Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Definition not up to date

Created: 02 Sep 2014 | 18 comments

Hi,

I have found virus definition in Windows 2008 server not up to date.

Since the network communition between this server and SEPM server is normal (Tray icon with GREEN dot).

Refer to attachment, you may see the problem.

Please advice.

Thanks

Operating Systems:

Comments 18 CommentsJump to latest comment

.Brian's picture

Run the symhelp tool to see if defs are corrupt. Have you tried updating manually by running LiveUpdate or using JDB file?

See here:

http://www.symantec.com/docs/TECH92043

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

AJ_01's picture

Clean the definition of client and check it update

http://www.symantec.com/business/support/index?pag...

Regard

AJ

Rafeeq's picture

since this server is infected, I would not troubleshoot on definition update. run the rapid release and run a full scan in safe mode ASAP

http://www.symantec.com/security_response/definiti...

James007's picture

Does sufficient disk space available ?

These videos may help for troubleshooting out of date virus defination:

Troubleshooting Out-of-date Definitions on Clients (Part 1)

http://www.symantec.com/tv/allvideos/details.jsp?vid=2236084589001

Troubleshooting Out-of-date Definitions on Clients (Part 2)

http://www.symantec.com/tv/allvideos/details.jsp?vid=2236084558001

Rafeeq's picture

I'm sorry, that was for different thread :) 

Enable sylink logging and post the results

http://www.symantec.com/business/support/index?pag...

AJ_01's picture

You can be clear the definition to fix it.

Regard

AJ

.Brian's picture

Run the symhelp tool first to determine if defs are corrupt so you don't waste time if they're not

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

William Lawance's picture

Hi,

Attached for reference.

Please advice.

Thanks

AttachmentSize
20140904.zip 6.72 MB
.Brian's picture

You have corruption for a few of the different sets of defs, follow this guide for the resolution:

http://www.symantec.com/docs/TECH92043

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

William Lawance's picture

Thanks, let's try to follow it first.

William Lawance's picture

I was installed "Virus and Spyware Protection" only for these machines.

Then can I skip step 2 ??

2. If the BASHDefs definitions (Proactive Threat Protection) are to be cleared, then stop the BASH driver BHDrvx86 or BHDdrvx64

Thanks

.Brian's picture

Yea, if only using AV you can skip this step as it is for PTP.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Chetan Savade's picture

Hi,

If this is the only affected system, run intelligent updater.

The Intelligent Updater is an executable file that can be used to update virus definitions for the Symantec Endpoint Protection client. To update the definitions, run either the Daily Certified or Rapid Release Intelligent Updater on the local computer

How to Update Definitions for Symantec Endpoint Protection using the Intelligent Updater

http://www.symantec.com/docs/TECH102606 

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

gmirabella's picture

Same problem.

the Intelligent updater and the rapid updater too gave me this message in log:

Thu Sep 04 13:21:31 2014 : AUTH DLL LOCATION: IU will read the DLL location from registry - SSEIUAuth
Thu Sep 04 13:21:31 2014 : REG FAILURE: Failed while opening the key  from registry. Return code: 2
Thu Sep 04 13:21:31 2014 : DEPLOY DLL LOCATION: IU will read the DLL location from registry - SSEIUDeploy
Thu Sep 04 13:21:31 2014 : REG FAILURE: Failed while opening the key  from registry. Return code: 2
Thu Sep 04 13:21:31 2014 : IGNORE ENTRY: Ignoring entry for VIRSCAN.zip because of registry read failure. Error occurred while reading the path for the Authorization DLL from the registry.

.Brian's picture

Run the symhelp tool to determine what the issue is.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

gmirabella's picture

Done. No result from symhelp

Chetan Savade's picture

Hi,

If can reboot the server use Cleanwipe tool to remove corrupt SEP & do a fresh install

https://www-secure.symantec.com/connect/articles/new-cleanwipe-version-introduced-sep-121-ru2

or can give a try with Microsoft fix it as well.

http://support.microsoft.com/fixit/

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<