Virus definitions are not being updated by Endpoint Protection Manager 11

Article:TECH104721  |  Created: 2008-01-15  |  Updated: 2014-12-19  |  Article URL
Article Type
Technical Solution



Symantec Endpoint Protection Manager (SEPM) 11 is not updating the virus definitions for Symantec Endpoint Protection (SEP) clients. SEPM shows old virus definitions in Admin > Server > Local Site > Show LiveUpdate Downloads.



There are a couple of possible causes

  • There is no more space available in the database used by SEPM.
  • Old or corrupted virus definitions prevent SEPM from updating clients with new virus definitions.


Examine the Database Server's Logs for Errors

If the database server is out of space or if the table used to store definitions has reached its quota, there will likely be error messages in the Windows Event Logs.  For an example, please see Could not allocate space for object 'dbo.BINARY_FILE' in database 'SEM5' because the 'FG_CONTENT' filegroup is full.  

Search the Window Event Logs for indications of trouble, and take any action necessary to correct it.


Clean the virus definitions folders and republish the LiveUpdate Product Inventory

If the problem is due to corrupted content, the following steps should resolve the issue: 

  1. Delete the contents of the following folder:

    c:\documents and settings\All users\Application Data\Symantec\LiveUpdate\Downloads\"

    • Application Data is a hidden folder. Delete the content of the Downloads folder, but not the folder itself.
    • In Windows Server 2008, the Downloads folder is located at  %programdata%\Symantec\LIveUpdate\Downloads
    • On 64-bit operating systems, the folder %commonprogramfiles%\Symantec Shared is located in %programdata%\Symantec
  2. Update the LiveUpdate catalog by opening the following link in Internet Explorer:


    After few seconds you will get a confirmation message"Responsecode="0".

  3. Stop the services "Symantec Endpoint Protection Manager" and "Symantec Endpoint Protection".

    1. Click Start > Run.
    2. Type the following: Services.msc
    3. Select and stop the above mentioned services.
  4. Delete the numbered or TMP folders inside the paths:

    • %program files% OR %Program Files (x86)%\symantec\symantec endpoint protection manager\inetpub\content\{1CD85...
    • %programfiles% OR %Program Files (x86)% \symantec\symantec endpoint protection manager\inetpub\content\{C60DC...
    • %commonprogramfiles%\Symantec Shared\SymcData\sesmvirdef32
    • %commonprogramfiles%\Symantec Shared\SymcData\sesmvirdef64
    • %commonprogramfiles%\Symantec Shared\VirusDefs

      Note: On 64-bit operating systems, the folder %commonprogramfiles%\Symantec Shared is located in %programdata%\Symantec.
  5. Before deleting above path, uninstall LiveUpdate then follow mentioned steps as above.
  6. Re-install LiveUpdate and register the Catalog by following below command in cmd prompt.

    Command- C:\ Program Files or C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin > lucatalog -forcedupdate

  7. Launch the process LUALL.EXE from %program files%\Symantec\LiveUpdate for 32 bit machines or %Program Files (x86)%\Symantec\LiveUpdate for 64 bit machines (May be requested to click on "START")

    Note: LiveUpdate should run for some minutes (5-10 min), if some error messages are displayed, exit and launch again LUALL.exe.
  8. Restart both Symantec Endpoint Protection services when LiveUpdate is complete.
  9. Verify the numbered folders of virus definitions are created in the following paths:

    • %program files% OR %Program Files (x86)% \symantec\symantec endpoint protection manager\inetpub\content\{1CD85...
    • %program files% OR %Program Files (x86)% \symantec\symantec endpoint protection manager\inetpub\content\{C60DC...

      Note: There might be just 2-3 folders in the beginning, but the default number is 10 folders.
  10. Log on to Symantec Endpoint Protection Manager Console and launch a LiveUpdate from Admin > Server > Local Site > Download LiveUpdate content.
  11. Verify the correct download/usage of new virus definitions from "Admin > Server > Local Site >Show LiveUpdate Downloads".

Legacy ID


Article URL

Terms of use for this information are found in Legal Notices