How to manually purge definitions for the Endpoint Protection Manager (SEPM)
search cancel

How to manually purge definitions for the Endpoint Protection Manager (SEPM)

book

Article ID: 184206

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

  • Managed Symantec Endpoint Protection (SEP) clients do not update virus definitions when being pulled from the SEPM. Otherwise the clients can pull content from the LiveUpdate servers. 
  • Corrupt definitions prevent Endpoint Protection (SEP) clients from receiving updates.
  • The SEPM shows old virus definitions in Admin > Server > Local Site > Show LiveUpdate Downloads. LiveUpdate on the SEPM will fail Usually with a general Error code 2.
  • Connections to the LiveUpdate Servers have been tested from the SEPM as per Article ID: 15126 and determined to be normal.
  • Examination of the SEPM's LUX.log ((...)\Symantec Endpoint Protection Manager\tomcat\logs) and the server activity logs in the SEPM under Admin > Servers do not provide any details on the nature of the failure.

Cause

If the above information is correct, one possible cause is that old or corrupted virus definitions are present on the SEPM and this prevents the SEPM from being able to update the SEP clients with new virus definitions. Follow the steps in the Resolution section to confirm or rule out this cause. 

Resolution

To clear old or corrupted virus definitions from the SEPM:

  1. Stop the service "Symantec Endpoint Protection Manager". 
    • Click Start > Run.
    • Type "Services.msc".
    • Select the "Symantec Endpoint Protection Manager" service.
    • Select "Stop".

  2. Delete the contents of the following folders:
    • C:\ProgramData\Symantec\LiveUpdate\LiveUpdateDownloads
    • %ProgramFiles(x86)%\symantec\symantec endpoint protection manager\inetpub\content\
    • %programdata%\Symantec\Definitions\SymcData\

  3. Open command prompt.
    • Change directory to the (...)\Symantec Endpoint Protection Manager\bin folder.
      Example: "cd C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin".
    • Run the command: "lucatalog -cleanup".
    • Once complete, run the command: "lucatalog -forcedupdate".
       
  4. Start the "Symantec Endpoint Protection Manager" service using steps from point 1. 
     
  5. Log on to Symantec Endpoint Protection Manager Console and launch a LiveUpdate from Admin > Server > Local Site > Download LiveUpdate content.

  6. Verify the correct download/usage of new virus definitions from Admin > Server > Local Site >Show LiveUpdate Downloads.
    Note: As the last download dates are stored on the database you may not see this information updated.