Symantec AV Def issue

Hi All,

I have issue with SAV, one of our xp machine is not getting virus definations. The symptoms-

1) SAV shows no virus definations.
2) Eventvwr shows: a)Symantec AntiVirus has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses until virus definitions are downloaded to this computer.
                                    b)Symantec AntiVirus Auto-Protect failed to load.
3) From path- "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5" "VD2D4603.XDB" file gets deleted frequently.

Steps taken to resolve this issue-
1) Reinstalled SAV.
2) Copied "VD2D4603.XDB" file.
3) Used Rapid release to update Virus definations.
4) Copied "Grc.dat" file to "C:\Program Files\Symantec AntiVirus".

But again the issue is not resolved. The other problem is i cant format the system and install it back. Please help me!
Who is Participating?
TG_TechConnect With a Mentor Commented:
I had the same issue and created this BAT file to delete and copy the ROOT CERTIFICATE to the client, and to drop the GRC.DAT file on the client as well.

net use x: \\SERVER\vphome

del "C:\Program files\Symantec Antivirus\pki\roots\*.cer"

copy x:\CLT-INST\WIN32\*.cer "C:\Program files\Symantec Antivirus\pki\roots\"

copy x:\grc.dat "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\grc.dat"

net use x: /delete /y

net stop "Symantec Antivirus"

net start "Symantec Antivirus"

anikettamuche--This was the situation as of last autumn.
I am not aware of further developments.  I suggest contacting Symantec if you have not already done so.  
I assume this PC is regularly accessing the internet.  (If not, it cannot get updates.)
jimmymcp02Connect With a Mentor Commented:
how about forcing the uninstall of sav on the affected client?
download the latest clean wipe
Then push the install again  
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

xmachineConnect With a Mentor Commented:

Even if you re-install SAV again, it may not fix it. You need to remove all files and components using Nonav (Symantec tool, then re-install SAV again.

A Symantec Certified Specialist @ your service
anikettamucheAuthor Commented:
Hi xmachine I have not yet tried your tool, is it fine if i use it for symantec AV

Yes, it cover all 10.x versions
anikettamucheAuthor Commented:
Hi xmachine i have used the tool and installed SAV again. I need to wait and watch if the issue reoccurs.
this should work for you, just inform if you have any issue again
anikettamucheAuthor Commented:
Hi now a new problem : (
The tool worked fine (The SAV was showing virus defination) but when i checked today the AV was not getting virus definations from AV server, it was showing the previous day definations. I pushed the definations from AV server but no sign of relief. Then i had to manually update the AV client using LUALL.EXE from "C:\Program Files\Symantec\LiveUpdate". Please help me I have lost my mind!
anikettamucheAuthor Commented:
Xmachine please help!
again the same situation. In av console i get ! mark with no defination.
anikettamucheAuthor Commented:
Hi TG Tech I have used this batch file but is this permanent solution?
After I have run this the troubled machine - it has been reporting to the Symantec Parent Server and has been receiving definition updates every morning.

If this does not fix your problem, I would run an uninstall utility for Symantec (CleanWipe.exe - Provided to me by Symantec)

This will remove all Application entries, including the registry entries.  Then I would install again and verify the grc.dat file and the root cert were properly promoted to the new client.
at TG_Tech
Are you talking about the same cleanwipe (The latest and greatest) i provided a link way up there /\ :)
The link above for nonav contains an older tool that was not tested with the latest version of sav corp thats why i offered clean wipe it leaves traces of liveupdate.
I understand its a little tricky to download the tool i provided because you have to rename it in dos (note i can't upload .exe files on EE because it wont allow me) thats why i had to resort to tricks in order to uploaded cleanwipe
When I run the cleanwip.exe it asks if I would like to include LU in the uninstall - asking me to make sure that no other programs are using it.
The trick is a clean install and then making sure that the grc.dat file is correct to report to the correct Parent server, and that the root cert matches the parent server to authenticate itself to receive the updates.
anikettamucheAuthor Commented:
I had to go through different solutions but none of them worked, my final decision was to use the batch file provided because i cant uninstall AV every time. I am sharing this points because of their contributions for mean time solutions they provided. But none of them were permanent solution. Thanks.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.