Troubleshoot corrupt definitions in Endpoint Protection on Windows

book

Article ID: 177501

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Symantec Endpoint Protection (SEP) client for Windows has one or more definition issues, such as:

  • Definitions fail to update
  • Definition information in the Windows registry is different from the information in the usage.dat file
  • Duplicate product definition entries in the usage.dat file
  • The usage.dat product entries uses different definitions

Environment

Windows

Resolution

Note: To quickly check if this issue still exists or has been resolved on the computer, download and run SymDiag.

Corruption of virus definitions may have many causes. Consider these questions when responding to potentially corrupted content definitions:

  • Is the corruption believed to be a one-time issue with a suspected one-time cause?
  • Is the corruption a recurring issue due to an unknown cause?

Known, one-time cause

If the known or suspected cause is not anticipated to recur, you can clear corrupted definitions by uninstalling and reinstalling SEP. Alternately, you can manually clear definitions as explained in the following article:

Unknown cause, recurring issue

If the cause is not known, clearing the definitions can be a useful troubleshooting step.

If the problem reoccurs on one or more computers, identifying the root cause is a priority. A fix of the root cause prevents repetition of the procedure for clearing corrupted definitions.

Consider the following when attempting to identify the cause for recurring definition corruption:

  • Confirm client is able to connect to LiveUpdate source (Public LU, SEPM, Internal LU server).
  • Confirm System drive space (Usually C:) on the affected computer is more than 900 MB.

If a cause cannot be found or addressed and the issue repeats itself, contact Technical Support.