Symantec Endpoint Protection Manager 12.1 is not updating 32-bit or 64-bit virus definitions due to corrupt content

Article:TECH166923  |  Created: 2011-08-10  |  Updated: 2014-04-28  |  Article URL http://www.symantec.com/docs/TECH166923
Article Type
Technical Solution


Environment

Issue



Managed Symantec Endpoint Protection (SEP) clients do not update virus definitions.  These clients are configured to receive their updates from their Symantec Endpoint Protection Manager (SEPM).

The SEPM shows old virus definitions in "Admin > Server > Local Site > Show LiveUpdate Downloads".

 

 


Environment



SEPM 12.1
WIndows 2003 SP2 32-bit

Windows Server 2008 R2 64-bit

SEP clients Windows XP, Windows 7.


Cause



There are several possible causes.  Examine the SEPM's log.liveupdate and the System > Server Activity logs may provide details on the nature of the failure.

One possible cause is that old or corrupted virus definitions present on the SEPM prevent the SEPM's ability to update the SEP clients with new virus definitions.


Solution



To clear old or corrupted virus definitions from the SEPM:

1. Delete the content of folder "C:\Documents and Settings\All users\Application Data\Symantec\LiveUpdate\Downloads\"
Note: Application Data is a hidden folder. Delete the content of the Downloads folder, but not the folder itself.

2. Stop the service "Symantec Endpoint Protection Manager".
To stop this service:

  1. Go to Start > Run.
  2. Type the following: Services.msc
  3. Select and stop the above mentioned service

3. Delete the numbered or TMP folders inside the paths:

  • %programfiles%\symantec\symantec endpoint protection manager\inetpub\content\{535CB6A4-...
  • %programfiles%\symantec\symantec endpoint protection manager\inetpub\content\{07B590B3-...
  • %commonprogramfiles%\Symantec Shared\SymcData\spcVirDef32
  • %commonprogramfiles%\Symantec Shared\SymcData\spcVirDef64

Note 1: In Server 2008, the Downloads folder in step 1 is located at  %programdata%\Symantec\LIveUpdate\Downloads
Note 2: In 64-bit operating systems the "Symantec\Symantec Endpoint Protection Manager\inetpub\content" folder will be located in C:\Program Files (x86) and not C:\Program Files
Note 3: For Windows Server 2008 or similar systems the location of the %commonprogramfiles%\Symantec Shared\SymcData\ will be following: C:\ProgramData\Symantec\Definitions\SymcData\

4. Launch the process LUALL.EXE

  • Go to Start > Run.
  • Type the following: LUALL.exe
  • Click OK

5. Restart the Symantec Endpoint Protection Manager service when LiveUpdate is complete. 

  1. Log on to Symantec Endpoint Protection Manager Console and launch a LiveUpdate from Admin > Server > Local Site > Download LiveUpdate content.
  2. Verify the correct download/usage of new virus definitions from "Admin > Server > Local Site >Show LiveUpdate Downloads".

 





Article URL http://www.symantec.com/docs/TECH166923


Terms of use for this information are found in Legal Notices