Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

How to clean the previous virus definition in sep12.5

Created: 24 Apr 2012 • Updated: 30 Jun 2012 | 6 comments
This issue has been solved. See solution.

How  to clean the previous virus definition in sep12.5

Please help

Comments 6 CommentsJump to latest comment

pete_4u2002's picture

do you mean delete virus definition, let know if it is helpful?

How to clear out corrupted definitions for a Symantec Endpoint Protection client manually

http://www.symantec.com/business/support/index?page=content&id=TECH103176

SMLatCST's picture

Just in case it helps, here's the same article but for the SEP12.1 client:

http://www.symantec.com/docs/HOWTO59193

And again for the SEPM itself:

http://www.symantec.com/docs/TECH166923

Mick2009's picture

Hi supportsib2,

Can you add what exact version of the product you are using?  Also, what behavior you are seeing?  And is it on a SEP client or a SEPM?

Thanks in advance!

With thanks and best regards,

Mick

P_K_'s picture

If it is SEP Client you can use Rx4DefsSEP

The "Rx4DefsSEP" utility is used to completely remove and replace definitions on a 32-bit or 64-bit Symantec Endpoint Protection 11 client.

http://www.symantec.com/business/support/index?page=content&id=TECH93036

For SEPM follow this

https://www-secure.symantec.com/connect/articles/how-clear-corrupt-virus-definitions-sepm

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

P_K_'s picture

It would be worth looking at this http://www.symantec.com/business/support/index?page=content&id=TECH122857

If using a 64 bit Operating System, follow the steps below (SEP 12.1.x):

  1. Open the Registry Editor on the machine where the SEPM is installed.
  2. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\InstalledApps
  3. On the right-hand side, look for the following String entries: SymcData-spcVirDef32, SymcData-spcIPSdef32, SymcData-sesmIPSdef64 and SymcData-spcVirDef64
  4. For the following entries, check the value data and confirm that they read as follows:
    • (Windows 2003) For SymcData-spcVirDef32 and SymcData-sesmIPSdef32, they always should look as below:

      C:\Program Files\Common Files\Symantec Shared\SymcData\spcVirDef32
      C:\Program Files\Common Files\Symantec Shared\SymcData\sesmIPSdef32
       

    • (Windows 2003) For SymcData-sesmVirDef64 and SymcData-sesmIPSdef64, they always should look as below:

      C:\Program Files\Common Files\Symantec Shared\SymcData\spcVirDef64
      C:\Program Files\Common Files\Symantec Shared\SymcData\sesmIPSdef64
       

    • (Windows 2008) For SymcData-sesmVirDef32 and SymcData-sesmIPSdef32, they always should look as below:

      C:\Program Data\Symantec\Definitions\SymcData\spcVirDef32
      C:\Program Data\Symantec\Definitions\SymcData\sesmIPSdef32
       

    • (Windows 2008) For SymcData-sesmVirDef64 and SymcData-sesmIPSdef64, they always should look as below:

      C:\Program Data\Symantec\Definitions\SymcData\spcVirDef64
      C:\Program Data\Symantec\Definitions\SymcData\sesmIPSdef64
       

  5. If the value data for these String entries does not match what is described above, modify the String and adjust accordingly
  6. Restart SEPM service.
  7. Start > Run > LUALL

    LiveUpdate will download 32-bit definitions correctly.

If using 32 bit Operating System, follow the steps below (SEP 12.1.x):

  1. On the machine that has the SEPM installed, open the Registry Editor
  2. Go to HKEY_LOCAL_MACHINE\SOFTWARE\symantec\InstalledApps
  3. On the right-hand side, look for the following String entries: SymcData-spcVirDef32, SymcData-sesmIPSdef32, SymcData-sesmIPSdef64 and SymcData-spcVirDef64
  4. For the following entries, check the value data and confirm that they read as follows:
    • (Windows 2003) For SymcData-spcVirDef32 and SymcData-sesmIPSdef32, they always should look as below:

      C:\Program Files\Common Files\Symantec Shared\SymcData\spcVirDef32
      C:\Program Files\Common Files\Symantec Shared\SymcData\sesmIPSdef32
       

    • (Windows 2003) For SymcData-spcVirDef64 and SymcData-sesmIPSdef64, they always should look as below:

      C:\Program Files\Common Files\Symantec Shared\SymcData\spcVirDef64
      C:\Program Files\Common Files\Symantec Shared\SymcData\sesmIPSdef64
       

    • (Windows 2008) For SymcData-spcVirDef32 and SymcData-sesmIPSdef32, they always should look as below:

      C:\Program Data\Symantec\Definitions\SymcData\spcVirDef32
      C:\Program Files\Symantec\Definitions\SymcData\sesmIPSdef32
       

    • (Windows 2008) For SymcData-spcVirDef64 and SymcData-sesmIPSdef64, they always should look as below:

      C:\Program Data\Symantec\Definitions\SymcData\spcVirDef64
      C:\Program Data\Symantec\Definitions\SymcData\sesmIPSdef64

  5. If the value data for these String entries does not match what is described above, modify the String and adjust accordingly
  6. Restart SEPM service.
  7. Start > Run > LUALL

    LiveUpdate will download 32-bit definitions correctly.

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

SOLUTION
Mithun Sanghavi's picture

Hello,

How many machines do you want to clean the Definitions on ?

If you want to perform this on small number of machines then you could download the latest version of Intelligent Updater from this page Daily Certified definitions for Symantec Endpoint Protection / Symantec Antivirus Corporate Edition.

Check this Article:

http://www.symantec.com/docs/TECH102606

If you would like to perform this activity on a huge number of machines, then you could also try Rollback of Virus definitions -

How to Backdate Virus Definitions in Symantec Endpoint Protection Manager

http://www.symantec.com/docs/TECH102935

Symantec Endpoint Protection 12.1: How to roll back the BASH definitions to a known good version

http://www.symantec.com/docs/HOWTO53366

Hope that helps!!

Mithun Sanghavi
Associate Security Architect

MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.