Endpoint Protection

 View Only
Expand all | Collapse all

definitions are corrupted in GUP

  • 1.  definitions are corrupted in GUP

    Posted Dec 02, 2011 12:33 PM

    what can I do if the GUP server are corrupted definitions in shared folder?
     

    Can I deleted the files?

     

    Thanks

    Renato 



  • 2.  RE: definitions are corrupted in GUP

    Broadcom Employee
    Posted Dec 02, 2011 12:39 PM

    Yes, you can delete.



  • 3.  RE: definitions are corrupted in GUP

    Posted Dec 02, 2011 12:41 PM

    Solution



    DISCLAIMER: The following instructions are for the Symantec Endpoint Protection product ONLY. 
    If there are any other Symantec products installed on the system that share the virus definitions please contact Symantec Technical Support.



    Instructions for 32-bit Operating Systems:

    For Windows 2000/2003/XP

      1. Stop the Symantec Endpoint Protection Services:
      2. Click Start, Run, typing in smc -stop, and pushing Enter.
        1. Click the Start button and then click Run
        2. Type services.msc and click OK
        3. Right-click Symantec Endpoint Protection and click Stop.
        4. Minimize the Services window

          Note: If you are unable to stop the Symantec Management Client you will need to temporarily disable Tamper Protection. Please see the Technical Information at the bottom of this document for instructions.
      3. Delete the data from the Definition folders:
        • Virus Definitions
          C:\Program Files\Common Files\Symantec Shared\VirusDefs\ 
          - Delete all files and subfolders
        • Delete the downloaded data in the "C:\Documents and Settings\All Users\Application Data\Symantec\Liveupdate\downloads"

          WARNING: In the next steps you will edit the Windows registry. Back up the registry before you make any changes to it, because incorrect changes to the registry can result in permanent data loss or corrupted files. Modify only the registry values that are specified. For instructions, see How to back up the Windows registry.
      4. Delete the data from the registry:
        1. Click the Start button and then click Run
        2. Type regedit and click OK
        3. Navigate to:
          HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs
        4. Delete the following values:
          1. SRTSP
          2. NAVCORP_70
          3. DEFWATCH_10
          4. SepCache3
          5. SepCache2
          6. SepCache1
      5. Restart the Symantec Endpoint Protection Services stopped in the previous step, 3.c.
      6. Click StartRun, type in smc -start, and push Enter.
        1. Maximize the Services window.
        2. Right-click Symantec Endpoint Protection service and click Start.

    For Windows Vista/Server 2008/Windows7

      1. Stop the Symantec Endpoint Protection Services:
      2. Click StartRun, type in smc -stop, and push Enter
        1. Click the Start button.
        2. In the search bar type services and then press Enter.
          Note: If the User Account Control prompt pops up click Continue.
        3. Right-click Symantec Endpoint Protection and click Stop.

          Note: If you are unable to stop the Symantec Management Client you will need to temporarily disable Tamper Protection. Please see the Technical Information at the bottom of this document for instructions.
           
      3. Delete the data from the Definition folders:
        • Virus Definitions
          C:\ProgramData\Symantec\Definitions\VirusDefs\ 
          - Delete all files and subfolders



          WARNING: In the next steps you will edit the Windows registry. Back up the registry before you make any changes to it, because incorrect changes to the registry can result in permanent data loss or corrupted files. Modify only the registry values that are specified. For instructions, see How to back up the Windows registry.
      4. Delete the data from the registry:
        1. Click the Start button
        2. Type regedit and press Enter
        3. Navigate to:
          HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs
        4. Delete the following values:
          1. SRTSP
          2. NAVCORP_70
          3. DEFWATCH_10
          4. SepCache3
          5. SepCache2
          6. SepCache1
      5. Restart the Symantec Endpoint Protection Services stopped in the previous step, 3.c.
      6. Click StartRun, type in smc -start, and push Enter.
        1. Maximize the Services window.
        2. Right-click Symantec Endpoint Protection and click Start.

    Instructions for 64-bit Operating Systems:

    For Windows 2000/2003/XP

      1. Stop the Symantec Endpoint Protection Services:
      2. Click StartRun, type in smc -stop, and push Enter.
        1. Click the Start button and then click Run
        2. Type services.msc and click OK
        3. Right-click Symantec Endpoint Protection and click Stop.
        4. Minimize the Services window

          Note: If you are unable to stop the Symantec Management Client you will need to temporarily disable Tamper Protection. Please see the Technical Information at the bottom of this document for instructions.
      3. Delete the data from the Definition folders:
        • Virus Definitions
          C:\Program Files (x86)\Common Files\Symantec Shared\VirusDefs\
          - Delete all files and subfolders



          WARNING: In the next steps you will edit the Windows registry. Back up the registry before you make any changes to it, because incorrect changes to the registry can result in permanent data loss or corrupted files. Modify only the registry values that are specified. For instructions, see How to back up the Windows registry.
      4. Delete the data from the registry:
        1. Click the Start button and then click Run
        2. Type regedit and click OK
        3. Navigate to:
          HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Symantec\SharedDefs
        4. Delete the following values:
          1. SRTSP
          2. NAVCORP_70
          3. DEFWATCH_10
          4. SepCache3
          5. SepCache2
          6. SepCache1
      5. Restart the Symantec Endpoint Protection Services stopped in the previous step, 3.c.
      6. Click Start, Run, type in smc -start, and push Enter.
        1. Maximize the Services window.
        2. Right-click Symantec Endpoint Protection service and click Start.

    For Windows Vista/Server 2008/Windows 7

      1. Stop the Symantec Endpoint Protection Services:
      2. Click StartRun, type in smc -stop, and push Enter.
        1. Click the Start button.
        2. In the search bar type services and then press Enter.
          Note: If the User Account Control prompt pops up click Continue.
        3. Right-click Symantec Endpoint Protection and click Stop.
          Note: If you are unable to stop the Symantec Management Client you will need to temporarily disable Tamper Protection. Please see the Technical Information at the bottom of this document for instructions.
      3. Delete the data from the Definition folders:
        • Virus Definitions
          C:\ProgramData\Symantec\Definitions\VirusDefs\
          - Delete all files and subfolders



          WARNING: In the next steps you will edit the Windows registry. Back up the registry before you make any changes to it, because incorrect changes to the registry can result in permanent data loss or corrupted files. Modify only the registry values that are specified. For instructions, see How to back up the Windows registry.
      4. Delete the data from the registry:
        1. Click the Start button
        2. Type regedit and press Enter
        3. Navigate to:
          HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Symantec\SharedDefs
        4. Delete the following values:
          1. SRTSP
          2. NAVCORP_70
          3. DEFWATCH_10
          4. SepCache3
          5. SepCache2
          6. SepCache1
      5. Restart the Symantec Endpoint Protection Services stopped in the previous step, 3.c.
      6. Click StartRun, type in smc -start, and push Enter.
        1. Maximize the Services window.
        2. Right-click Symantec Endpoint Protection and click Start.



    References
    In some instances, Symantec Technical Support may recommend the use of an unsupported tool that automates the removal of corrupted SEP definitions. For details please see Using the "Rx4DefsSEP" utility at http://www.symantec.com/business/support/index?page=content&id=TECH93036&locale=en_US



    Technical Information
    How to disable Tamper Protection:

      1. Open and log into the Symantec Endpoint Protection Manager console
      2. Click the Clients view.
      3. Select the appropriate group.
      4. Under the Policies tab, in the "Settings" section, click General Settings.
      5. Under the Tamper Protection tab, uncheck Protect Symantec security software from being tampered with or shut down.
      6. Click OK.

     

     

    IMPORTANT: Once definitions will be purged, the following popup message will appear:

    "Virus definitions are missing on this computer. This computer will remain unprotected until definitions are downloaded from the network. Contact your system administrator for help updating your virus definitions."

    This message will keep showing (after every smc -stop/smc -start or session opening), even when Symantec Endpoint Protection will receive/apply new set of definitions, until "Symantec Endpoint Protection" service is restarted. To avoid this, it is possible either:

     - to drop JDB file to update client then restart "Symantec Endpoint Protection" service

     - to use Rx4DefsSEP

     - to use a script which is checking Antivirus/Antispyware definition status and restart "Symantec Endpoint Protection" service if appropriate



  • 4.  RE: definitions are corrupted in GUP

    Posted Dec 02, 2011 12:56 PM

    OK, but if I have many GUPs in my company?? I need clear the shared folder all the time if are corrupted definitions??



  • 5.  RE: definitions are corrupted in GUP

    Broadcom Employee
    Posted Dec 02, 2011 01:00 PM

    Yes..



  • 6.  RE: definitions are corrupted in GUP

    Posted Dec 02, 2011 01:00 PM

     

      Stop SEPM Services

    a)      Embedded Database

    b)      Symantec Endpoint Protection Manager

    c)       Symantec Management Client

    2.       Delete all subfolders in C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\

     

    3.       Delete all subfolders in C:\ProgramData\Symantec\Definitions\SymcData\

     

    4.       Delete all SymcData values in HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps\SymcData *

     

    5.       Delete all SymcData values in HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\SymcData*

     

    6.       Start SEPM Services

     

    7.       Run LiveUpdate



  • 7.  RE: definitions are corrupted in GUP

    Posted Dec 02, 2011 01:11 PM

    Sorry Abnscbnkylfoo, but I think you didn´t understand my problem.
    The definition are corrupted in GUP, not in SEPM or SEP client.



  • 8.  RE: definitions are corrupted in GUP

    Posted Dec 02, 2011 01:23 PM

    If you have many GUPs that are failing, you may need to call into tech support so they can better troubleshoot your environment. Maybe you need to repair the GUPs that are failing or there is an issue with a proxy or router that is corrupting your definitions.



  • 9.  RE: definitions are corrupted in GUP

    Posted Dec 02, 2011 03:45 PM

    Stop and start the SEP client with the GUP (smc -stop, smc -start). That flushes the GUP cache.

    Simple deleting should work as well. If the GUP doesn't have the content, it simply pulls it from its SEPM. No problem.



  • 10.  RE: definitions are corrupted in GUP

    Posted Dec 02, 2011 05:13 PM

    I agree with Solaris and Chetan's comment there is no script which can clear the corrupt defs , you have to do it manually  ,however if you think this is happens everytime you need to check why this is happening and what are the changes made due to which this happens every time on your GUP machine .



  • 11.  RE: definitions are corrupted in GUP

    Posted Dec 04, 2011 07:41 PM

    I agree with Swapnil, I would check firewall rules or VLAN policies in such a case...



  • 12.  RE: definitions are corrupted in GUP

    Posted Feb 02, 2012 12:11 AM

    GUP Server Live update solution

     

    1.      Go to GUP Machine and  removed the SEP setup and also delete the all Symantec entry in C drive and restart the machine.

    2.      Disconnect the GUP system from network and install new SEP setup on system.

    3.      Complete the installation and download the Symantec virus definition on other system and take definition on pen drive and paste on GUP machine.

    4.     Duble click on downloded Symantec latest virius definition and manuly update the GUP machine with latest virus definitions.

    5.    Connect your GUP machine on network.

    6.    Next time your GUP machine automaticaly taking update on your SEPM server. 



  • 13.  RE: definitions are corrupted in GUP

    Posted Feb 02, 2012 02:30 AM

    Agreed with Chetan

    Regards