Sometimes, it is noted that if there are corrupt virus definitions downloaded by SEPM, it is required to clean them up and download the virus definitions again. Following are the steps for the same: File system cleanup for 32-bit SESC Virus Definitions: 1. Stop SEPM server service. 2. Go to C:\program files\symantec\symantec endpoint protection manager\Inetpub\content\{C60DC234-65F9-4674-94AE-62158EFCA433}" folder and move all of the subfolders to another place, such as C:\Temp if you want a backup, otherwise delete the sub-folders. Database cleanup for 32-bit SESC Virus Definitions: 3) Go to C:\Program Files\Common Files\Symantec Shared\SymcData\ and delete the following folders: sesmipsdef32 sesmipsdef64 sesmvirdef32 sesmvirdef64 4)In the registry, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps. Delete these keys SymcData-sesmipsdef32 SymcData-sesmipsdef64 SymcData-sesmvirdef32 SymcData-sesmvirdef64 5). In the registry, navigate to and delete the following keys: HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\SymcData-sesmipsdef32 HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\SymcData-sesmipsdef64 HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\SymcData-sesmvirdef32 HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\SymcData-sesmvirdef64 6). Start the SEPM service back up. 7). Run Live update from within the Symantec Endpoint Protection Management console. This will re-populate the database which in turn will update the moniker folders.
An exploit is a piece of software, a command, or a methodology that attacks a particular security vulnerability. Exploits are not always malicious in intent—they are sometimes used only as a way of demonstrating that a vulnerability exists. However, they are a common component of malware.
please, i need help. mt laptop encountered a SID:26892. Backdoor.Ratenjay RAT. what will i do?
Amen ShadowsPapa. How about, SEPM does, i dunno, perform a CHECKSUM function before it progate this corrupted definition file to ALL OF MY CLIENTS?
Have you checked your LiveUpdate policy? most recebtly, I spent a few weeks fighting with definitions being stuck and it wasn't corrupted defs (like it's been typically in the past). It was actually an older LiveUpdate policy using an invalid GUP that I was probably testing, when I restored my Database from backup.
A common theme in SEP 11.x and 12.x
I think that for the next update or release of SEP, Symantec needs to concentrate on the root cause, or build in an automatic repair system - meaning that if the SEPM detects definitions won't move beyond a certain point, the SEPM automatically rolls back to the last known good instance, cleans up, then moves forward.
Otherwise, I come in after 2 days off for vacation, and spend my next week fixing and cleaning up manually. Been this road too often - if a person leaves for a couple of days, and there is a problem with definitions, by the time you get back to it, it's an emergency as the defs are now 9 days old, and no one, including the boss, had current defs and the phone is ringing, email is filling up........ and "what? Again"? and you try to explain that it can't be explained, SEP just has this problem of corrupt defs now and then and it's just not smart enough to tell when its own defs are bad, can't move forward - it simply gets stuck and sits there.
So how hard would it be to add some intelligence to SEPM? Do some client checks, do some checks on the defs running in SEP that runs on the SEPM, some sort of hash or defs QA check the SEPM does daily and if the defs appear bad, SEPM rolls them all back, and starts again. How hard is that? This system works miracles, but get a single bit out of place and it's totally crippled. Sort of like if the space shuttle ran on Windows 7, no redundent computer, and the thing froze, and the crew is on re-entry and has to tell mission control - "uh, folks, hang on, we've got a corrupt file and will have to reboot the computer" ;-) Yeah, I'm poking at you tongue-in-cheek, but seriously, I'd love to see this app or rather system have some smarts - and I know you guys can do it - it's the best on the market - but it gets tangled each time there's a tiny problem with the definitions. It's like the achille's heel of SEPM.
BTW - It's now September 6th, our defs have been stuck on August 29th, r18 and won't move. I've tried all the documents, all hints, tips and suggestions. the boss called - "hey, what's up with the definitions?". I just got done reinstalling both servers several times because of other issues, and have done nothing all summer but reinstall, repair, rebuild, etc. I have over 150 hours in diagnostic time, hours, days, spent collecting information for tech support, who still have no real idea what's going on - I no longer like the phrase "no one else is seeing this" - they need to pay a visit to us. It's real. I'm exhausted. for me, SEP 12.1 is the worst version *as far as reliability* (it's power is beyond compare, however) since SAV 7.0 and corrupted defs aren't helping. Please - a real fix, a real document that's easy to follow. The last one was a jumble, and you had to keep referring to notes that explain "well, for that OS it's not that path, it's this path instead". That's not a very good document. Maybe I need to work there - I'm good at creating documents that anyone can follow and that make sense from an end-user stand-point. I'm ready for a Symantec tech person to remote in, take control, and just FIX it all.
Readers of this article may also be interested in:
Symantec Endpoint Protection Manager 11.x is not updating 32 or 64 bit virus definitions. Article: TECH104721 | Created: 2008-01-15 | Updated: 2012-06-16 | Article URL http://www.symantec.com/docs/TECH104721 Symantec Endpoint Protection Manager (SEPM) 12.1 is not updating 32 or 64 bit virus definitions. Article: TECH166923 | Created: 2011-08-11 | Updated: 2012-02-06 | Article URL http://www.symantec.com/docs/TECH166923
Symantec Endpoint Protection Manager 11.x is not updating 32 or 64 bit virus definitions. Article: TECH104721 | Created: 2008-01-15 | Updated: 2012-06-16 | Article URL http://www.symantec.com/docs/TECH104721
Symantec Endpoint Protection Manager (SEPM) 12.1 is not updating 32 or 64 bit virus definitions. Article: TECH166923 | Created: 2011-08-11 | Updated: 2012-02-06 | Article URL http://www.symantec.com/docs/TECH166923
guys
i hav e installed Symantec End point protection manager on windows 2008 R2 and i do not have internet to update virus definations i am trying to downliad and update antivirus and anti spyware definations on server with .jdb file but it seems not updating .. how i check i go to consile admin--servers-localsite but it shows old updates on 17 dec. I wnat to update Server from .jdb file and all clinets then get updated with the server .. no internet access at all.
please suggest how i update server and my clinets with latest virus definatiosn
The Location for the SymcData folder in Windows 2008 64 bit machine is as follows:
C:\ProgramData\Symantec\Definitions\SymcData
Maybe your DB is already corrupt... For this you have to reinstall your sep infrastructure from first point. you can save policies, certificate, server settings and so on but you need to create a new 1 from a new installation
did the trick
Yes, can someone please eloborate and expound on the details of definitions get corrupted in the first place? I have restored the database several times from ths same validated restore point and the definitions keep becoming corrupt.