I have some servers where the SEP managed client isn't displaying the correct virus defs. When I peek in C:\programdata\symantec\symantec endpoint protection\$version$\data\defintions\virusdefs, I see multiple sub folders with dated defintions. I see one for the current day, then a couple from a couple weeks ago. The SEP client shows the Virus Defintions to be the date of the previously dated folder and Network Threat Protection is the current date. Running Live Update or applying the downloaded Intelligencer Update doesn't fix it. I can usually turn of tamper protection, then do a smc.exe -stop, then smc.exe -start and it will clear the old def folders and display the correct definitions in the client. The System log on the client does not show any errors. How do I go about correcting this? smc.exe -stop doesn't always work, and sometimes totally hangs SEP, requiring a restart. I can't do that to servers. I have to rely on the daily report to alert me as to which clients aren't updating properly.
SEPM is 12.1.6.
SEP clients are all 12.1.5 or higher.
Specific example:
SEP Client Version 12.1.5337.5000.105 (I'm sure I could find examples of 12.1.6 clients)
C: drive has plenty of space - 16 gigs free.
SEP client shows:
Virus and Spyware - Nov 22, 2015 r2
Proactive Threat Protection - Nov 13 2015 r11
Network Threat Protection - Dec 2, 2015 r11
VirusDefs folder has the following subfolders:
20151121.038
20151122.002
20151202.003
This issue isn't widespread. We have over 2200 clients, but I can count on fixing at least 1 per day. Experience tells me that stopping SMC just for correcting VirusDefs can cause the service to hang, requiring a restart to correct SMC services and virus defs. Usually, it clears the problem, but it's that 1 in 10 chance that hurts.