Endpoint Protection

Hi, I need to deploy a policy which can remove old definition files from clients. Because iam getting freequest requests that most of the client machines are showing disabled in the Management console. When i dig into the client details i found that the definitions may corrupted.

SEP Client are able to communicate with SEPM Console ?

Hello,

Are the clients actually showing offline, with regards to SEPM communication? (Help and Support (or Help if 12.1) > Troubleshooting)?

If they are 'offline', and they don't have a LiveUpdate schedule set (or don't have internet access), then that's why the definitions are getting out of date. It may not have anything at all to do with definition corruption.

If it does say 'offline', enabling Sylink debug logging is the best way to track down why communication is failing with the SEPM. (With SEP 12.1, Tamper Protection must be disabled first.)

How to enable Sylink Debugging for Symantec Endpoint Protection in the registry

http://www.symantec.com/docs/TECH104758

Symantec Endpoint Protection Manager 12.1 Communication Troubleshooting

http://www.symantec.com/docs/TECH160964

Symantec Endpoint Protection: LiveUpdate Troubleshooting Flowchart

In case of Corrupt definitions, you may have either do that Manually.

Incase, of SEP 11.x, check this Article:

How to clear out corrupted definitions for a Symantec Endpoint Protection client manually

http://www.symantec.com/docs/TECH103176

Incase, of SEP 12.1, check this Article:

How to clear out definitions for a Symantec Endpoint Protection 12.1 client manually

http://www.symantec.com/docs/HOWTO59193

Hope that helps!!

There is no policy to remove the OLD defs.

You can use the Rx4defs utility to reomve the corrupted defs from the client machines.

Check this link,

http://www.symantec.com/docs/TECH93036

You can get this tool from Symantec.

Hi Manjunath K,

First identify whether definitions are reallly corrupted or not.

Check this article: How to determine if virus definitions of Symantec Endpoint Protection client (SEP) 11 or 12 Small Business Edition, are corrupted

Try the link in that condition

http://www.symantec.com/business/support/index?page=content&id=TECH103176

what is your communication Setting on Server?

Pull mode/ Push Mode?

Hello All,

Thanks for your prompt reply. First of all i regret to all because i will not check this forum contineously.

i will answer one by one.

Jackie: YES the clients are communicating to SEPM

Mithun: The clients are not offline, and the clients doesn't go to internet to download definitions because they are configured to download definitions/signature from Management server with respective heart beat. I have the definition files manually and tried updating but of no use.

Chetan: i have used rxdef tool to delete the definitions files and then tried updating which is not happening. SEPM is updating normally. Identified only few machines working acting like this.

Sumit: Clients are configured with Push mode with 2 minutes heart beat

Hi Manjunath K,

For timebeing provide an access to run liveupdate manually.

Try to run liveupdate manually at end user, Start --> Run --> Luall.exe

If it's SEP 12.1 client you will have to click on liveupdate tab only.

Do you see any suspicious behaviours on affected workstation ?

How many clients are in same group where this problem occur?

try the attach download

https://www-secure.symantec.com/connect/downloads/remove-virus-definitions