Hello,
I have tried purging the bad virus definitions and the workstations never get new virus definitions after I do this.
I also went through the suggestion of SEPM being corrupted. However, I find this very hard to believe since some workstations function correctly.
I noticed that if I go on the client while the client is listed in specific groups, they will say "Offline" when you go to "Help and Support" and click "Troubleshooting." However, they quickly start working again when I place them back into their old temporary group that works (they say online with the server name listed under Troubleshooting). From there, it seems like they are trying to work but still can't.
I should also mention that last Friday I created a new group and imported current policies into this group. I update the policy individually, but when I go to Details under the client "tab," it says "Policy Serial Number" and that number is blank. All of the systems under this group are unable to communicate with the SEPM. When I go on the client, it says Server Offline. However, when I move the clients out of that group and into a known working group, they can at least communicate with the server, but we're still having the virus definitions issue.
I tried going through and purging the virus definitions on the server and following the instructions from Article: TECH98276. I then went and hit manual "LiveUpdate" where LiveUpdate Express came up and downloaded the definitions from the internet. It took a while but eventually everything was "installed" and I saw that files popped back up under the LiveUpdate/Downloads folder and later into the VirusDefs folder. However, the client still says warning like the virus definitions are still out of date.
I also recently found out that all the GUPs are not properly updating themselves. The last update was from the 27th when I ran a manual JDB file insert into the incoming folder on the SEPM server.
I spoke with our hosted services provider about LiveUpdate being blocked from our firewall, but they said that they have Symantec's servers whitelisted (liveupdate.symatecliveupdate.com).
I'm not completely convinced that reinstalling the server is going to resolve this issue since it's only for certain machines. I have, however, already tried a repair install of the SEPM server software to no avail.