Solved

Symantec Corporate 10.1.7.7000 Auto-Protect disabled on user level account WinXP

Posted on 2009-04-02
7
1,260 Views
Last Modified: 2013-12-09
I have some workstations (XP SP-2) that are coming up with the Symantec client Auto-Protect disabled.  However, this is only happening on the user level logons.  When we go in with an administrator level account, the client initiates without issue.

I've been researching and some say that the definitions could be at issue (corruption or access rights).  If it were corruption, I don't think the admin level accounts would be ok.  And I've double checked the access to the definitions directories and user level accounts have full access.

Any ideas?  Thanks in advance for your response.

-Dik
0
Comment
Question by:ShuttleDIK
  • 5
  • 2
7 Comments
 
LVL 15

Expert Comment

by:xmachine
ID: 24056788
Hi,

Here's the solution to your problem:

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/962e1e4378ef0d4d882570bb0065726a?OpenDocument


A Symantec Certified Specialist @ your service
0
 

Author Comment

by:ShuttleDIK
ID: 24076207
Yep - I checked that one.  Unfortunately - 1) I don't have admin access to the Symantec controls (only to the Domain OU & local PCs - the Symantec installation sits higher up the Domain chain).  and 2)  Tamper Protection isn't enabled on the clients.

I did have some luck with rolling back the definition version.  So that might end up being the solution.  I need to see more examples of the failure before I can close this out.

Thanks for responding, though!!  Much appreciated.
0
 

Author Comment

by:ShuttleDIK
ID: 24087516
Well, "fixing" the definitions only works sometimes.  I still end up with User level accounts having the Auto-Protect disabled and the Admin accounts enabled on many machines.

XMachine, can you confirm in the attached jpg that the Tamper Protection is indeed off?  Thanks!
If the symptom is the same, perhaps there's a different but similar cause?

Thanks again for your help.  I'm upping the point value 'cause it's taking more work here than I expected.

-Dik
Tamper-Protection.JPG
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 15

Assisted Solution

by:xmachine
xmachine earned 50 total points
ID: 24090555
Yes, it's off and locked.
0
 

Author Comment

by:ShuttleDIK
ID: 24091197
Right.  The Symantec servers sit above the OU which we manage and therefore we do not administer it.  But we do administer the workstations on which the client is running.  I think something is happening when a user is logged in and new virus defs are pushed down.  Many machines I'm able to copy over definitions from a working PC and the lil' red circle goes away.  However, I have a couple where that just doesn't fly.

Thanks again,
D
0
 

Author Comment

by:ShuttleDIK
ID: 24097636
Most all of the workstations now are Auto-Protecting properly now, with various re-implementations of the Virus Definitions.  I still have one lonely machine that will not Auto-Protect on a User Level account.

I did a fresh clean of the virus defs again(I'm doing this manually). And this time when I logged in as a user, the VPTray icon first yielded the yellow exclamation point for 20 second, the reverted back to the red circle.

Is there perhaps an ini, dat or cfg file in which I could confirm the Tamper Protection setting?  The screenshot posted before is from an admin log in to the workstation, the user level doesn't let you view the GUI configuration.

Thanks!
0
 

Accepted Solution

by:
ShuttleDIK earned 0 total points
ID: 24098219
Ok, after a re-build & compression of the registry on my last lingering faulty machine, the Auto-Protect is again working.

So the fix was to clean out the virus-defs & replace with known working copies.  Rebuild & compress the registry.  If this somehow addressed any active Tamper Protection issues, I wouldn't have confirmation about that.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

12 Steps to a more secure Internet experience (http://tekblog.teksquisite.com/) Everyone who is a licensed driver initially had to pass a driving test that consisted of taking:    1. a written test    2. a road test    3. a vision test Le…
I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line. I thought I’d share my experience with you. Why is it useful to be able to update an Antivirus from the command line?…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now