Endpoint Protection

Hello,

I've got an issue where I load the vd2e0632.jdb file into the incoming folder. normally it loads just fine and within 10 minutes my workstations are all updated. However this month something changed and after i loaded the .jdb file as usual, none of my workstations are updated. can someone possibly point me in the right direction to get this fixed?

thanks in advance!

joe

Just Some basics

Make sure that the clients are communicating with the SEP Manager

Check if the clients have a green dot on the shiels.

Also check if the SEP Manager updates the definitions.

In the SEPM

Go to Admin , then Click Server , Click Local site, Click Show Live update downloads and then check the dates of the virus defs downaloded.

Attach a screen shot if possible

I did this, and it shows

Antivirus and antispyware definitions Win32 11.0 MicroDefsB.CurDefs revision: 2009-07-02 rev. 005 download time: July 2, 2009 6:02:15 PM GMT

I cannot attach a screen shot due to the nature of this machine.

the update i downloaded from symantec's update site were vd2e0632.jdb and vd2e0803.jdb, neither of which worked.

Is Win64 11.0 MicroDefsB.CurDefs  updated ??

this box is running 32bit. I've never needed to download the 64bit definitions at all over the past year.  Is there a log file i can look at somewhere outside of SEPM to determine what might be causing this issue?

You may need to follow the steps to clear out virus defs.

when you install the JDB it should update 32 as well as 64 bit defs
the concern is to check if 64its getting updated and not 32

when you paste the jdb..wait for few secs

go to manager click on admin -server

at the bottom do you see messages saying updated of defs failed?

It seems that SEPM is not updating the definitions through the jdb file as you have,

Antivirus and antispyware definitions Win32 11.0 MicroDefsB.CurDefs revision: 2009-07-02 rev. 005 download time: July 2, 2009 6:02:15 PM GMT

If the clients are communicating fine with SEPM, then there could be following reasons for clients not updating the definitions from SEPM.

1. SEPM itself is not processing the jdb file from the incoming folder and not getting updated. Hence the clients are not updating the defs.

2. It could be an issue with the SEPM database. If you are using the embedded database , you may do a database validation by running the dbvalidator tool. This tool is found in <drive>\Program Files\Symantec\Symantec Endpoint Protection Manager\Tools\dbvalidator.bat.

At the end it tells you if database validation passed or failed.

If the validation fails then the database is corrupt and calls for an uninstall and reinstall of SEPM. You may export all your policies before the SEPM is uninstalled so that they can be imported later into the new SEPM.

If it passes the validation, you may try to repair the SEPM installation from add/remove programs to see if the jdb file gets processed thereafter.

Let me know if this is helpful or if you any more questions. :-)

Try to reboot your machine then upload again the jdb file. let us know how it goes.

1. When I drop the .jdb file into the incoming folder, it looks like it processes it because a folder pops up. however, when I go to admin > local site > show liveupdate downloads, it does not show the current virus definition.

2. I do not have the dbvalidator tool, is there a place where I can download the tool?

Thank you for your replies.

Hi If the machine is a 32 bit machine then also it downloads the defntion for 64 bit machine . As SEPM is cable of managing 32 as well as 64 bit Client

Try the following STEPS

File system cleanup for 32-bit SESC Virus Definitions:

1. Stop SEPM server service.

2. Go to C:\program files\symantec\symantec endpoint protection manager\Inetpub\content\{C60DC234-65F9-4674-94AE-62158EFCA433}" folder and move all of the subfolders to another place, such as C:\Temp if you want a backup, otherwise delete the sub-folders.

Database cleanup for 32-bit SESC Virus Definitions:

3) Go to C:\Program Files\Common Files\Symantec Shared\SymcData\ and delete the following folders:
sesmipsdef32
sesmipsdef64
sesmvirdef32
sesmvirdef64

4)In the registry, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps.
Delete these keys
SymcData-sesmipsdef32
SymcData-sesmipsdef64
SymcData-sesmvirdef32
SymcData-sesmvirdef64

5). In the registry, navigate to and delete the following keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\SymcData-sesmipsdef32
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\SymcData-sesmipsdef64
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\SymcData-sesmvirdef32
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\SymcData-sesmvirdef64

6). Start the SEPM service back up.

7). Run Live update from within the Symantec Endpoint Protection Management console.

This will re-populate the database which in turn will update the moniker folders.

this worked, however i needed to stop ALL of the services (including the database) not sure why, but after two reboots i loaded the virus defs and everything worked.

Thank you very much everyone. this will be filed for future reference.