Corrupt definitions prevent Endpoint Protection clients from receiving updates

Article:TECH166923  |  Created: 2011-08-10  |  Updated: 2014-11-20  |  Article URL
Article Type
Technical Solution



Managed Symantec Endpoint Protection (SEP) clients do not update virus definitions. These clients are configured to receive their updates from their Symantec Endpoint Protection Manager (SEPM).

The SEPM shows old virus definitions in "Admin > Server > Local Site > Show LiveUpdate Downloads".


  • SEPM 12.1
  • WIndows 2003 SP2 32-bit
  • Windows Server 2008 R2 64-bit
  • SEP clients on Windows XP, 7


Examine the SEPM's log.liveupdate and the System > Server Activity logs may provide details on the nature of the failure.

One possible cause is that old or corrupted virus definitions present on the SEPM prevent the SEPM's ability to update the SEP clients with new virus definitions.


To clear old or corrupted virus definitions from the SEPM:

  1. Delete the content of following folder:

    C:\Documents and Settings\All users\Application Data\Symantec\LiveUpdate\Downloads\

    Note: Application Data is a hidden folder. Delete the content of the Downloads folder, but not the folder itself.

  2. Stop the service "Symantec Endpoint Protection Manager".

    1. Click Start > Run.
    2. Type the following:


    3. Select and stop the above mentioned service.

  3. Delete the numbered or TMP folders inside the paths:

    %programfiles%\symantec\symantec endpoint protection manager\inetpub\content\{535CB6A4-...
    %programfiles%\symantec\symantec endpoint protection manager\inetpub\content\{07B590B3-...
    %commonprogramfiles%\Symantec Shared\SymcData\spcVirDef32
    %commonprogramfiles%\Symantec Shared\SymcData\spcVirDef64

    • In Server 2008, the Downloads folder in step 1 is located at  %programdata%\Symantec\LIveUpdate\Downloads
    • In 64-bit operating systems the "Symantec\Symantec Endpoint Protection Manager\inetpub\content" folder will be located in C:\Program Files (x86) and not C:\Program Files
    • For Windows Server 2008 or similar systems the location of the %commonprogramfiles%\Symantec Shared\SymcData\ will be following: C:\ProgramData\Symantec\Definitions\SymcData\

  4. Launch the process LUALL.EXE

    1. Click Start > Run.
    2. Type the following:


    3. Click OK.
  5. Restart the Symantec Endpoint Protection Manager service when LiveUpdate is complete.

    1. Log on to Symantec Endpoint Protection Manager Console and launch a LiveUpdate from Admin > Server > Local Site > Download LiveUpdate content.
    2. Verify the correct download/usage of new virus definitions from "Admin > Server > Local Site >Show LiveUpdate Downloads".


Article URL

Terms of use for this information are found in Legal Notices