Endpoint Protection

 View Only

  • 1.  Unable to delete numbered folders in virusdefs folder

    Posted Apr 20, 2012 11:54 AM

    Hi All,

    Nearly 400 systems are not getting updates from last 20 days.
    SEPM and GUPs are working fine.
    Since I cannot take RDP, I have remotely connected through services.msc and stopped Symantec Endpoint Protection service. But I cannot stop Symantec Management Client Service.
    I have to delete virus definitions. But only last numbered file is not deleting completely. Apart from that all other numbered files are deleting completely.
    Kindly let me know how to delete the virus definitions completely.
    Is there any tool to delete Virus definitions remotely.
     



  • 2.  RE: Unable to delete numbered folders in virusdefs folder

    Broadcom Employee
    Posted Apr 20, 2012 12:07 PM

    why are you deleting the virusdef folder?

    are the definition corrupted?

     



  • 3.  RE: Unable to delete numbered folders in virusdefs folder

    Posted Apr 20, 2012 12:11 PM

    Yes. I think the definitions are corrupted.
    IPS definitions are updating regularly and the agent is communicating properly. Only Virus definitions are not updating.



  • 4.  RE: Unable to delete numbered folders in virusdefs folder

    Posted Apr 20, 2012 01:09 PM

    Its very unlikely that 400 systems have corrupted definitions.

    There is no tool to perform this however you can write a batch file for the steps mentioned in the below doc.

    How to clear out corrupted definitions for a Symantec Endpoint Protection Client manually

    http://www.symantec.com/business/support/index?page=content&id=TECH103176

     

    Or you can get Rx4Defs from tech support & script it.



  • 5.  RE: Unable to delete numbered folders in virusdefs folder

    Posted Apr 20, 2012 03:30 PM

    Hi

    You have mentioned that GUP is working fine , so this means clients are not able to download definitions from GUP

    please provide more information about your network setup

    1.These 400 machines are located in 1 group or distributed over many groups?

    2.is a single GUP serving all 400 machines?

    3.telnet <GUP IP> 2967 from any of the client machine and see if it works

    4.Collect sylink monitor logs


    Sylink monitor log:

    Download Sylink monitor from the following link
    URL:http://www.symantec.com/docs/TECH103369

    Set registry key: HKLM\Software\Symantec\Symantec Endpoint Protection\SMC - smc_debuglog_on = 1
    - Stop SMC: START > RUN > smc –stop
    - Start SMC: START > RUN > smc –start
    - Run SylinkMonitor for 2 heart beats and attach the log.

     

    Thanks and Regards

    Prakash Kamalakannan



  • 6.  RE: Unable to delete numbered folders in virusdefs folder

    Posted Apr 20, 2012 03:50 PM

    Try the link in that condition it help to remove the defintion and clear it

    http://www.symantec.com/business/support/index?page=content&id=TECH103176



  • 7.  RE: Unable to delete numbered folders in virusdefs folder

    Posted Apr 20, 2012 06:37 PM

    Agreed.

    It is unlikely that 400 machines would suddenly develop corrupt definitions all at once.

    I recommend opening a case with Symantec Support and investigating.

    James



  • 8.  RE: Unable to delete numbered folders in virusdefs folder

    Posted Apr 21, 2012 05:44 AM

    Agree with James. You can get help through the remote assistant



  • 9.  RE: Unable to delete numbered folders in virusdefs folder

    Posted Apr 21, 2012 06:04 AM

    First try the attach links and if not getting the resolution then raise the Case in Symantec.

    Regard

    Hemant