Corrupt Symantec Endpoint Protection (SEP) Definitions on 1 Server


I've got all my desktops/servers protected with Symantec Endpoint Protection 11.1 and has been working fine for over 18 months.  Occasionally I'll get one client report a corrupt definition, so I usually just run the intelligent updater on them and it resolves it.

Problem is I now have 1 client (my main file server and DC) where the defs are corrupt and I can't resolve it.  I have tried,


Running the intelligent updater - no effect


Stopping EndPoint - Doing this - - Same problem, after a few mins it reports corrupt defs.


Doing the same as above but running the intelligent updater afterwards - same problem
I'm a little lost now.  No other servers/clients report the same problem and they all use the same definitions.

I get event ID 40 - Symantec Endpoint Protection has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses until virus definitions are downloaded to this computer.Application has encountered an error.

and event ID 4 - SRTSP - Error loading virus definitions.

Any suggestions?


Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Try uninstall/reinstall of SEP?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
From Add/Remove Programs, Uninstall the LiveUpdate component. Then reinstall again. If you have the installation media or an installation package somewhere.
Look for LUSETUP.exe under SEPM folder of the installation media and run it after you uninstall LiveUpdate.

If possible reboot the system before re-installing. Looks corrupted to me.


Not sure if this is 100% similar, though we've had issues with Symantec Endpoint on some of the servers we have deployed across specific sites (they came from a small consultancy which was acquired then merged into the group).

We've had some issues which are not directly related I think to your issue, though seem similar enough for us to follow the Microsoft link and from memory, I checked with the server team before making the post, Symantec tech support suggested a .Net framework update might have had something to do with it, though afterwards we came to the conclusion that it was partially something else which was impacted by an update and then something SEP did....

Took some time before they worked out that one guy at Microsoft said he'd suggest the KB961293 article.

I think this solution was posted in part here before, though there were different scenarios.
There is a utility called Rx4DefsSEP, that can be used to removed corrupted definitions from SEP11 clients. You will have to call and request it from Symantec Technical Support.


I've used it in the past.
manic_andyAuthor Commented:
Nothing I did worked for whatever reason so I'm just going to uninstall it prior to upgrading to the latest version.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.