Corrupt definitions prevent Endpoint Protection clients from receiving updates


Article ID: 184206


Updated On:


Endpoint Protection


Managed Symantec Endpoint Protection (SEP) clients do not update virus definitions.

These clients are configured to receive their updates from their Symantec Endpoint Protection Manager (SEPM). The SEPM shows old virus definitions in Admin > Server > Local Site > Show LiveUpdate Downloads.


Examine the SEPM's log.liveupdate and the System > Server Activity logs, which may provide details on the nature of the failure.

One possible cause is that old or corrupted virus definitions present on the SEPM prevent the SEPM's ability to update the SEP clients with new virus definitions.


To clear old or corrupted virus definitions from the SEPM:

  1. Delete the content of following folder:

    C:\Documents and Settings\All users\Application Data\Symantec\LiveUpdate\Downloads\

    Note: Application Data is a hidden folder. Delete the content of the Downloads folder, but not the folder itself.
  2. Stop the service "Symantec Endpoint Protection Manager".
    1. Click Start > Run.
    2. Type Services.msc.
    3. Select and stop the above mentioned service.
  3. Delete the numbered or TMP folders inside the paths:

    %programfiles%\symantec\symantec endpoint protection manager\inetpub\content\{535CB6A4-...
    %programfiles%\symantec\symantec endpoint protection manager\inetpub\content\{07B590B3-...
    %commonprogramfiles%\Symantec Shared\SymcData\spcVirDef32
    %commonprogramfiles%\Symantec Shared\SymcData\spcVirDef64

    • In Server 2008, the Downloads folder in step 1 is located at  %programdata%\Symantec\LIveUpdate\Downloads
    • In 64-bit operating systems the "Symantec\Symantec Endpoint Protection Manager\inetpub\content" folder will be located in C:\Program Files (x86) and not C:\Program Files
    • For Windows Server 2008 or similar systems the location of the %commonprogramfiles%\Symantec Shared\SymcData\ will be following: C:\ProgramData\Symantec\Definitions\SymcData\
  4. Launch the process LUALL.EXE
    1. Click Start > Run.
    2. Type LUALL.exe.
    3. Click OK.
  5. Restart the Symantec Endpoint Protection Manager service when LiveUpdate is complete.
    1. Log on to Symantec Endpoint Protection Manager Console and launch a LiveUpdate from Admin > Server > Local Site > Download LiveUpdate content.
    2. Verify the correct download/usage of new virus definitions from Admin > Server > Local Site >Show LiveUpdate Downloads.