Video Screencast Help

SEPM virus definitions out of date and will not update

Created: 15 Nov 2013 • Updated: 18 Nov 2013 | 9 comments
This issue has been solved. See solution.

We are running SEPM 12.1.2.  a few weeks ago the server lost power but came back and everything looked fine.  We noticed today that all the computers in the system report that the definitions are out of date.  i looked at the SEPM and noticed that all of the prodcuts had updated definitions except for the 32 and 64 bit windows anti-virus defs.

I was thinking there should some easy way to remove the current definitions and download fresh ones but it doesn't seem to be that easy.

I tried the lucatalog -cleanup and -update commands. looked in some log files.  Stumped at the moment.

I have been looking through articles for a solution and nothing has worked so far or the solution was for a different version of SEPM. 

 

Any ides?

 

 

Operating Systems:

Comments 9 CommentsJump to latest comment

.Brian's picture

Have you tried the JDB file?

How to update definitions for Symantec Endpoint Protection Manager (SEPM) using a .jdb file

Article:TECH102607  |  Created: 2007-01-08  |  Updated: 2013-06-18  |  Article URL http://www.symantec.com/docs/TECH102607

 

Also possible defs are corrupt, see here:

Symantec Endpoint Protection Manager 12.1 is not updating 32-bit or 64-bit virus definitions due to corrupt content

Article:TECH166923  |  Created: 2011-08-10  |  Updated: 2013-06-20  |  Article URL http://www.symantec.com/docs/TECH166923 b

 

The Symantec Endpoint Protection Manager does not update virus definitions successfully through LiveUpdate

Article:TECH183178  |  Created: 2012-03-07  |  Updated: 2013-06-19  |  Article URL http://www.symantec.com/docs/TECH183178

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

AJ_01's picture

There may be a old defintion is corrupted from SEPM. You can try to remove it manually.

How to clear out definitions for a Symantec Endpoint Protection 12.1 client manually

 

Article:HOWTO59193  |  Created: 2011-09-08  |  Updated: 2013-06-24  |  Article URL http://www.symantec.com/docs/HOWTO59193

 

Regard

AJ

JAunmc's picture

Nothing seems to work.  Any other ideas?  I thought about going into settings and changing the revisions to keep of the Defs in the database to 1 to clear out all the old ones.Currently we have it set to 30.

 

Any other ideas?

pete_4u2002's picture

by placing jdb file, does it get processed or is there an .err file generated at the same location?

 

JAunmc's picture

Yes it seems to get processed.  Everything seems to go in except the Win32 and Win64 virus defs.

 

 

.Brian's picture

You cleared the defs out?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

JAunmc's picture

What I finally did after trying the suggestions above, was lower my number of revisions to keep from 30 to 25 hoping it would clear out the corrupt defs.

 

After that I ran liveupdate again and the defs magially started going out again.

 

At this point I'm not sure if it was a corrupt Def or something to do with space in the database or table. 

A coworker found some errors on the SQL server but we are not sure if they caused the issue or not.

 

Also the timing is suspect as the issue immediately followed a problem in our data center which made the SEPM and SQL servers lose power.

SOLUTION
.Brian's picture

If defs were downloading during power loss this could've been the culprit.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.