Fix corrupt definitions on Endpoint Protection clients
search cancel

Fix corrupt definitions on Endpoint Protection clients

book

Article ID: 175165

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

You receive a warning that Symantec Endpoint Protection clients have missing or corrupt definitions, from one of the following sources:

  • Symantec Endpoint Protection (SEP)
  • Symantec Endpoint Protection Manager (SEPM)
  • SymDiag

These messages would appear in the form of: 

  • SymDiag shows the error "Some Symantec Endpoint Protection definition sets are corrupted".
  • SEP clients show the error "Your Virus and Spyware definitions are missing or corrupted. This computer will not be protected against viruses and spyware until new definitions are downloaded."
  • SEPM shows the error "Attention Required" which indicates that definitions are corrupted or that components are disabled.

Connections to the LiveUpdate Servers have been tested as per Determine whether your firewall is blocking LiveUpdate and determined to be normal. 

Environment

  • Symantec Endpoint Protection 14.x
  • Microsoft Windows

Cause

  • There is no single cause for corrupted virus definitions.  
  • Possible causes include:
    • Other software interfering with our download and extraction process
    • Caching proxies making changes to our definition update files
    • Power loss during the definition update process
  • You may also see this new message if new definitions have been downloaded but cannot be applied.

Resolution

For Endpoint Protection Manager (SEPM) Definitions: 

See Manually purge definitions for the Endpoint Protection Manager (SEPM) for instructions on manually deleting the content. 

For Endpoint Protection (SEP) Client Definitions: 

  1. Reboot the system
  2. Then download and apply an Intelligent Updater for your version of Symantec Endpoint Protection.  The Intelligent Updater is designed to remove existing definitions and install a fresh set.  
  3. If the issue persists, follow the manual steps found in Manually purge definitions for a Windows Endpoint Protection client to Manually clear the definitions in your client. 

If these steps fail:

  1. Enable communication module logging and set to "debug" as per Configuring Endpoint Protection Communication Module Logging in 14.2 and later - CVE.log.
  2. Once enabled, re-attempt to run LiveUpdate. Or, if managed, wait up to 2 heartbeat cycles.
  3. Once complete collect the resulting logs, preferably by collecting a full symdiag.
  4. Then create a case with technical support with the data attached. 
Powered by Wolken Software