Symantec Endpoint Protection Manager 11.x is not updating 32 or 64 bit virus definitions.

Article:TECH104721  |  Created: 2008-01-15  |  Updated: 2013-05-17  |  Article URL http://www.symantec.com/docs/TECH104721
Article Type
Technical Solution


Environment

Issue



Why is Symantec Endpoint Protection Manager (SEPM) 11.x not updating 32 or 64 bit virus-definitions?
 


Error



Symptoms

Symantec Endpoint Protection (SEP) clients do not update virus definitions.

  • Symantec Endpoint Protection Manager shows old virus definitions in "Admin > Server > Local Site >Show LiveUpdate Downloads".

 


Cause



One possible cause is that there is no more space available in the database used by the SEPM.

Another possible cause is that old or corrupted virus definitions prevent Symantec Endpoint Protection Manager from updating with new downloaded virus definitions.


Solution



Examine the Database Server's Logs for Errors.

If the database server is out of space or if the table used to store definitions has reached its quota, there will likely be error messages in the Windows Event Logs.  For an example, please see Could not allocate space for object 'dbo.BINARY_FILE' in database 'SEM5' because the 'FG_CONTENT' filegroup is full.  

Search the Window Event Logs for indications of trouble, and take any action necessary to correct it. 

 

Steps to clean Virus Definitions folders and republish LiveUpdate Product Inventory on Symantec Endpoint Protection Manager:

If the issue is with corrupted content, the following steps should resolve the matter: 

  1. Delete the content of folder "c:\documents and settings\All users\Application Data\Symantec\LiveUpdate\Downloads\"
    Note: Application Data is a hidden folder. Delete the content of the Downloads folder, but not the folder itself.
  2. Update the LiveUpdate catalog by opening the following link in Internet Explorer:
    http://localhost:9090/servlet/ConsoleServlet?ActionType=ConfigServer&action=PublishLuInventory
    After few seconds you will get a confirmation message "Responsecode="0".
  3. Stop the services "Symantec Endpoint Protection Manager" and "Symantec Endpoint Protection"
    To stop the services:
    1. Go to Start > Run.
    2. Type the following: Services.msc
    3. Select and stop the above mentioned services.
  4. Delete the numbered or TMP folders inside the paths:
    • %programfiles%\symantec\symantec endpoint protection manager\inetpub\content\{1CD85...
    • %programfiles%\symantec\symantec endpoint protection manager\inetpub\content\{C60DC...
    • %commonprogramfiles%\Symantec Shared\SymcData\sesmvirdef32
    • %commonprogramfiles%\Symantec Shared\SymcData\sesmvirdef64
    • %commonprogramfiles%\Symantec Shared\VirusDefs
  5. Before deleting above path, uninstall LiveUpdate then follow mentioned steps as above.
  6. Re-install LiveUpdate and register the Catalog by following below command in cmd prompt.
  7. Command- C:\  Program Files\Symantec\Symantec Endpoint Protection Manager\bin > lucatalog -forcedupdat 
  8. Launch the process LUALL.EXE from %programfiles%\Symantec\LiveUpdate (May be requested to click on "START")
    (LiveUpdate should run for some minutes (5-10 min), if some error messages are displayed, exit and launch again LUALL.exe)
  9. Restart both Symantec Endpoint Protection services when LiveUpdate is complete.
  10. Verify the numbered folders of virus definitions are created in the following paths:
    (There might be just 2-3 folders in the beginning, but the default number is 10 folders)
    • %programfiles%\symantec\symantec endpoint protection manager\inetpub\content\{1CD85...
    • %programfiles%\symantec\symantec endpoint protection manager\inetpub\content\{C60DC...
  11. Log on to Symantec Endpoint Protection Manager Console and launch a LiveUpdate from Admin > Server > Local Site > Download LiveUpdate content.


Verify the correct download/usage of new virus definitions from "Admin > Server > Local Site >Show LiveUpdate Downloads".

Note: In Server 2008, the Downloads folder in step 1 is located at  %programdata%\Symantec\LIveUpdate\Downloads
Note 2: In 64 bit operating system,%commonprogramfiles%\Symantec Shared is located in %programdata%\Symantec

References
This document is also available in the following languages:


Japanese: http://service1.symantec.com/support/INTER/entsecurityjapanesekb.nsf/jp_docid/20090508135048949
Simplified Chinese: http://service1.symantec.com/support/INTER/ent-securitysimplifiedchinesekb.nsf/cn_docid/20091118105110968




Legacy ID



2008041516215948


Article URL http://www.symantec.com/docs/TECH104721


Terms of use for this information are found in Legal Notices