Video Screencast Help

Unable to remove old Virus Def's on Endpoint

Created: 21 Jan 2013 • Updated: 21 Jan 2013 | 13 comments

Hi my C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Definitions\VirusDefs is very large but if I try and remove them I just get an error saying I dont have permission even though I am logged in as the domain admin.

How can I reduce this folder size please?

Im running Endpoint 12.1.1101.401

Thanks

Comments 13 CommentsJump to latest comment

.Brian's picture

Did you stop the service?

See this article

How to clear out definitions for a Symantec Endpoint Protection 12.1 client manually

Article:HOWTO59193  |  Created: 2011-09-08  |  Updated: 2012-09-25  |  Article URL http://www.symantec.com/docs/HOWTO59193

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

pete_4u2002's picture

how many folders do you see?

stop the sep service and remove the folder, monitor again for number of folders getting created.

reddoor's picture

Hi I have tried this but I still get "you need permission to perfom this action"

Thanks

.Brian's picture

What are the permissions showing on this folder?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

reddoor's picture

Its showing as doman\administrators full control and domain\users read only access

.Brian's picture

Disable tamper protection and try again

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

reddoor's picture

Hi thats not installed on this server, I only ran the basic server protection?

 

Mithun Sanghavi's picture

Hello,

Are you trying to uninstall the Virusdefs folder or the content within that folder??

Make sure you have the Tamper Protection disabled from the SEPM server for the group in which the client reports to.

 

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SebastianZ's picture

Tamper protection will be installed as well with basic protection module. Please try to disabled it and you should have access for file deletion. Access may be blocked as well in case where any of the scheduled or customer scans is running in the background - please have a check at it.

 

Beside that there is a known issue regarding the amount of AV defs kept on the SEP 12.1 on Server OS:

http://www.symantec.com/docs/TECH180056 - you may want to try the workarounds from here or updatin to RU2. Please note the default amount of Virus defs kept on the SEP client in version 12.1 should be only 1.

 

reddoor's picture

Oh right ok so how do I disable the tamper protection?

 

.Brian's picture

Open the SEP GUI

Change Settings

Client Management >> Tamper Protection tab

Uncheck it and click OK

try again

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

JS@support's picture

Hi,

This is not the correct method to delete the definitions. However if you want to delete it then stop the SEPM and SEP client service & then try to do that.

Best apporach is chnage the configuration on the SEPM. Change the number of content revisions to keep on the SEPM.

 

Ashish-Sharma's picture

Hi,

Try to restart system Check again,we have receive couple of time same problem.

 

Thanks In Advance

Ashish Sharma