Solved

Symantec AV Def issue

Posted on 2009-05-04
16
1,624 Views
Last Modified: 2013-12-09
Hi All,

I have issue with SAV, one of our xp machine is not getting virus definations. The symptoms-

1) SAV 10.1.8.8000 shows no virus definations.
2) Eventvwr shows: a)Symantec AntiVirus has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses until virus definitions are downloaded to this computer.
                                    b)Symantec AntiVirus Auto-Protect failed to load.
3) From path- "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5" "VD2D4603.XDB" file gets deleted frequently.

Steps taken to resolve this issue-
1) Reinstalled SAV.
2) Copied "VD2D4603.XDB" file.
3) Used Rapid release to update Virus definations.
4) Copied "Grc.dat" file to "C:\Program Files\Symantec AntiVirus".

But again the issue is not resolved. The other problem is i cant format the system and install it back. Please help me!
0
Comment
Question by:anikettamuche
  • 6
  • 4
  • 3
  • +2
16 Comments
 
LVL 50

Expert Comment

by:jcimarron
ID: 24295824
anikettamuche--This was the situation as of last autumn.  
http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/5d575c2ce92de1a88825728a0078a2c2?OpenDocument
I am not aware of further developments.  I suggest contacting Symantec if you have not already done so.  
I assume this PC is regularly accessing the internet.  (If not, it cannot get updates.)
0
 
LVL 20

Assisted Solution

by:jimmymcp02
jimmymcp02 earned 50 total points
ID: 24296785
how about forcing the uninstall of sav on the affected client?
download the latest clean wipe
http://www.experts-exchange.com/Software/Internet_Email/Anti-Virus/Symantec/Q_24355519.html
 
Then push the install again  
0
 
LVL 15

Assisted Solution

by:xmachine
xmachine earned 50 total points
ID: 24301932
Hi,

Even if you re-install SAV again, it may not fix it. You need to remove all files and components using Nonav (Symantec tool, then re-install SAV again.

http://downloads.jmlamb.net/symantec/NoNav2.49.exe

A Symantec Certified Specialist @ your service
0
 

Author Comment

by:anikettamuche
ID: 24304915
Hi xmachine I have not yet tried your tool, is it fine if i use it for symantec AV 10.1.8.8000?

Thx.
0
 
LVL 15

Expert Comment

by:xmachine
ID: 24309060
Yes, it cover all 10.x versions
0
 

Author Comment

by:anikettamuche
ID: 24312712
Hi xmachine i have used the tool and installed SAV again. I need to wait and watch if the issue reoccurs.
0
 
LVL 15

Expert Comment

by:xmachine
ID: 24313523
this should work for you, just inform if you have any issue again
0
 

Author Comment

by:anikettamuche
ID: 24325986
Hi now a new problem : (
The tool worked fine (The SAV was showing virus defination) but when i checked today the AV was not getting virus definations from AV server, it was showing the previous day definations. I pushed the definations from AV server but no sign of relief. Then i had to manually update the AV client using LUALL.EXE from "C:\Program Files\Symantec\LiveUpdate". Please help me I have lost my mind!
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 

Author Comment

by:anikettamuche
ID: 24337702
Xmachine please help!
again the same situation. In av console i get ! mark with no defination.
0
 
LVL 4

Accepted Solution

by:
TG_Tech earned 150 total points
ID: 24354755
I had the same issue and created this BAT file to delete and copy the ROOT CERTIFICATE to the client, and to drop the GRC.DAT file on the client as well.


******************************
net use x: \\SERVER\vphome

del "C:\Program files\Symantec Antivirus\pki\roots\*.cer"

copy x:\CLT-INST\WIN32\*.cer "C:\Program files\Symantec Antivirus\pki\roots\"

copy x:\grc.dat "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\grc.dat"

net use x: /delete /y

net stop "Symantec Antivirus"

net start "Symantec Antivirus"

********************************************
0
 

Author Comment

by:anikettamuche
ID: 24363015
Hi TG Tech I have used this batch file but is this permanent solution?
0
 
LVL 4

Expert Comment

by:TG_Tech
ID: 24364068
After I have run this the troubled machine - it has been reporting to the Symantec Parent Server and has been receiving definition updates every morning.

If this does not fix your problem, I would run an uninstall utility for Symantec (CleanWipe.exe - Provided to me by Symantec)

This will remove all Application entries, including the registry entries.  Then I would install again and verify the grc.dat file and the root cert were properly promoted to the new client.
0
 
LVL 20

Expert Comment

by:jimmymcp02
ID: 24365096
at TG_Tech
 
Are you talking about the same cleanwipe (The latest and greatest) i provided a link way up there /\ :)
 
The link above for nonav contains an older tool that was not tested with the latest version of sav corp thats why i offered clean wipe it leaves traces of liveupdate.
I understand its a little tricky to download the tool i provided because you have to rename it in dos (note i can't upload .exe files on EE because it wont allow me) thats why i had to resort to tricks in order to uploaded cleanwipe
0
 
LVL 4

Expert Comment

by:TG_Tech
ID: 24365223
When I run the cleanwip.exe it asks if I would like to include LU in the uninstall - asking me to make sure that no other programs are using it.
0
 
LVL 4

Expert Comment

by:TG_Tech
ID: 24365304
The trick is a clean install and then making sure that the grc.dat file is correct to report to the correct Parent server, and that the root cert matches the parent server to authenticate itself to receive the updates.
0
 

Author Closing Comment

by:anikettamuche
ID: 31577555
I had to go through different solutions but none of them worked, my final decision was to use the batch file provided because i cant uninstall AV every time. I am sharing this points because of their contributions for mean time solutions they provided. But none of them were permanent solution. Thanks.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now