Corrupted Policies (Serdef.dat) is preventing clients from starting the SEP service.
search cancel

Corrupted Policies (Serdef.dat) is preventing clients from starting the SEP service.


Article ID: 177982


Updated On:


Endpoint Protection


Some clients no longer check in for updates and the Symantec Endpoint Protection (SEP) services cannot be started on it. The SEP tray icon is also not displayed.

The SEP client may have been functioning correctly for a long period of time. Recently there was a network issue where the clients lost connectivity with the manager.


Serdef.dat corruption occurs when a new policy is being distributed and there is a network outage.  The policy update on the client does not fully complete and this causes the client services to be disabled and fail to restart.

To verify policy, compare the policy information within the SEP Client User Interface (UI) with the policy within the SEPM.

To determine the policy in place on the client:

  1. Double click on the SEP client icon in the task bar to pull up the client UI.
  2. Click on Help and Support and select Troubleshooting.
  • The policy information that you are looking for is under "Policy Serial Number" and consists of a sequence id and date/time such as XYXY-04/02/2010 09:16:06 165.

To determine the policy the group is set to:

  1. Within the SEPM, click on Clients and select the client's group.
  2. Click on the Details tab.
  • The policy information to compare is also under "Policy Serial Number".

 A good sign of corruption is when these policy numbers do not match.


To resolve the issue:

  1. Stop the SMC service by clicking ‘Start’ then in the Run box type “Smc –Stop”.
  2. Go to C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Config and find the Serdef.dat and Serdef.dat.bak.
  3. Rename the serdef.dat file to serdef1.dat.
  4. Rename serdef.dat.bak back to serdef.dat.
  5. Start the SMC service by clicking ‘Start’ then type in the Run box “Smc –Start”.

The client will now use the serdef.dat backup file to connect with the SEP Manager and get the new policy/updates.