Solved

Corrupt Symantec Endpoint Protection (SEP) Definitions on 1 Server

Posted on 2012-03-15
5
5,278 Views
Last Modified: 2013-12-09
Hey,

I've got all my desktops/servers protected with Symantec Endpoint Protection 11.1 and has been working fine for over 18 months.  Occasionally I'll get one client report a corrupt definition, so I usually just run the intelligent updater on them and it resolves it.

Problem is I now have 1 client (my main file server and DC) where the defs are corrupt and I can't resolve it.  I have tried,

1.

Running the intelligent updater - no effect

2.

Stopping EndPoint - Doing this - http://www.symantec.com/business/support/index?page=content&id=TECH103176&locale=en_US - Same problem, after a few mins it reports corrupt defs.

3.

Doing the same as above but running the intelligent updater afterwards - same problem
I'm a little lost now.  No other servers/clients report the same problem and they all use the same definitions.

I get event ID 40 - Symantec Endpoint Protection has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses until virus definitions are downloaded to this computer.Application has encountered an error.

and event ID 4 - SRTSP - Error loading virus definitions.

Any suggestions?

Thanks,

Andy
0
Comment
Question by:manic_andy
5 Comments
 
LVL 8

Accepted Solution

by:
Tymetwister earned 500 total points
ID: 37728332
Try uninstall/reinstall of SEP?
0
 
LVL 2

Expert Comment

by:itsecalert
ID: 37729653
From Add/Remove Programs, Uninstall the LiveUpdate component. Then reinstall again. If you have the installation media or an installation package somewhere.
Look for LUSETUP.exe under SEPM folder of the installation media and run it after you uninstall LiveUpdate.

If possible reboot the system before re-installing. Looks corrupted to me.

Thanks

HB
0
 
LVL 5

Expert Comment

by:andrewmcc
ID: 37729758
Not sure if this is 100% similar, though we've had issues with Symantec Endpoint on some of the servers we have deployed across specific sites (they came from a small consultancy which was acquired then merged into the group).

http://www.symantec.com/connect/forums/sep-11-and-net-framework-problems

http://support.microsoft.com/kb/961293

We've had some issues which are not directly related I think to your issue, though seem similar enough for us to follow the Microsoft link and from memory, I checked with the server team before making the post, Symantec tech support suggested a .Net framework update might have had something to do with it, though afterwards we came to the conclusion that it was partially something else which was impacted by an update and then something SEP did....

Took some time before they worked out that one guy at Microsoft said he'd suggest the KB961293 article.

I think this solution was posted in part here before, though there were different scenarios.
0
 
LVL 2

Expert Comment

by:postechgeek
ID: 37739269
There is a utility called Rx4DefsSEP, that can be used to removed corrupted definitions from SEP11 clients. You will have to call and request it from Symantec Technical Support.

RX4DefsSEP:
http://www.symantec.com/business/support/index?page=content&id=TECH93036&locale=en_US

I've used it in the past.
0
 

Author Closing Comment

by:manic_andy
ID: 37799358
Nothing I did worked for whatever reason so I'm just going to uninstall it prior to upgrading to the latest version.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Have you ever tried to find someone you know on Facebook and searched to find more than one result with the same picture? Perhaps someone you know has told you that they have a 'facebook stalker' or someone who is 'posing as them' online and ta…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now