No, nothing has to be updated. If you're practice with Python, you can check the script "malware_category_update.py" in "\Splunk_TA_symantec-ep\bin" to understand how the app woks about the malware table update.
In particular, if you have a single SH and not a cluster, i supposed you made a mistake during the configuration of the update. In fact, looking at the scriptl you should see the line "This is a single instance or cluster captain. Run the malare_category_update." (line 88) while your log talks about a SH cluster, just like the script thinks that you have a SH cluser configuration. Because you are not in a cluster config, the script can't find the "cluster captain" and skips the update (line 176).
I think you have to check your setup following the documentation here: http://docs.splunk.com/Documentation/AddOns/latest/SymantecEP/Setup
It's a very simple configuration.
Matteo
... View more