Solved

Symantec AV Def issue

Posted on 2009-05-04
16
1,623 Views
Last Modified: 2013-12-09
Hi All,

I have issue with SAV, one of our xp machine is not getting virus definations. The symptoms-

1) SAV 10.1.8.8000 shows no virus definations.
2) Eventvwr shows: a)Symantec AntiVirus has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses until virus definitions are downloaded to this computer.
                                    b)Symantec AntiVirus Auto-Protect failed to load.
3) From path- "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5" "VD2D4603.XDB" file gets deleted frequently.

Steps taken to resolve this issue-
1) Reinstalled SAV.
2) Copied "VD2D4603.XDB" file.
3) Used Rapid release to update Virus definations.
4) Copied "Grc.dat" file to "C:\Program Files\Symantec AntiVirus".

But again the issue is not resolved. The other problem is i cant format the system and install it back. Please help me!
0
Comment
Question by:anikettamuche
  • 6
  • 4
  • 3
  • +2
16 Comments
 
LVL 50

Expert Comment

by:jcimarron
ID: 24295824
anikettamuche--This was the situation as of last autumn.  
http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/5d575c2ce92de1a88825728a0078a2c2?OpenDocument
I am not aware of further developments.  I suggest contacting Symantec if you have not already done so.  
I assume this PC is regularly accessing the internet.  (If not, it cannot get updates.)
0
 
LVL 20

Assisted Solution

by:jimmymcp02
jimmymcp02 earned 50 total points
ID: 24296785
how about forcing the uninstall of sav on the affected client?
download the latest clean wipe
http://www.experts-exchange.com/Software/Internet_Email/Anti-Virus/Symantec/Q_24355519.html
 
Then push the install again  
0
 
LVL 15

Assisted Solution

by:xmachine
xmachine earned 50 total points
ID: 24301932
Hi,

Even if you re-install SAV again, it may not fix it. You need to remove all files and components using Nonav (Symantec tool, then re-install SAV again.

http://downloads.jmlamb.net/symantec/NoNav2.49.exe

A Symantec Certified Specialist @ your service
0
 

Author Comment

by:anikettamuche
ID: 24304915
Hi xmachine I have not yet tried your tool, is it fine if i use it for symantec AV 10.1.8.8000?

Thx.
0
 
LVL 15

Expert Comment

by:xmachine
ID: 24309060
Yes, it cover all 10.x versions
0
 

Author Comment

by:anikettamuche
ID: 24312712
Hi xmachine i have used the tool and installed SAV again. I need to wait and watch if the issue reoccurs.
0
 
LVL 15

Expert Comment

by:xmachine
ID: 24313523
this should work for you, just inform if you have any issue again
0
 

Author Comment

by:anikettamuche
ID: 24325986
Hi now a new problem : (
The tool worked fine (The SAV was showing virus defination) but when i checked today the AV was not getting virus definations from AV server, it was showing the previous day definations. I pushed the definations from AV server but no sign of relief. Then i had to manually update the AV client using LUALL.EXE from "C:\Program Files\Symantec\LiveUpdate". Please help me I have lost my mind!
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:anikettamuche
ID: 24337702
Xmachine please help!
again the same situation. In av console i get ! mark with no defination.
0
 
LVL 4

Accepted Solution

by:
TG_Tech earned 150 total points
ID: 24354755
I had the same issue and created this BAT file to delete and copy the ROOT CERTIFICATE to the client, and to drop the GRC.DAT file on the client as well.


******************************
net use x: \\SERVER\vphome

del "C:\Program files\Symantec Antivirus\pki\roots\*.cer"

copy x:\CLT-INST\WIN32\*.cer "C:\Program files\Symantec Antivirus\pki\roots\"

copy x:\grc.dat "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\grc.dat"

net use x: /delete /y

net stop "Symantec Antivirus"

net start "Symantec Antivirus"

********************************************
0
 

Author Comment

by:anikettamuche
ID: 24363015
Hi TG Tech I have used this batch file but is this permanent solution?
0
 
LVL 4

Expert Comment

by:TG_Tech
ID: 24364068
After I have run this the troubled machine - it has been reporting to the Symantec Parent Server and has been receiving definition updates every morning.

If this does not fix your problem, I would run an uninstall utility for Symantec (CleanWipe.exe - Provided to me by Symantec)

This will remove all Application entries, including the registry entries.  Then I would install again and verify the grc.dat file and the root cert were properly promoted to the new client.
0
 
LVL 20

Expert Comment

by:jimmymcp02
ID: 24365096
at TG_Tech
 
Are you talking about the same cleanwipe (The latest and greatest) i provided a link way up there /\ :)
 
The link above for nonav contains an older tool that was not tested with the latest version of sav corp thats why i offered clean wipe it leaves traces of liveupdate.
I understand its a little tricky to download the tool i provided because you have to rename it in dos (note i can't upload .exe files on EE because it wont allow me) thats why i had to resort to tricks in order to uploaded cleanwipe
0
 
LVL 4

Expert Comment

by:TG_Tech
ID: 24365223
When I run the cleanwip.exe it asks if I would like to include LU in the uninstall - asking me to make sure that no other programs are using it.
0
 
LVL 4

Expert Comment

by:TG_Tech
ID: 24365304
The trick is a clean install and then making sure that the grc.dat file is correct to report to the correct Parent server, and that the root cert matches the parent server to authenticate itself to receive the updates.
0
 

Author Closing Comment

by:anikettamuche
ID: 31577555
I had to go through different solutions but none of them worked, my final decision was to use the batch file provided because i cant uninstall AV every time. I am sharing this points because of their contributions for mean time solutions they provided. But none of them were permanent solution. Thanks.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now