?
Solved

Symantec AV Def issue

Posted on 2009-05-04
16
Medium Priority
?
1,640 Views
Last Modified: 2013-12-09
Hi All,

I have issue with SAV, one of our xp machine is not getting virus definations. The symptoms-

1) SAV 10.1.8.8000 shows no virus definations.
2) Eventvwr shows: a)Symantec AntiVirus has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses until virus definitions are downloaded to this computer.
                                    b)Symantec AntiVirus Auto-Protect failed to load.
3) From path- "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5" "VD2D4603.XDB" file gets deleted frequently.

Steps taken to resolve this issue-
1) Reinstalled SAV.
2) Copied "VD2D4603.XDB" file.
3) Used Rapid release to update Virus definations.
4) Copied "Grc.dat" file to "C:\Program Files\Symantec AntiVirus".

But again the issue is not resolved. The other problem is i cant format the system and install it back. Please help me!
0
Comment
Question by:anikettamuche
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 3
  • +2
16 Comments
 
LVL 50

Expert Comment

by:jcimarron
ID: 24295824
anikettamuche--This was the situation as of last autumn.  
http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/5d575c2ce92de1a88825728a0078a2c2?OpenDocument
I am not aware of further developments.  I suggest contacting Symantec if you have not already done so.  
I assume this PC is regularly accessing the internet.  (If not, it cannot get updates.)
0
 
LVL 20

Assisted Solution

by:jimmymcp02
jimmymcp02 earned 150 total points
ID: 24296785
how about forcing the uninstall of sav on the affected client?
download the latest clean wipe
http://www.experts-exchange.com/Software/Internet_Email/Anti-Virus/Symantec/Q_24355519.html
 
Then push the install again  
0
 
LVL 15

Assisted Solution

by:xmachine
xmachine earned 150 total points
ID: 24301932
Hi,

Even if you re-install SAV again, it may not fix it. You need to remove all files and components using Nonav (Symantec tool, then re-install SAV again.

http://downloads.jmlamb.net/symantec/NoNav2.49.exe

A Symantec Certified Specialist @ your service
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 

Author Comment

by:anikettamuche
ID: 24304915
Hi xmachine I have not yet tried your tool, is it fine if i use it for symantec AV 10.1.8.8000?

Thx.
0
 
LVL 15

Expert Comment

by:xmachine
ID: 24309060
Yes, it cover all 10.x versions
0
 

Author Comment

by:anikettamuche
ID: 24312712
Hi xmachine i have used the tool and installed SAV again. I need to wait and watch if the issue reoccurs.
0
 
LVL 15

Expert Comment

by:xmachine
ID: 24313523
this should work for you, just inform if you have any issue again
0
 

Author Comment

by:anikettamuche
ID: 24325986
Hi now a new problem : (
The tool worked fine (The SAV was showing virus defination) but when i checked today the AV was not getting virus definations from AV server, it was showing the previous day definations. I pushed the definations from AV server but no sign of relief. Then i had to manually update the AV client using LUALL.EXE from "C:\Program Files\Symantec\LiveUpdate". Please help me I have lost my mind!
0
 

Author Comment

by:anikettamuche
ID: 24337702
Xmachine please help!
again the same situation. In av console i get ! mark with no defination.
0
 
LVL 4

Accepted Solution

by:
TG_Tech earned 450 total points
ID: 24354755
I had the same issue and created this BAT file to delete and copy the ROOT CERTIFICATE to the client, and to drop the GRC.DAT file on the client as well.


******************************
net use x: \\SERVER\vphome

del "C:\Program files\Symantec Antivirus\pki\roots\*.cer"

copy x:\CLT-INST\WIN32\*.cer "C:\Program files\Symantec Antivirus\pki\roots\"

copy x:\grc.dat "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\grc.dat"

net use x: /delete /y

net stop "Symantec Antivirus"

net start "Symantec Antivirus"

********************************************
0
 

Author Comment

by:anikettamuche
ID: 24363015
Hi TG Tech I have used this batch file but is this permanent solution?
0
 
LVL 4

Expert Comment

by:TG_Tech
ID: 24364068
After I have run this the troubled machine - it has been reporting to the Symantec Parent Server and has been receiving definition updates every morning.

If this does not fix your problem, I would run an uninstall utility for Symantec (CleanWipe.exe - Provided to me by Symantec)

This will remove all Application entries, including the registry entries.  Then I would install again and verify the grc.dat file and the root cert were properly promoted to the new client.
0
 
LVL 20

Expert Comment

by:jimmymcp02
ID: 24365096
at TG_Tech
 
Are you talking about the same cleanwipe (The latest and greatest) i provided a link way up there /\ :)
 
The link above for nonav contains an older tool that was not tested with the latest version of sav corp thats why i offered clean wipe it leaves traces of liveupdate.
I understand its a little tricky to download the tool i provided because you have to rename it in dos (note i can't upload .exe files on EE because it wont allow me) thats why i had to resort to tricks in order to uploaded cleanwipe
0
 
LVL 4

Expert Comment

by:TG_Tech
ID: 24365223
When I run the cleanwip.exe it asks if I would like to include LU in the uninstall - asking me to make sure that no other programs are using it.
0
 
LVL 4

Expert Comment

by:TG_Tech
ID: 24365304
The trick is a clean install and then making sure that the grc.dat file is correct to report to the correct Parent server, and that the root cert matches the parent server to authenticate itself to receive the updates.
0
 

Author Closing Comment

by:anikettamuche
ID: 31577555
I had to go through different solutions but none of them worked, my final decision was to use the batch file provided because i cant uninstall AV every time. I am sharing this points because of their contributions for mean time solutions they provided. But none of them were permanent solution. Thanks.
0

Featured Post

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
Curious about the latest ransomware attack? Check out our timeline of events surrounding the spread of this new virus along with tips on how to mitigate the damage.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question