search cancel

Fix corrupt definitions on Endpoint Protection clients

book

Article ID: 175165

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

You have received a warning that Symantec Endpoint Protection clients have missing or corrupt definitions, from one of the following sources:

  • Symantec Endpoint Protection (SEP)
  • Symantec Endpoint Protection Manager (SEPM)
  • SymDiag

These messages would appear in the form of: 

  • SymDiag shows the error "Some Symantec Endpoint Protection definition sets are corrupted"
  • SEP clients show the error "Your Virus and Spyware definitions are missing or corrupted. This computer will not be protected against viruses and spyware until new definitions are downloaded."
  • SEPM shows the error "Attention Required" which indicates that definitions are corrupted or that components are disabled.

Connections to the LiveUpdate Servers have been tested as per Article ID: 15126 and determined to be normal. 

Environment

  • Symantec Endpoint Protection 14.x
  • Microsoft Windows

 

Cause

  • There is no single cause for corrupted virus definitions.  
  • Possible causes include:
    • Other software interfering with our download and extraction process
    • Caching proxies making changes to our definition update files
    • Power loss during the definition update process
  • You may also see this new message if new definitions have been downloaded but cannot be applied.

Resolution

For Endpoint Protection Manager (SEPM) Definitions: 

See article ID: 184206 for instructions on manually deleting the content. 

For Endpoint Protection (SEP) Client Definitions: 

Reboot the system, then download and apply an Intelligent Updater for your version of Symantec Endpoint Protection.  The Intelligent Updater is designed to remove existing definitions and install a fresh set.  
If the issue persists, follow the manual steps found in article ID: 180682 to Manually clear the definitions in your client. 

If these steps fail, enable communication module logging and set to "debug" as per article ID: 171445. Once enabled, re-attempt to run LiveUpdate. Or, if managed, wait up to 2 heartbeat cycles. 
Once complete collect the resulting logs, preferably by collecting a full symdiag. Then create a case with technical support with the data attached.