Click here to load reader
Upload
raskyan
View
19
Download
1
Embed Size (px)
Citation preview
NortonSmall BusinessEnterprisePartnersStoreAbout SymantecOverview
Solutions
• Cloud• Virtualization• Mobile• Industry Solutions
Products
• Products A-Z• Software as a Service• Trialware & Downloads• Product Forums• Licensing Products• Activating Software• Upgrading Products• Renewals• Policies
Services
• Consulting Services• Education Services• Managed Services• Support Services• Software as a Service
Training
• Product Training• Certification Programs• Classroom Locations• Skills Assessment• About Training
Support
• Supported Products A to Z• Support Fundamentals
Page 1 of 14Enterprise Support - Symantec Corp. How to clear out corrupted definitions for a Symant...
11/29/2012http://www.symantec.com/business/support/index?page=content&id=TECH103176&loca...
• Product Forums• Customer Support
Security Response
• Threat Explorer• Spam Intelligence• Removal Tools• Virus Definitions & Security Updates• State of Spam Report• Internet Security Threat Report (ISTR)• Blogs• White Paper Listing• Glossary• Screensaver
Resources
• Customer Success• Podcasts• CIO Digest• The Confident SMB• Articles• Webcasts & Events• SymantecTV• Downloads• Spotlight
Community
• Symantec Connect• Archiving & eDiscovery• Backup & Recovery• Storage & Clustering• Security• Endpoint Management• Endpoint Virtualization• All Communities
Store
• Purchase Online• Purchase Hosted Products• Renewals• Special Promotions
Page 2 of 14Enterprise Support - Symantec Corp. How to clear out corrupted definitions for a Symant...
11/29/2012http://www.symantec.com/business/support/index?page=content&id=TECH103176&loca...
How to clear out corrupted definitions for a Symantec Endpoint Protection client manuallyArticle:TECH103176 | Created:
2007-01-31 | Updated:
2012-03-30 | Article URL http://www.symantec.com/docs/TECH103176
(http://www.symantec.com/docs/TECH103176)
Article TypeTechnical Solution
Product(s)Show all (javascript:;)
EnvironmentShow all (javascript:;)
LanguagesShow all (javascript:;)
Problem
How to fix and rebuild corrupted definitions for a Symantec Endpoint Protection (SEP) client.
Solution
Page 3 of 14Enterprise Support - Symantec Corp. How to clear out corrupted definitions for a Symant...
11/29/2012http://www.symantec.com/business/support/index?page=content&id=TECH103176&loca...
DISCLAIMER: The following instructions are for the Symantec Endpoint Protection product ONLY. If there are any other Symantec products installed on the system that share the virus definitions please contact Symantec Technical Support.
Instructions for 32-bit Operating Systems:
For Windows 2000/2003/XP
1. Stop the Symantec Endpoint Protection Services:2. Click Start, Run, typing in smc -stop, and pushing Enter.3.
a. Click the Start button and then click Runb. Type services.msc and click OKc. Right-click Symantec Endpoint Protection and click
Stop.d. Minimize the Services window
Note: If you are unable to stop the Symantec Management Client you will need to temporarily disable Tamper Protection. Please see the Technical Information at the bottom of this document for instructions.
4. Delete the data from the Definition folders: ◦ Virus DefinitionsC:\Program Files\Common Files\Symantec Shared\VirusDefs\ - Delete all files and subfolders
◦ Delete the downloaded data in the "C:\Documents and Settings\All Users\Application Data\Symantec\Liveupdate\downloads"
WARNING: In the next steps you will edit the Windows registry. Back up the registry before you make any changes to it, because incorrect changes to the registry can result in permanent data loss or
Page 4 of 14Enterprise Support - Symantec Corp. How to clear out corrupted definitions for a Symant...
11/29/2012http://www.symantec.com/business/support/index?page=content&id=TECH103176&loca...
corrupted files. Modify only the registry values that are specified. For instructions, see How to back up the Windows registry (http://us.norton.com/support/kb/web_view.jsp?
wv_type=public_web&docurl=20080513161126EN) .
5. Delete the data from the registry: a. Click the Start button and then click Runb. Type regedit and click OKc. Navigate to:HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs
d. Delete the following values: i. SRTSPii. NAVCORP_70iii. DEFWATCH_10iv. SepCache3v. SepCache2vi. SepCache1
6. Restart the Symantec Endpoint Protection Services stopped in the previous step, 3.c.
7. Click Start, Run, type in smc -start, and push Enter.8.
a. Maximize the Services window.b. Right-click Symantec Endpoint Protection service
and click Start.
For Windows Vista/Server 2008/Windows7
1. Stop the Symantec Endpoint Protection Services:2. Click Start, Run, type in smc -stop, and push Enter3.
a. Click the Start button.b. In the search bar type services and then press Enter.
Note: If the User Account Control prompt pops up click Continue.
c. Right-click Symantec Endpoint Protection and click Stop.
Page 5 of 14Enterprise Support - Symantec Corp. How to clear out corrupted definitions for a Symant...
11/29/2012http://www.symantec.com/business/support/index?page=content&id=TECH103176&loca...
Note: If you are unable to stop the Symantec Management Client you will need to temporarily disable Tamper Protection. Please see the Technical Information at the bottom of this document for instructions.
4. Delete the data from the Definition folders: ◦ Virus DefinitionsC:\ProgramData\Symantec\Definitions\VirusDefs\ - Delete all files and subfolders
WARNING: In the next steps you will edit the Windows registry. Back up the registry before you make any changes to it, because incorrect changes to the registry can result in permanent data loss or corrupted files. Modify only the registry values that are specified. For instructions, see How to back up the Windows registry (http://us.norton.com/support/kb/web_view.jsp?
wv_type=public_web&docurl=20080513161126EN) .
5. Delete the data from the registry: a. Click the Start buttonb. Type regedit and press Enterc. Navigate to:HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs
d. Delete the following values: i. SRTSPii. NAVCORP_70iii. DEFWATCH_10iv. SepCache3v. SepCache2vi. SepCache1
6. Restart the Symantec Endpoint Protection Services stopped in the previous step, 3.c.
7. Click Start, Run, type in smc -start, and push Enter.8.
Page 6 of 14Enterprise Support - Symantec Corp. How to clear out corrupted definitions for a Symant...
11/29/2012http://www.symantec.com/business/support/index?page=content&id=TECH103176&loca...
a. Maximize the Services window.b. Right-click Symantec Endpoint Protection and click
Start.
Instructions for 64-bit Operating Systems:
For Windows 2000/2003/XP
1. Stop the Symantec Endpoint Protection Services:2. Click Start, Run, type in smc -stop, and push Enter.3.
a. Click the Start button and then click Runb. Type services.msc and click OKc. Right-click Symantec Endpoint Protection and click
Stop.d. Minimize the Services window
Note: If you are unable to stop the Symantec Management Client you will need to temporarily disable Tamper Protection. Please see the Technical Information at the bottom of this document for instructions.
4. Delete the data from the Definition folders: ◦ Virus DefinitionsC:\Program Files (x86)\Common Files\Symantec Shared\VirusDefs\- Delete all files and subfolders
WARNING: In the next steps you will edit the Windows registry. Back up the registry before you make any changes to it, because incorrect changes to the registry can result in permanent data loss or corrupted files. Modify only the registry values that are specified. For instructions, see How to back up the Windows registry(http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2007052507054139?
Open&docid=199762382617&nsf=tsgeninfo.nsf&view=docid) .
5. Delete the data from the registry:
Page 7 of 14Enterprise Support - Symantec Corp. How to clear out corrupted definitions for a Symant...
11/29/2012http://www.symantec.com/business/support/index?page=content&id=TECH103176&loca...
a. Click the Start button and then click Runb. Type regedit and click OKc. Navigate to:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Symantec\SharedDefs
d. Delete the following values: i. SRTSPii. NAVCORP_70iii. DEFWATCH_10iv. SepCache3v. SepCache2vi. SepCache1
6. Restart the Symantec Endpoint Protection Services stopped in the previous step, 3.c.
7. Click Start, Run, type in smc -start, and push Enter.8.
a. Maximize the Services window.b. Right-click Symantec Endpoint Protection service
and click Start.
For Windows Vista/Server 2008/Windows 7
1. Stop the Symantec Endpoint Protection Services:2. Click Start, Run, type in smc -stop, and push Enter.3.
a. Click the Start button.b. In the search bar type services and then press
Enter.Note: If the User Account Control prompt pops up click Continue.
c. Right-click Symantec Endpoint Protection and click Stop.Note: If you are unable to stop the Symantec Management Client you will need to temporarily disable Tamper Protection. Please see the Technical Information at the bottom of this document for instructions.
4. Delete the data from the Definition folders:
Page 8 of 14Enterprise Support - Symantec Corp. How to clear out corrupted definitions for a Symant...
11/29/2012http://www.symantec.com/business/support/index?page=content&id=TECH103176&loca...
◦ Virus DefinitionsC:\ProgramData\Symantec\Definitions\VirusDefs\- Delete all files and subfolders
WARNING: In the next steps you will edit the Windows registry. Back up the registry before you make any changes to it, because incorrect changes to the registry can result in permanent data loss or corrupted files. Modify only the registry values that are specified. For instructions, see How to back up the Windows registry(http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2007052507054139?
Open&docid=199762382617&nsf=tsgeninfo.nsf&view=docid) .
5. Delete the data from the registry: a. Click the Start buttonb. Type regedit and press Enterc. Navigate to:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Symantec\SharedDefs
d. Delete the following values: i. SRTSPii. NAVCORP_70iii. DEFWATCH_10iv. SepCache3v. SepCache2vi. SepCache1
6. Restart the Symantec Endpoint Protection Services stopped in the previous step, 3.c.
7. Click Start, Run, type in smc -start, and push Enter.8.
a. Maximize the Services window.b. Right-click Symantec Endpoint Protection and click
Start.
References
Page 9 of 14Enterprise Support - Symantec Corp. How to clear out corrupted definitions for a Symant...
11/29/2012http://www.symantec.com/business/support/index?page=content&id=TECH103176&loca...
In some instances, Symantec Technical Support may recommend the use of an unsupported tool that automates the removal of corrupted SEP definitions. For details please see Using the "Rx4DefsSEP" utility at http://www.symantec.com/business/support/index?page=content&id=TECH93036&locale=en_US (http://service1.symantec.com/support/ent-security.nsf/docid/2009032409384048)
Technical InformationHow to disable Tamper Protection:
1. Open and log into the Symantec Endpoint Protection Manager console
2. Click the Clients view.3. Select the appropriate group.4. Under the Policies tab, in the "Settings" section, click
General Settings.5. Under the Tamper Protection tab, uncheck Protect
Symantec security software from being tampered with or shut down.
6. Click OK.
IMPORTANT: Once definitions will be purged, the following popup message will appear:
"Virus definitions are missing on this computer. This computer will remain unprotected until definitions are downloaded from the network. Contact your system administrator for help updating your virus definitions."
This message will keep showing (after every smc -stop/smc -start or session opening), even when Symantec Endpoint Protection will receive/apply new set of definitions, until "Symantec Endpoint Protection" service is restarted. To avoid this, it is possible either:
- to drop JDB file to update client then restart "Symantec Endpoint Protection" service
Page 10 of 14Enterprise Support - Symantec Corp. How to clear out corrupted definitions for a Syma...
11/29/2012http://www.symantec.com/business/support/index?page=content&id=TECH103176&loca...
- to use Rx4DefsSEP
- to use a script which is checking Antivirus/Antispyware definition status and restart "Symantec Endpoint Protection" service if appropriate
NOTE: this behavior is as designed.
Related Articles
• TECH104363 How to manually update definitions for a managed Symantec Endpoint Protection Client using the .jdb file (index?page=content&id=TECH104363)
• TECH93036 Using the "Rx4DefsSEP" utility (index?page=content&id=TECH93036)
Legacy ID
2007123111551948
Article URL http://www.symantec.com/docs/TECH103176
Page 11 of 14Enterprise Support - Symantec Corp. How to clear out corrupted definitions for a Syma...
11/29/2012http://www.symantec.com/business/support/index?page=content&id=TECH103176&loca...
Terms of use for this information are found in Legal Notices(http://www.symantec.com/about/profile/policies/legal.jsp)
Email this article | Print Subscribe via emailBookmark this article
Please Sign InLogin using SymAccount.
Knowledge Base Search
Knowledge Base Search
Enter keywords
Rate this Article
Help us improve your support experience.Thank you.
Add comments1 2 3 4 5
A1
characters remaining :1000 Email Address SUBMIT
Page 12 of 14Enterprise Support - Symantec Corp. How to clear out corrupted definitions for a Syma...
11/29/2012http://www.symantec.com/business/support/index?page=content&id=TECH103176&loca...
MySymantec
MySymantec
• Create a Support Case• Manage a Support Case• Manage Subscriptions• Ask a Question on Connect(Symantec support Forums)• About SymWISE Support
Contacting Support
Contacting Support
• Email Support• Contact Technical Support• File a Case• Business Critical Support Site• Support Forums
©1995 - 2012 Symantec CorporationCareers|About|Site Map|
• Legal Notices• License Agreements• Repository
Legal|Privacy|Cookies|
Page 13 of 14Enterprise Support - Symantec Corp. How to clear out corrupted definitions for a Syma...
11/29/2012http://www.symantec.com/business/support/index?page=content&id=TECH103176&loca...
• Norton Support• Business Support• Business Sales• Authentication Services• Corporate Information
Contact|RSS
Page 14 of 14Enterprise Support - Symantec Corp. How to clear out corrupted definitions for a Syma...
11/29/2012http://www.symantec.com/business/support/index?page=content&id=TECH103176&loca...