Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

How to clean the previous virus definition in sep12.5

Created: 24 Apr 2012 • Updated: 30 Jun 2012 | 6 comments
This issue has been solved. See solution.

How  to clean the previous virus definition in sep12.5

Please help

Comments 6 CommentsJump to latest comment

pete_4u2002's picture

do you mean delete virus definition, let know if it is helpful?

How to clear out corrupted definitions for a Symantec Endpoint Protection client manually

http://www.symantec.com/business/support/index?page=content&id=TECH103176

SMLatCST's picture

Just in case it helps, here's the same article but for the SEP12.1 client:

http://www.symantec.com/docs/HOWTO59193

And again for the SEPM itself:

http://www.symantec.com/docs/TECH166923

Mick2009's picture

Hi supportsib2,

Can you add what exact version of the product you are using?  Also, what behavior you are seeing?  And is it on a SEP client or a SEPM?

Thanks in advance!

With thanks and best regards,

Mick

P_K_'s picture

If it is SEP Client you can use Rx4DefsSEP

The "Rx4DefsSEP" utility is used to completely remove and replace definitions on a 32-bit or 64-bit Symantec Endpoint Protection 11 client.

http://www.symantec.com/business/support/index?page=content&id=TECH93036

For SEPM follow this

https://www-secure.symantec.com/connect/articles/how-clear-corrupt-virus-definitions-sepm

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

P_K_'s picture

It would be worth looking at this http://www.symantec.com/business/support/index?page=content&id=TECH122857

If using a 64 bit Operating System, follow the steps below (SEP 12.1.x):

  1. Open the Registry Editor on the machine where the SEPM is installed.
  2. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\InstalledApps
  3. On the right-hand side, look for the following String entries: SymcData-spcVirDef32, SymcData-spcIPSdef32, SymcData-sesmIPSdef64 and SymcData-spcVirDef64
  4. For the following entries, check the value data and confirm that they read as follows:
    • (Windows 2003) For SymcData-spcVirDef32 and SymcData-sesmIPSdef32, they always should look as below:

      C:\Program Files\Common Files\Symantec Shared\SymcData\spcVirDef32
      C:\Program Files\Common Files\Symantec Shared\SymcData\sesmIPSdef32
       

    • (Windows 2003) For SymcData-sesmVirDef64 and SymcData-sesmIPSdef64, they always should look as below:

      C:\Program Files\Common Files\Symantec Shared\SymcData\spcVirDef64
      C:\Program Files\Common Files\Symantec Shared\SymcData\sesmIPSdef64
       

    • (Windows 2008) For SymcData-sesmVirDef32 and SymcData-sesmIPSdef32, they always should look as below:

      C:\Program Data\Symantec\Definitions\SymcData\spcVirDef32
      C:\Program Data\Symantec\Definitions\SymcData\sesmIPSdef32
       

    • (Windows 2008) For SymcData-sesmVirDef64 and SymcData-sesmIPSdef64, they always should look as below:

      C:\Program Data\Symantec\Definitions\SymcData\spcVirDef64
      C:\Program Data\Symantec\Definitions\SymcData\sesmIPSdef64
       

  5. If the value data for these String entries does not match what is described above, modify the String and adjust accordingly
  6. Restart SEPM service.
  7. Start > Run > LUALL

    LiveUpdate will download 32-bit definitions correctly.

If using 32 bit Operating System, follow the steps below (SEP 12.1.x):

  1. On the machine that has the SEPM installed, open the Registry Editor
  2. Go to HKEY_LOCAL_MACHINE\SOFTWARE\symantec\InstalledApps
  3. On the right-hand side, look for the following String entries: SymcData-spcVirDef32, SymcData-sesmIPSdef32, SymcData-sesmIPSdef64 and SymcData-spcVirDef64
  4. For the following entries, check the value data and confirm that they read as follows:
    • (Windows 2003) For SymcData-spcVirDef32 and SymcData-sesmIPSdef32, they always should look as below:

      C:\Program Files\Common Files\Symantec Shared\SymcData\spcVirDef32
      C:\Program Files\Common Files\Symantec Shared\SymcData\sesmIPSdef32
       

    • (Windows 2003) For SymcData-spcVirDef64 and SymcData-sesmIPSdef64, they always should look as below:

      C:\Program Files\Common Files\Symantec Shared\SymcData\spcVirDef64
      C:\Program Files\Common Files\Symantec Shared\SymcData\sesmIPSdef64
       

    • (Windows 2008) For SymcData-spcVirDef32 and SymcData-sesmIPSdef32, they always should look as below:

      C:\Program Data\Symantec\Definitions\SymcData\spcVirDef32
      C:\Program Files\Symantec\Definitions\SymcData\sesmIPSdef32
       

    • (Windows 2008) For SymcData-spcVirDef64 and SymcData-sesmIPSdef64, they always should look as below:

      C:\Program Data\Symantec\Definitions\SymcData\spcVirDef64
      C:\Program Data\Symantec\Definitions\SymcData\sesmIPSdef64

  5. If the value data for these String entries does not match what is described above, modify the String and adjust accordingly
  6. Restart SEPM service.
  7. Start > Run > LUALL

    LiveUpdate will download 32-bit definitions correctly.

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

SOLUTION
Mithun Sanghavi's picture

Hello,

How many machines do you want to clean the Definitions on ?

If you want to perform this on small number of machines then you could download the latest version of Intelligent Updater from this page Daily Certified definitions for Symantec Endpoint Protection / Symantec Antivirus Corporate Edition.

Check this Article:

http://www.symantec.com/docs/TECH102606

If you would like to perform this activity on a huge number of machines, then you could also try Rollback of Virus definitions -

How to Backdate Virus Definitions in Symantec Endpoint Protection Manager

http://www.symantec.com/docs/TECH102935

Symantec Endpoint Protection 12.1: How to roll back the BASH definitions to a known good version

http://www.symantec.com/docs/HOWTO53366

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.