Syed Jahanzaib Personal Blog to Share Knowledge !

March 27, 2012

Symantec Endpoin Protection. Win32 Definitions not updating [SOLVED]

Symantec Endpoint Protection Manager 11.0

Symantec Endpoint Protection Manager 11.0

We have Symantec Endpoint Protection Manager Ver 11.0 Server [S.E.P.M]to protect our clients and servers from Virus / Spywares / and Network Threats. It is really cool product and it have helped us to breath smoother in many aspects and it is very good in centralized management/deployment.

It was working fine since long, but I noticed that SEPM stopped updating Antivirus And Antispyware Protection virus definitions and they were almost 1 week + old, rest of definitions including Proactive Threat Protection and Network Threat Protection were up to date. So there was something wrong with the virus definition update engine. I tried to manually launch Live Update on SEPM various times, but no use, Every time update all other definitions excluding Antivirus updates.
As showed in the image below . . .


It looked like that only Virus Definition engine was Jammed and for some reasons it was not downloading/accepting new definition.

I followed the below procedure to solve this issue.

Browse to

Save the latest definition file (in .jdb extension) on your Desktop.

03/26/12 03:55PM [GMT]                179,486,566 vd38f402.jdb
(171 MB)

Copy this definition file in the Default location of   SEPM  , (Where your SEPM is installed on the server.

C:\Program Files\Symantec Endpoint Protection Manager\data\inbox\content\incoming\

As showed in the image below . . .

After few minutes , it will automatically push the definition to SEPM console and it will be distributed to clients in few minutes, All of my clients (100+) took about 20 minutes to update. Afterwards it worked fine.

As showed in the image below . . .





Cheers and Best Regard’s

Syed Jahanzaib


  1. Sir, How you find this product?, I am using Kaspersky Administration Kit, but it is not giving 100 % result to me, do u recommend this one?


    Comment by Shery — May 10, 2012 @ 9:37 AM

    • Yes based on my experience (Specially for corporate environment) It is so far the best Antivirus Product. If configured in server / client scenario, Symantec is the best available option. You can control every aspect of your network related to security. Server will auto download the updates on daily basis, and it will distribute the definition to clients auto on scheduled basis, so every client will not goto internet for update definition..

      The good part is 32/64 bit both are supported, also all OS are supported e.g: Windows xp/vista/7/Win 2003, Win2008


      Comment by Syed Jahanzaib / Pinochio~:) — May 10, 2012 @ 1:06 PM

      • Thank you sir. I will recommend it to my company, when my Kaspersky Administration Kit’s license will expire. Kaspersky is also good in server/client options and in distributing updates to the clients but in detecting/removing of viruses it is not. Thnx again for your detailed reply.


        Comment by Shery — May 11, 2012 @ 8:20 AM

  2. in my case both above protections are updating fine but network threat protection is not updating and is stuck at 8 sep 2012. any idea sir?


    Comment by ammar barya — October 1, 2012 @ 5:31 PM

    • Do all clients are suffered with this issue or only few?
      Does network threat protection updated at server ? have you verified it SEPM server ?
      I encountered this issue at single client only, and reinstalling the SEPM client at client solved the issue.


      Comment by Syed Jahanzaib / Pinochio~:) — October 3, 2012 @ 11:31 AM

    • Following are two possible workarounds for your problem. Follow them and see if it helps.

      Make a backup of:
      [drive letter]:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\outbox\agent
      Than remove the content in the form of (all alpha number): e.g:

      This contains the information for your groups and downloads and updates to your clients.
      Try redownloading the “Live Update” content again and see if that helps your problem.
      Likely cause is coruption or inability to update (overwrite) the content .

      Second solution:

      Browse to the C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate folder, rename Product.Inventory.LiveUpdate to Product.Inventory.LiveUpdate.old and Product.Inventory.LastGood.LiveUpdate to Product.Inventory.LastGood.LiveUpdate.old.
      Copy the Product.Inventory.LiveUpdate and the Product.Inventory.LastGood.LiveUpdate (from a SEPM updating PTP definitions) to the LiveUpdate folder.

      Let me know if it helps.


      Comment by Syed Jahanzaib / Pinochio~:) — October 5, 2012 @ 8:44 AM

  3. it happens on half of the clients.
    yes clients take updates from the SEPM Server


    Comment by ammar barya — October 3, 2012 @ 3:21 PM

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: