Corrupt definitions prevent Endpoint Protection clients from receiving updates

book

Article ID: 184206

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Managed Symantec Endpoint Protection (SEP) clients do not update virus definitions.

These clients are configured to receive their updates from their Symantec Endpoint Protection Manager (SEPM). The SEPM shows old virus definitions in Admin > Server > Local Site > Show LiveUpdate Downloads.

Cause

Examine the SEPM's log.liveupdate and the System > Server Activity logs, which may provide details on the nature of the failure.

One possible cause is that old or corrupted virus definitions present on the SEPM prevent the SEPM's ability to update the SEP clients with new virus definitions.

Resolution

To clear old or corrupted virus definitions from the SEPM:

  1. Delete the content of following folder:

    C:\Documents and Settings\All users\Application Data\Symantec\LiveUpdate\Downloads\

    Note: Application Data is a hidden folder. Delete the content of the Downloads folder, but not the folder itself.
     
  2. Stop the service "Symantec Endpoint Protection Manager".
     
    1. Click Start > Run.
    2. Type Services.msc.
    3. Select and stop the above mentioned service.
       
  3. Delete the numbered or TMP folders inside the paths:

    %programfiles%\symantec\symantec endpoint protection manager\inetpub\content\{535CB6A4-...
    %programfiles%\symantec\symantec endpoint protection manager\inetpub\content\{07B590B3-...
    %commonprogramfiles%\Symantec Shared\SymcData\spcVirDef32
    %commonprogramfiles%\Symantec Shared\SymcData\spcVirDef64

    Notes:
    • In Server 2008, the Downloads folder in step 1 is located at  %programdata%\Symantec\LIveUpdate\Downloads
    • In 64-bit operating systems the "Symantec\Symantec Endpoint Protection Manager\inetpub\content" folder will be located in C:\Program Files (x86) and not C:\Program Files
    • For Windows Server 2008 or similar systems the location of the %commonprogramfiles%\Symantec Shared\SymcData\ will be following: C:\ProgramData\Symantec\Definitions\SymcData\
       
  4. Launch the process LUALL.EXE
     
    1. Click Start > Run.
    2. Type LUALL.exe.
    3. Click OK.
       
  5. Restart the Symantec Endpoint Protection Manager service when LiveUpdate is complete.
     
    1. Log on to Symantec Endpoint Protection Manager Console and launch a LiveUpdate from Admin > Server > Local Site > Download LiveUpdate content.
    2. Verify the correct download/usage of new virus definitions from Admin > Server > Local Site >Show LiveUpdate Downloads.