Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5013
  • Last Modified:

SAV 10.1 -- Auto-Protect disabled.

Dear All,

I have Norton AntiVirus installed on all computers on my network (SAV 10.1).
For no apparent reason, some of the computers get their Auto-Protect disabled.
I've tried pushing a new installment and copying the GRC.DAT into these client PCs without any luck.
Is there anyway to fix this problem without re-installing the software?

Thank you
0
chinguetti
Asked:
chinguetti
2 Solutions
 
r-kCommented:
Check this link.

I would also get the latest update for Symantec v10, apparently some bugs were fixed.
0
 
chinguettiAuthor Commented:
r-k
Thank you for your reply!
I've tried the link you gave me on three computers now without any luck.
It errors and asks me if I want to redo it, but even if I redo it it will end up with the same result.
Any other solutions to this problem?
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
masnrockCommented:
I tried for a while to do the same thing you did (avoid the reinstall), but ended up doing a reinstall in the end. I know it's not what you wanted to hear, but just wanted to share my experience!
0
 
danengleCommented:
The easiest way is to call symantec support and obtain RX4Defs.  Chances are definition corruption is the culprit.  I've seen behaviors as far ranging as services not starting, not stopping, and auto protect being disabled from corrupt defs.  

An intelligent updater download is supposed to repair most definition corruption as well, but I've had maybe 50% success with that.  

one thing that the RX4Defs (and to my knowledge intelligent updater) tool does not fix is a malformed usage.dat file located in "c:\program files\common files\symantec shared\virusdefs".

An example uSAGE.dat:

[20080514.035]
DEFWATCH_10=1
NAVCORP_70=1
NAVCORP_70_2=1

All of the above lines should exist in the file.  I've found that the NAVCORP_70=1 line can disappear causing issues.  Note the date in the "[" and "]" is the datestamp and version of the definitions so may be different on your machines.

You can manually roll back definitions by either rolling back the definitions to an older version already on the machine or copy a working virusdefs directory from a working client.  To roll back to a definition already on the machine, perform the following:

1) stop all SAV services
2) modify usage.dat and definfo.dat to reference the old definition.
definfo.dat is formatted as such:

[DefDates]
CurDefs=20080518.008
LastDefs=20080517.008

change both CurDefs and LastDefs to be the same definition date/version that you want to use.

I've seen usage.dat formatted as such:


[20080514.035]
DEFWATCH_10=1
NAVCORP_70=1
NAVCORP_70_2=1

or
[20080512.021]
NAVCORP_70_2=1
[20080514.035]
DEFWATCH_10=1
NAVCORP_70=1
 
If it's formatted like the latter, it's best to reformat it to reference only one virus definition directory.  Just be sure to change the date/version stamp to be the same as the virusdefintion directory you are using.

3) delete the virus definition directory listed in definfo.dat as "curDefs".  This should be the one causing the issue
4) Clean up all prior downloaded vdb/xdb files and liveupdate content:

      a) delete all files and subdirectories under:
            C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads
      b) under c:\documents and settings\all users\application data\symantec\symantec antivirus corporate edition\7.5:
        delete all files in the root of the 7.5 directory
        delete any files and folders under the badpatts directory
        delete anything in xfer_tmp
        delete all subdirectories under I2_LDVP.VDB

5) restart services.  


If you want to just delete and refresh the entire virsudefs directory, which is easier, but a bit more intrusive:

1) stop all SAV services
2) delete the entire contents of c:\program files\common files\symantecshared\virusdefs
3) copy the entire contents "c:\program files\common files\symantecshared\virusdefs" from a working client to the broken machine
4) Clean up all prior downloaded vdb/xdb files and liveupdate content:

      a) delete all files and subdirectories under:
            C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads
      b) under c:\documents and settings\all users\application data\symantec\symantec antivirus corporate edition\7.5:
        delete all files in the root of the 7.5 directory
        delete any files and folders under the badpatts directory
        delete anything in xfer_tmp
        delete all subdirectories under I2_LDVP.VDB
5) Restart Services.


If you do acquire rx4defs, you can extract the contents with winrar.  inside is defdiag.exe which can be used to analyze a machine for corrupt definitions locally or remotely.  It's a handy tool to have.
0
 
chinguettiAuthor Commented:
masnrock,
I ended up installing a newer version of Symantec over the none working ones, so yeah, I ended up doing what you did basically. ;)

danengle,
Thank you for a informative reply.
I will try this next time I come across a similar problem.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now