Symantec antivirus old virus definition file

This issue occurs when definitions on the client computer are older than the number of days configured in the Virus and Spyware Protection Policy for alerts about outdated definitions. This configuration does not follow best practices as new definitions are not made available immediately at midnight.

This issue can be resolved by ensuring that the virus definition policy used by affected clients provides enough time before warning about outdated definitions. The configured time should be no lower than the amount of time it takes all clients in the environment to receive updated definitions plus one day. Note: When the out-of-date definition condition is triggered, you may see the notification message pop up multiple times on the SEP client.

Rapid Release definitions are most useful as a means of stopping fast-spreading threat outbreaks or preventing the initial incursion of an attack at the gateway. Several times each weekday, all new detections added as Rapid Release definitions go through the complete QA process, including testing for false positives and testing for full compatibility with Symantec Endpoint Protection.

Once these definitions pass the full QA process, they are posted as Certified LiveUpdate definitions. Please note that using Rapid Release definitions regularly, on the endpoint instead of Certified definitions is not encouraged by Symantec.

Under normal conditions, Symantec recommends Certified definitions for routine use on enterprise Endpoint systems. If you are unsure as to which definitions set you should use, please contact Symantec Support for guidance. Symantec Endpoint Protection Using these components in addition to the Virus and Spyware Protection component antivirus is strongly encouraged.

Virus and Spyware Protection alone is not sufficient protection against today's sophisticated threats, even on networks that have no access to the Internet. In a browser on the computer that runs Symantec Endpoint Protection Manager, go to one or all of the following:. Most browsers rename the file from. Rename the file from. To verify that the Symantec Endpoint Protection Manager content has been updated, look in the following folders:. Typically, three or more numbered folders exist.

The folder naming convention is 'yymmddxxx'. For example, ''. This is the date and build revision number of the definition set installed. There should be a folder named 'Full' and a zip file named 'Full. Inside the Full folder are the files typically associated with a virus definition set. My last thought which could be the case since Push works better than Pull is that you have a firewall on your server that is restricting your client updates.

If you do have a firewall on the server please post and we can look into what we need to do to resolve this issue. You can set this up to 8 hrs. So instead of all the machines updating right when they wake up, they would update randomly over those next 8 hrs. If the network load is the case then I think this would help dramatically. I don't think it's network load because this is a new problem and all the machines are not turned on simultaneously at the exact same instant.

People come in in the morning and wake up their PC at different times and the updates are already set to radomize 5 minutes. When I set it to Push Mode today, the machine I was looking at updated right away and if it was network traffic, that would't have worked because Push Mode probably causes even more network traffic. If we radomize it to 8 hours, then that means the users would be looking at that error message for up to 8 hours on Monday and calling the help desk asking about it. The virus definitition out of date criterior was changed from 4 days to 2 days several weeks ago and we started getting the warning message, so I changed it back to 4 days, but the warning message after 2 days never went away.

There 2 problems: First problem: PCs take a very long time to update definitions after waking up from sleep mode. Second problem: "Old Virus Definition File" message pops up on user's desktops even through it should not until 4 days. These machines have day old Friday definitions on Monday morning and should not be displaying this virus definition warning until at least Tuesday. You could set it to keep trying for 4 hours, set Randomization intervals could work if set between 1 and 2 hours.

And maybe change the frequency. I've observered that if set to check for updates every hour that some machines do get left out. Maybe make it 4. I think the update of settings if in push mode doesn't reach all the clients the same way your definitions haven't. Have you though of setting up a 2nd server for update purposes? It would only contain the definition files and maybe share the load of the primary server.

The OS could also dictate the maximum number of connections per unit time. Posted Apr 28, PM. Also to answer Pauls question he has about clients some of which gets shut off or put into sleep mode over the weekend. There could be problems if they are on a different location. Bandwidth could be an issue. Posted Apr 29, PM. For users I think there's no need for GUP if it's on only on the same building or office.

Best thing to do would be to check your liveupdate settings, check if these policies are applied to the clients. Make sure that you assign them properly. What is the status of the clients, does it have a green dot on the SEP icon on the system tray? I changed the setting of "Display a warning message when definitions are outdated" from 4 days to 5 days and I will see what happens next Monday. Follow the prompts to install the update.

Symantec Norton AntiVirus X 9. Norton AntiVirus for Mac Norton Antivirus Trusted antivirus solution.