How to find if a SEP 12.1.3 client is corrupt or is it just having a corrupt defenitions ?

No,You cann't find corrupt sep client.

Only way if any client and not connected long time or not update.so you can check manually sep client.

How to determine if virus definitions of Symantec Endpoint Protection client (SEP) 11 or 12 Small Business Edition, are corrupted

Just need to be creative despite what others may tell you. One way to do this by running wireshark on the SEPM and look for clients downloading full defs. See my article here:

Using Wireshark to detect full.zip downloads on SEP client machines

You can also use advanced filtering to see which clients are downloading full defs, an indicator of corrupt definitions:

SEPM 12.1 - Advanced Settings filter options for Client Activity logs

The only way is to download the report of the client which are running with old definition.

Login Console Monitor-> logs-> Computer Status-> View logs and save it

After open the csv sort the defintion

https://www-secure.symantec.com/connect/articles/how-export-virus-definition-and-client-information-excel-format

Then follow the article http://www.symantec.com/docs/TECH97677

either run the symhelp tool on the clients.

Download the Symantec Help (SymHelp) diagnostic tool to detect Symantec product issues

Nope. Not possible..

We have about 40000 clients of which 1000 clients are not updated, so there should be a better way to detect them than manually checking them.

There should but for now you're limited to using other means.

Using SEPM reporting should be able to assist with this need.  It may be necessary to compare SEPM report results to a separately managed inventory list, but this would be true in the case of any management database that relies on client communications to maintain a status. 

Hi Sealchan,

Can you please elobrate more ?

Regards,

Praveen