How to Backdate Virus Definitions in Symantec Endpoint Protection Manager

Article:TECH102935  |  Created: 2007-01-15  |  Updated: 2014-07-24  |  Article URL
Article Type
Technical Solution


You suspect that the virus definitions are corrupt and would like to roll back to a previous virus definition set in the Symantec Endpoint Protection Manager (SEPM).


The method described below can also be used to circumvent a confirmed False Positive (FP) until definitions are available that remove the detection.  In the case of False Positives, though, creating a specific exclusion or awaiting new Rapid Release definitions is the recommended approach.  As each set of new definitions includes protection against new threats, reverting to an older revision will always introduce security risk into an organization.


Follow the steps below to roll back virus definitions in Symantec Endpoint Protection Manager:

  1. Click Policies
  2. Select View Policies
  3. Click LiveUpdate.
  4. Double-click your current LiveUpdate Content Policy Under the "LiveUpdate Content" tab. The LiveUpdate Content Policy Overview dialog box appears.
  5. From the "LiveUpdate Content" section, click Security Definitions.
  6. Enable the Select a revision option located in the "AntiVirus and AntiSpyware definitions" section,
  7. Click the Edit button. The Select Revision - Antivirus and AntiSpyware definitions dialog box appears.
  8. Expand the drop-down list and browse to the appropriate (32-bit or 64-bit) definition set.
  9. Click the desired rollback definition date.
  10. Click OK.
  11. Click OK to close the "Security Definitions" dialog box and return to the "Policies" tab.

Note: Remember to return to your >LiveUpdate Content Policy and change back to the Use latest available option if appropriate.

Legacy ID


Article URL

Terms of use for this information are found in Legal Notices