Hello!

We are facing following issue:

We are running a SEPM with 12.1.4023.4080 on a Windows 2008 R2 Server.
The clients have installed Windows 7 and Symantec Endpoint Protection 12.1.4013.4013.
Some clients doesn't get the current virus definition. If we choose the clients, rightclick on it and use "run command on computers > update content", the definition file seems to be deployed correctly - "Monitor > Command Status" all seems correct.

The client just stays with his old definition files.
I checked the available free space on the client, and there is enough space free.

What we can check here or do to solve this issue?

Thanks a lot.

Enable sylink debugging on one affected client and let it run for a few hearbeats. Post the log here for review:

How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry

few things to check ,is the client communicating with SEPM? does it have a green dot, are you clients getting definitons from SEPM or from internet or from GUP?

Is your SEPM or sql or Embedded DB? do you use proxy?

May be defintion is corrupt, Clean the definition

How to clear out definitions for a Symantec Endpoint Protection 12.1 client manually

Run the symhelp utility to find the reason

Troubleshooting computer issues with the Symantec Help support tool

Thanks at all, I will try your solutions as fast as possible.
First I will clean the definitions like mentioned in the how to named from cooldude.

@Rafeeq
The client is communicating with the SEPM, all clients get their definitions from SEPM.
SEPM is using a SQL database. There is no proxy.

Clearly, if the "Update Content" command from the SEPM works, then we can assume you have no client communciations issues.

How is your SEP environment setup, and what do you have configured in the LiveUpdate policy assigned to your clients (and doanload randomisaton times in the communications settings)?  I wonder if it's more a config issue rather than error, as your management of the clients appears unaffected.

As an aside, you mgiht find the below article handy:

Troubleshooting Content Delivery to the Symantec Endpoint Protection client

Just to make sure , your SEPM is updated with latest definitions right?

Post the sylink.log from any one affected client. How old are the definiton dates, if clients are running months old defs and SEPM not able to make delta, it will send the full package, make sure you dont have any MB restriction in your network..

Dear Mueller, please send details about your environment:

• Operating System version details (including service pack) of server and client
• Which antivirus components (firewall, device control, download control, etc.) are enabled on the affected server and clients
• Is there any firewall (including switch ACLs or any other hardware firewall) between the affected server and clients?
• Which firewall rules are defined to allow comms between servers and clients?

Every single information will be important for us to help you.

Best regards!