Endpoint Protection

 View Only

  • 1.  SEP 11.0.5 "Invalid log record: Too few fields" error

    Posted Nov 25, 2009 03:44 AM
    After upgaring to SEP 11.0.5, from few days Antivirus and Antispyware Protection defination is not updating but others two Proactive Threat Protection and Network Threat Protection is upto date. In SEPM console Admin->Servers->Local Site, the following error showing "Invalid log record:  Too few fields"  [Site: aaa]  [Server: Mnemom].

    Please help to solve the problem...........Thanks in advance

    Shakil........


  • 2.  RE: SEP 11.0.5 "Invalid log record: Too few fields" error

    Posted Nov 25, 2009 03:50 AM

    Run a Repair for SEPM and then try this

     

    1. Stop  the SEPM server service.
    2. Go "…\Inetpub\content\{C60DC234-65F9-4674-94AE-62158EFCA433}" folder and deleted all the sub folders
    3) Go to C:\Program Files\Common Files\Symantec Shared\SymcData\ and delete the following folders:
    sesmipsdef32
    sesmipsdef64
    sesmvirdef32
    sesmvirdef64
    4)In the registry, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps.
    Deleted these keys
    SymcData-sesmipsdef32
    SymcData-sesmipsdef64
    SymcData-sesmvirdef32
    SymcData-sesmvirdef64
    5). In the registry, navigate to and delete the following keys:
    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\SymcData-sesmipsdef32
    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\SymcData-sesmipsdef64
    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\SymcData-sesmvirdef32
    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\SymcData-sesmvirdef64
    6). Starte the SEPM service back up.
    7). Run Live update from within the Symantec Endpoint Protection Management console.


  • 3.  RE: SEP 11.0.5 "Invalid log record: Too few fields" error
    Best Answer

    Posted Nov 26, 2009 02:14 AM
    You can also get the latest AV/AS definitions from the following site. Download the first executable and then run it on the machine in question. This wwould update the Antivirus definition and then monitor the machine for one more day and let us know whether the machine is then able to take the Antivirus definitions.

    http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce

    AV_AS Definitions rapid release.JPG