Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Client Not Getting Virus Definition Updates

Created: 11 Oct 2010 • Updated: 13 Oct 2010 | 15 comments
This issue has been solved. See solution.

I have a computer that is checking into the server but not getting the virus signature updates. I uninstalled the client, cleared the database of the computer instance, and reinstalled the client. The PC shows online in the manager, shows its most recent checkin time, and the client version of 11.0.6100.645 but the definitioins are from 6/17/10. It has been 3 hours now since the reinstall. I have not ran the command "Update Content" as of yet. I was waiting and hoping to see if it checks-in and gets the updates on its own. Running that command last week did not produce the desired update result. So I uninstalled/reinstalled this morning. Any ideas?

Comments 15 CommentsJump to latest comment

Vikram Kumar-SAV to SEP's picture

What is the heartbeat Interval set to ? On the client right click and say "Update Policy" check if that downloads the defs.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

puck2u's picture

I deleted all folders after the uninstall and before the reinstall. There are no definitions in the folder \ProgramData\Symantec\Definitions\VirusDefs other than the one for 6/17/10 and this came with the installer.

Rafeeq's picture

do u see any temp files inside the downloads folder ; in C:\documents and settings\......\liveupdate?

click on start

run

type smc -stop

wait for few seconds

smc -start

check if that creates new folders in the virus defs folder

puck2u's picture

Unable to browse the doc & setting folders in Win 7.

Ryan H's picture

Hello~  Is it possible that your client might have the new IE9 beta installed on it?

SOLUTION
puck2u's picture

As a matter of fact he did install the new IE9 beta. I was just mentioning that to my colleague. Can that be the problem? I think this is the only computer having issues, that we are aware of anyway.

postechgeek's picture

I would download intelligent updater from the following site:

http://www.symantec.com/business/security_response...

 

Run the install file, from there see if the client gets updated defintions from the SEPM. Kind of like a kick start if you will.

 

 

Vikram Kumar-SAV to SEP's picture

IE9 looks to be a issue..

https://www-secure.symantec.com/connect/forums/warning-ie9-beta-causes-sep-client-not-update-virusdefinitions

However bydefault since its set to pull and 8 hours..definitions will be pulled after 8 hrs of first check in..I'll suggest you to update policy once on client if that doesn't update then it has to be IE9 beta

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

puck2u's picture

I will uninstall IE 9 as soon as the user returns. Normally after a fresh install the SEP client checks-in immediately, with in a few minutes anyway, and downloads the latest updates. Hopefully this hasn't changed with the new version. I can even see where the user signed in after I left it and it checked in again, this was at 11:35 AM or so. I believe it is checking in with the server but the updates are not being delivered. Since his last update was on 9/19/10, before the reinstall, and he installed IE9 on 9/20/10 I am assuming this to be the culprit. How ludicrous is that for SEP to use, or rely on, ANY version or part of IE for definition updates? Sounds like a disaster waiting to happen. Will let you know what happens when I get IE9 off the computer.

Ryan H's picture

We just had that same issue this morning with IE9 beta being installed.  Uninstall the beta and then give it another shot.  Hopefully that will fix the issue for you.  :)  We were having the same problem with the client/server seeing each other but for some reason the client will not take the def updates but will take all of the other updates.

Symanticus's picture

Guys, which version of SEP that you use, as at today my company wide settings is still ok with IE9 beta as well as the SEP 11 MR6 MP1

see it here:

 

https://www-secure.symantec.com/connect/imagebrowser/view/image/1506631/_original
https://www-secure.symantec.com/connect/imagebrowser/view/image/1506471/_original

/* Infrastructure Support Engineer */

puck2u's picture

I removed IE9 from the suspect computer, ran "Update Policy" and it immediately received the updated definitions. The client is also now reporting the proper signatures in the manager console.

Thanks for the help Ryan and others.

Note to self: Breaking IE, breaks SEP definition updates, computer is vulnerable for infection.