.py:extract_xml:36 | Requesting url:http://www.symantec.com/xml/rss/azlistings.jsp?azid=S
host = splnkshmi-prd04.sky.local source = /splunkdata/splunk/var/log/splunk/ta_symantec-ep.log sourcetype = ta_symantec-ep
2016-05-26 16:20:25,425 INFO pid=40591 tid=MainThread file=malware_category_update.py:extract_xml:36 | Requesting url:http://www.symantec.com/xml/rss/azlistings.jsp?azid=R
host = splnkshmi-prd04.sky.local source = /splunkdata/splunk/var/log/splunk/ta_symantec-ep.log sourcetype = ta_symantec-ep
2016-05-26 16:20:25,399 INFO pid=40591 tid=MainThread file=malware_category_update.py:extract_xml:36 | Requesting url:http://www.symantec.com/xml/rss/azlistings.jsp?azid=Q
host = splnkshmi-prd04.sky.local source = /splunkdata/splunk/var/log/splunk/ta_symantec-ep.log sourcetype = ta_symantec-ep
2016-05-26 16:20:25,374 INFO pid=40591 tid=MainThread file=malware_category_update.py:extract_xml:36 | Requesting url:http://www.symantec.com/xml/rss/azlistings.jsp?azid=P
host = splnkshmi-prd04.sky.local source = /splunkdata/splunk/var/log/splunk/ta_symantec-ep.log sourcetype = ta_symantec-ep
2016-05-26 16:20:25,349 INFO pid=40591 tid=MainThread file=malware_category_update.py:extract_xml:36 | Requesting url:http://www.symantec.com/xml/rss/azlistings.jsp?azid=O
host = splnkshmi-prd04.sky.local source = /splunkdata/splunk/var/log/splunk/ta_symantec-ep.log sourcetype = ta_symantec-ep
2016-05-26 16:20:25,322 INFO pid=40591 tid=MainThread file=malware_category_update.py:extract_xml:36 | Requesting url:http://www.symantec.com/xml/rss/azlistings.jsp?azid=N
host = splnkshmi-prd04.sky.local source = /splunkdata/splunk/var/log/splunk/ta_symantec-ep.log sourcetype = ta_symantec-ep
2016-05-26 16:20:25,299 INFO pid=40591 tid=MainThread file=malware_category_update.py:extract_xml:36 | Requesting url:http://www.symantec.com/xml/rss/azlistings.jsp?azid=M
host = splnkshmi-prd04.sky.local source = /splunkdata/splunk/var/log/splunk/ta_symantec-ep.log sourcetype = ta_symantec-ep
2016-05-26 16:20:25,276 INFO pid=40591 tid=MainThread file=malware_category_update.py:extract_xml:36 | Requesting url:http://www.symantec.com/xml/rss/azlistings.jsp?azid=L
host = splnkshmi-prd04.sky.local source = /splunkdata/splunk/var/log/splunk/ta_symantec-ep.log sourcetype = ta_symantec-ep
2016-05-26 16:20:25,247 INFO pid=40591 tid=MainThread file=malware_category_update.py:extract_xml:36 | Requesting url:http://www.symantec.com/xml/rss/azlistings.jsp?azid=K
host = splnkshmi-prd04.sky.local source = /splunkdata/splunk/var/log/splunk/ta_symantec-ep.log sourcetype = ta_symantec-ep
2016-05-26 16:20:25,219 INFO pid=40591 tid=MainThread file=malware_category_update.py:extract_xml:36 | Requesting url:http://www.symantec.com/xml/rss/azlistings.jsp?azid=J
host = splnkshmi-prd04.sky.local source = /splunkdata/splunk/var/log/splunk/ta_symantec-ep.log sourcetype = ta_symantec-ep
2016-05-26 16:20:25,192 INFO pid=40591 tid=MainThread file=malware_category_update.py:extract_xml:36 | Requesting url:http://www.symantec.com/xml/rss/azlistings.jsp?azid=I
host = splnkshmi-prd04.sky.local source = /splunkdata/splunk/var/log/splunk/ta_symantec-ep.log sourcetype = ta_symantec-ep
2016-05-26 16:20:25,169 INFO pid=40591 tid=MainThread file=malware_category_update.py:extract_xml:36 | Requesting url:http://www.symantec.com/xml/rss/azlistings.jsp?azid=H
host = splnkshmi-prd04.sky.local source = /splunkdata/splunk/var/log/splunk/ta_symantec-ep.log sourcetype = ta_symantec-ep
2016-05-26 16:20:25,144 INFO pid=40591 tid=MainThread file=malware_category_update.py:extract_xml:36 | Requesting url:http://www.symantec.com/xml/rss/azlistings.jsp?azid=G
host = splnkshmi-prd04.sky.local source = /splunkdata/splunk/var/log/splunk/ta_symantec-ep.log sourcetype = ta_symantec-ep
2016-05-26 16:20:25,117 INFO pid=40591 tid=MainThread file=malware_category_update.py:extract_xml:36 | Requesting url:http://www.symantec.com/xml/rss/azlistings.jsp?azid=F
host = splnkshmi-prd04.sky.local source = /splunkdata/splunk/var/log/splunk/ta_symantec-ep.log sourcetype = ta_symantec-ep
2016-05-26 16:20:25,094 INFO pid=40591 tid=MainThread file=malware_category_update.py:extract_xml:36 | Requesting url:http://www.symantec.com/xml/rss/azlistings.jsp?azid=E
host = splnkshmi-prd04.sky.local source = /splunkdata/splunk/var/log/splunk/ta_symantec-ep.log sourcetype = ta_symantec-ep
2016-05-26 16:20:25,068 INFO pid=40591 tid=MainThread file=malware_category_update.py:extract_xml:36 | Requesting url:http://www.symantec.com/xml/rss/azlistings.jsp?azid=D
host = splnkshmi-prd04.sky.local source = /splunkdata/splunk/var/log/splunk/ta_symantec-ep.log sourcetype = ta_symantec-ep
2016-05-26 16:20:25,045 INFO pid=40591 tid=MainThread file=malware_category_update.py:extract_xml:36 | Requesting url:http://www.symantec.com/xml/rss/azlistings.jsp?azid=C
host = splnkshmi-prd04.sky.local source = /splunkdata/splunk/var/log/splunk/ta_symantec-ep.log sourcetype = ta_symantec-ep
2016-05-26 16:20:25,022 INFO pid=40591 tid=MainThread file=malware_category_update.py:extract_xml:36 | Requesting url:http://www.symantec.com/xml/rss/azlistings.jsp?azid=B
host = splnkshmi-prd04.sky.local source = /splunkdata/splunk/var/log/splunk/ta_symantec-ep.log sourcetype = ta_symantec-ep
2016-05-26 16:20:24,975 INFO pid=40591 tid=MainThread file=malware_category_update.py:extract_xml:36 | Requesting url:http://www.symantec.com/xml/rss/azlistings.jsp?azid=A
host = splnkshmi-prd04.sky.local source = /splunkdata/splunk/var/log/splunk/ta_symantec-ep.log sourcetype = ta_symantec-ep
2016-05-26 16:20:24,874 INFO pid=40591 tid=MainThread file=malware_category_update.py:run:88 | This is a single instance or cluster captain. Run the malare_category_update.
host = splnkshmi-prd04.sky.local source = /splunkdata/splunk/var/log/splunk/ta_symantec-ep.log sourcetype = ta_symantec-ep
2016-05-26 16:20:24,853 INFO pid=40591 tid=MainThread file=malware_category_update.py:run:84 | End reading session key
host = splnkshmi-prd04.sky.local source = /splunkdata/splunk/var/log/splunk/ta_symantec-ep.log sourcetype = ta_symantec-ep
2016-05-26 16:20:24,853 INFO pid=40591 tid=MainThread file=malware_category_update.py:run:80 | Start reading session key
host = splnkshmi-prd04.sky.local source = /splunkdata/splunk/var/log/splunk/ta_symantec-ep.log sourcetype = ta_symantec-ep
2016-05-26 16:20:24,852 INFO pid=40591 tid=MainThread file=malware_category_update.py:run:79 | Script input start.
You can see that the script start to contact different urls (from A to Z and one last link) and all the steps are mode properly. But f you try to contact those links you'll obtain a page with this phrase: http://www.symantec.com/business/landing/azlisting.jsp The Threat Explorer is a comprehensive resource for daily, accurate and up-to-date information on the latest threats, risks and vulnerabilities. en-us
Maybe Symantec moved the tables. I hope someone will answer or update the app.
... View more