Endpoint Protection

 View Only

  • 1.  Virus definition not update to date.

    Posted Oct 10, 2014 02:07 AM

    Hi,

    Since the virus definition is not up to date.

    I have tried to update content by SEPM and status was succeed. But still not updated to latest definition.

    Please advice.

     

    Microsoft Windows Server 2008 Enterprise (x64) SP2

    SEP 12.1.2015.2015

     

     

    Thanks



  • 2.  RE: Virus definition not update to date.

    Posted Oct 10, 2014 02:11 AM

    Run the symhelp tool to find the issue.

    Download the Symantec Help (SymHelp) diagnostic tool to detect Symantec product issues

    Article:TECH170752  |  Created: 2011-09-29  |  Updated: 2014-10-01  |  Article URL http://www.symantec.com/docs/TECH170752

    edit

    Also try to clean the defintion, may be the lats available defintion is corrupt

    How to clear out definitions for a Symantec Endpoint Protection 12.1 client manually

    Article:HOWTO59193  |  Created: 2011-09-08  |  Updated: 2013-06-24  |  Article URL http://www.symantec.com/docs/HOWTO59193


  • 3.  RE: Virus definition not update to date.

    Posted Oct 10, 2014 02:37 AM

    Troubleshooting Client Communication with SEPM

    Article:TECH95789  | Created: 2009-01-26  | Updated: 2012-01-03  | Article URL http://www.symantec.com/docs/TECH95789

    Troubleshooting Out-of-date Definitions on Clients (Part 1)

    http://www.symantec.com/tv/allvideos/details.jsp?vid=2236084589001

    Troubleshooting Out-of-date Definitions on Clients (Part 2)

    http://www.symantec.com/tv/allvideos/details.jsp?vid=2236084558001



  • 4.  RE: Virus definition not update to date.

    Posted Oct 10, 2014 04:03 AM

    Hi,

    I have exported log by SymHelp.

    Please help to investigate.

    Actually 5A and 6A are cluster servers. Both of them have same problem.

     

    Thanks

    Attachment(s)

    zip
    [HKSAPS5A]__2014-10-10__15-32-37.zip   4.83 MB 1 version
    zip
    [HKSAPS6A]__2014-10-10__15-32-42.zip   5.64 MB 1 version


  • 5.  RE: Virus definition not update to date.

    Posted Oct 10, 2014 08:09 AM

    You should also enable sylink debugging on an affected client, let it run thru a few heartbeats and provide this log as well:

    How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry



  • 6.  RE: Virus definition not update to date.

    Posted Oct 12, 2014 10:34 PM

    Hi Brian,

    Then I should enable debug and run symhelp agin ??

    Thanks



  • 7.  RE: Virus definition not update to date.

    Posted Oct 12, 2014 10:43 PM

    Yes, to be able to see what's going on.



  • 8.  RE: Virus definition not update to date.

    Posted Oct 13, 2014 01:32 AM

    You can run the symhelp then scan for common issue to find the reason of the problem.
    It will show you the reason and solution for the issue..



  • 9.  RE: Virus definition not update to date.

    Posted Oct 13, 2014 02:17 AM

    Sould I select Standard data for Support + Enable product debug logging ??

    Otherwise, how to reproduce the issue ?


    Thanks



  • 10.  RE: Virus definition not update to date.



  • 11.  RE: Virus definition not update to date.

    Broadcom Employee
    Posted Oct 22, 2014 01:35 PM

    The reports in HKSAPS5A indicate virus definition corruption and a possible communications issue due to the Windows Firewall not containing an expected (installed by SEP) exclusion for the SMC service, SEP's primary communications service.  The disk usage report also indicates that the virus definition directory contains an unusually large amount of data further pointing to the virus definition corruption issue.  In this case the definitions seemed to be delivered intact but the SEP client failed to switch over to the newer set.  

    Both the virus definition and disk usage reports link to articles describing how to clear out corrupt definitions or otherwise troubleshoot this type of issue.

    If these ready-made solutions do not prove to be successful, then contact support and provide the sylink debug log as instructed above.