Endpoint Protection client warning: "Old Virus Definition File"

Article:TECH150078  |  Created: 2011-01-24  |  Updated: 2012-10-12  |  Article URL http://www.symantec.com/docs/TECH150078
Article Type
Technical Solution


Symantec Endpoint Protection (SEP) clients display warning messages about out-of-date virus definitions. The SEP client is utilizing the latest definitions provided by the Symantec Endpoint Protection Manager (SEPM). The SEPM may or may not have the latest definitions available from the Symantec LiveUpdate servers


A pop-up warning message titled: "Old Virus Definition File".

The default message displayed is: "Your virus definitions are currently out of date. Contact your system administrator on how to update them."

The SEP client interface displays an error message stating: "Antivirus and Antispyware Protection definitions are out of date" (11.x) or "Virus and Spyware Protection definitions are out of date" (12.1.x).


This issue occurs when definitions provided by the Symantec Endpoint Protection Manager are older than the amount of days configured in the Antivirus and Antispyware (or Virus and Spyware) protection policy before an outdated definitions notification will appear.

If the definitions on the SEP client and SEPM server are less than 24 hours old, the Antivirus and Antispyware policy is likely configured to warn after definitions are one (1) day out of date. This is against best practices as new definitions are not made available immediately at midnight.



This issue can be resolved by ensuring that the virus definition policy used by affected clients provides enough time before warning about outdated definitions. The configured time should be no lower than the amount of time it takes all clients in the environment to receive updated definitions plus one day.

To modify the virus definition policy's notification settings: 

Note: This procedure does not apply to SEP 12.1 Small Business Edition.

  1. Log into the SEPM console and click the Policies tab.
  2. Under View Policies, click Antivirus and Antispyware Policies.
    For 12.1.x, look under Policies for Virus and Spyware Protection.
  3. In the Antivirus and Antispyware Policies pane, right-click the policy used by the affected clients and then choose Edit....
  4. Under Windows Settings, click Miscellaneous.
    You may need to look under Advanced Options.
  5. In the Miscellaneous pane, click the Notifications tab.
  6. Set the Days before a warning appears in Symantec Endpoint Protection value to the number of days calculated as "safe" for the affected clients.
  7. If you want to display a pop-up message on the client computer, check Display a notification message on the client computer. Click Message... to customize the message the users will see.
    You cannot specify a period of time during which SEP automatically suppresses the next follow-up notification.
  8. Click OK. This will save the changes to the policy.

Note:  When the out-of-date definition condition is triggered, you may see the notification message pop up multiple times on the SEP client. This notification continues to pop up until the definitions are current (as defined by the SEPM policy).

To avoid seeing this message more than once on the client, on the pop-up notification window, click Don't remind me again until after the next update, and then click Close.

Article URL http://www.symantec.com/docs/TECH150078

Terms of use for this information are found in Legal Notices