Endpoint Protection

How  to clean the previous virus definition in sep12.5

Please help

do you mean delete virus definition, let know if it is helpful?

How to clear out corrupted definitions for a Symantec Endpoint Protection client manually

http://www.symantec.com/business/support/index?page=content&id=TECH103176

Just in case it helps, here's the same article but for the SEP12.1 client:

http://www.symantec.com/docs/HOWTO59193

And again for the SEPM itself:

http://www.symantec.com/docs/TECH166923

Hi supportsib2,

Can you add what exact version of the product you are using?  Also, what behavior you are seeing?  And is it on a SEP client or a SEPM?

Thanks in advance!

If it is SEP Client you can use Rx4DefsSEP

The "Rx4DefsSEP" utility is used to completely remove and replace definitions on a 32-bit or 64-bit Symantec Endpoint Protection 11 client.

http://www.symantec.com/business/support/index?page=content&id=TECH93036

For SEPM follow this

https://www-secure.symantec.com/connect/articles/how-clear-corrupt-virus-definitions-sepm

It would be worth looking at this http://www.symantec.com/business/support/index?page=content&id=TECH122857

If using a 64 bit Operating System, follow the steps below (SEP 12.1.x):

1. Open the Registry Editor on the machine where the SEPM is installed.
2. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\InstalledApps
3. On the right-hand side, look for the following String entries: SymcData-spcVirDef32, SymcData-spcIPSdef32, SymcData-sesmIPSdef64 and SymcData-spcVirDef64
4. For the following entries, check the value data and confirm that they read as follows:
   • (Windows 2003) For SymcData-spcVirDef32 and SymcData-sesmIPSdef32, they always should look as below:
     
     C:\Program Files\Common Files\Symantec Shared\SymcData\spcVirDef32
     C:\Program Files\Common Files\Symantec Shared\SymcData\sesmIPSdef32
      
   • (Windows 2003) For SymcData-sesmVirDef64 and SymcData-sesmIPSdef64, they always should look as below:
     
     C:\Program Files\Common Files\Symantec Shared\SymcData\spcVirDef64
     C:\Program Files\Common Files\Symantec Shared\SymcData\sesmIPSdef64
      
   • (Windows 2008) For SymcData-sesmVirDef32 and SymcData-sesmIPSdef32, they always should look as below:
     
     C:\Program Data\Symantec\Definitions\SymcData\spcVirDef32
     C:\Program Data\Symantec\Definitions\SymcData\sesmIPSdef32
      
   • (Windows 2008) For SymcData-sesmVirDef64 and SymcData-sesmIPSdef64, they always should look as below:
     
     C:\Program Data\Symantec\Definitions\SymcData\spcVirDef64
     C:\Program Data\Symantec\Definitions\SymcData\sesmIPSdef64
      
5. If the value data for these String entries does not match what is described above, modify the String and adjust accordingly
6. Restart SEPM service.
7. Start > Run > LUALL
   
   LiveUpdate will download 32-bit definitions correctly.

If using 32 bit Operating System, follow the steps below (SEP 12.1.x):

1. On the machine that has the SEPM installed, open the Registry Editor
2. Go to HKEY_LOCAL_MACHINE\SOFTWARE\symantec\InstalledApps
3. On the right-hand side, look for the following String entries: SymcData-spcVirDef32, SymcData-sesmIPSdef32, SymcData-sesmIPSdef64 and SymcData-spcVirDef64
4. For the following entries, check the value data and confirm that they read as follows:
   • (Windows 2003) For SymcData-spcVirDef32 and SymcData-sesmIPSdef32, they always should look as below:
     
     C:\Program Files\Common Files\Symantec Shared\SymcData\spcVirDef32
     C:\Program Files\Common Files\Symantec Shared\SymcData\sesmIPSdef32
      
   • (Windows 2003) For SymcData-spcVirDef64 and SymcData-sesmIPSdef64, they always should look as below:
     
     C:\Program Files\Common Files\Symantec Shared\SymcData\spcVirDef64
     C:\Program Files\Common Files\Symantec Shared\SymcData\sesmIPSdef64
      
   • (Windows 2008) For SymcData-spcVirDef32 and SymcData-sesmIPSdef32, they always should look as below:
     
     C:\Program Data\Symantec\Definitions\SymcData\spcVirDef32
     C:\Program Files\Symantec\Definitions\SymcData\sesmIPSdef32
      
   • (Windows 2008) For SymcData-spcVirDef64 and SymcData-sesmIPSdef64, they always should look as below:
     
     C:\Program Data\Symantec\Definitions\SymcData\spcVirDef64
     C:\Program Data\Symantec\Definitions\SymcData\sesmIPSdef64
5. If the value data for these String entries does not match what is described above, modify the String and adjust accordingly
6. Restart SEPM service.
7. Start > Run > LUALL
   
   LiveUpdate will download 32-bit definitions correctly.

Hello,

How many machines do you want to clean the Definitions on ?

If you want to perform this on small number of machines then you could download the latest version of Intelligent Updater from this page Daily Certified definitions for Symantec Endpoint Protection / Symantec Antivirus Corporate Edition.

Check this Article:

http://www.symantec.com/docs/TECH102606

If you would like to perform this activity on a huge number of machines, then you could also try Rollback of Virus definitions -

How to Backdate Virus Definitions in Symantec Endpoint Protection Manager

http://www.symantec.com/docs/TECH102935

Symantec Endpoint Protection 12.1: How to roll back the BASH definitions to a known good version

http://www.symantec.com/docs/HOWTO53366