SEP: Resolving Clients Running Out-of-date Definitions

By gunnalagDesktop

Check the status of reported client in SEPM console

If client is ”’active”’, Run "Update Content" command from SEPM. To verify what definitions that client running with, check below files:

C:>type "\<workstation name>c$Program FilesCommon FilesSymantec SharedVirusDefsusage.dat" (definitions in use)

C:>type "\<workstation name>c$Program FilesCommon FilesSymantec SharedVirusDefsdefinfo.dat" (definitions dates)

If client is ”’active but connected to remote site servers”’ (Computer icon with single red cross arrow) then

  1. Check if PC is able to resolve it’s local SEPM servers.
  2. Try flushing the DNS cache and see if client makes connection to local SEPM servers
  3. If still fails, drop the latest (you may copy it from any upt-to-date client) SyLink.xml file as below:

C:>start cmd /k telnet <workstation name>

C:>cd C:temp

C:temp>SylinkDrop.exe -silent SyLink.xml

C:>tail -5 -f \<workstation name>c$Progra~1SymantecSymant~1syslog.log | cut -f7

Once the client actively reports in SEPM, Run "Update Content" command from SEPM and verify if client gets latest updates.

If it’s ”’not active”’, Check the latest client logs to see if there are any errors or the client last activity

C:>tail -3 \<workstation name>c$Progra~1SymantecSymant~1syslog.log | cut -f7

Symantec Endpoint Protection services startup was successful.

TruScan has generated an error: code 11: description: Whitelist Failure

Disconnected from Symantec Endpoint Protection Manager (xx.xx.xxx.xxx)

C:>

If there are any errors like "TruScan has generated an error: code 11: description: Whitelist Failure" in above, check further about the error and possible fixes at Symantec/internet forums/sites.

Try restarting SMC service (which should take care of auto stat/stop of LiveUpdate service for definitions download) as below:

C:>"Program FilesSymantecSymantec Endpoint ProtectionSmc.exe" -stop

C:>"Program FilesSymantecSymantec Endpoint ProtectionSmc.exe" -start

Then check if client actively reports in SEP server, if yes, follow the steps given in "client is ”’active”’" section.

Then try explicitly restarting LiveUpdate service

Run the "Rx4DefsSEP" utility to completely remove and replace definitions.

<

p>If still no luck, notify the user to save data and restart the PC and see if it gets updated.

By gunnalag

You might also like:

Procedure to extend Windows System Partition with non-adjacent or non-contiguous unallocated Free space

FIX: Arrow Keys Navigation does NOT work in Excel

Fix: Microsoft Office Icons Missing or Replaced with Generic white icons

Leave a Reply

Your email address will not be published. Required fields are marked *