Release notes for Symantec AntiVirus 10.2 Client for Vista and Windows Server 2008

Article:TECH102297  |  Created: 2007-01-09  |  Updated: 2010-08-13  |  Article URL http://www.symantec.com/docs/TECH102297
Article Type
Technical Solution


Environment

Issue



This article documents the changes and fixes in each update to Symantec AntiVirus Corporate Edition 10.2 Client for Vista.


Solution



As updates to Symantec AntiVirus 10.2 are released, they are added as sections in this document. The sections are added in chronological order, with the most recent additions at the top.

Note: To download the latest release of Symantec AntiVirus, read the following document: Obtaining an upgrade or update for Symantec AntiVirus Corporate Edition or Symantec Client Security.


Maintenance Release 4 (MR4)

Components updated in this release

Component Version
Symantec AntiVirus 10.2.4.4000
AMS 6.12.0.152
Quarantine Server 3.5.5.101


Windows Security Center indicates that Symantec AntiVirus is not reporting its status
Fix ID: 1796075
Symptoms: Windows Security Center reports that Virus Protection is on, but is reporting its status to Windows Security Center in a format that is no longer supported.
Solution: Symantec AntiVirus was updated to properly update its status to the Windows Security Center.


Maintenance Release 3 (MR3)

What's in this release
Symantec AntiVirus Corporate Edition 10.2.3 provides a fix for an issue since the release of Symantec AntiVirus 10.2.

Components updated in this release

Component Version
Symantec AntiVirus 10.2.3.3000
Auto-Protect 10.2.10
Common Client 6.3.9.4


New fixes

    Windows 2008 drops network shares with Auto-Protect enabled
    Fix ID: 1638380
    Symptoms: Network shares become unresponsive after installing Symantec AntiVirus 10.2 with Auto-Protect enabled on a Windows 2008 server.
    Solution: Auto-Protect was updated to address the issue.


Maintenance Release 2 (MR2)

What's in this release
Symantec AntiVirus Corporate Edition 10.2.2 provides enhancements on top of the existing 10.2.1 functionality to support the Intel Itanium 64-bit processor. Fixes since the release of Symantec AntiVirus 10.2 are also included in this release.

    Notes:
    • Support for Intel Itanium 64-bit has been added to the Symantec AntiVirus 10.2.2 client only. The Symantec AntiVirus server, Symantec System Center and deployment tools have also been modified to support the management of clients that run on Itanium x64. The management components cannot be installed on an IA64 processor computer.
    • Support for Windows 2008 Server Core running on x86 and x64 (non-Itanium) platforms has also been added to the Symantec AntiVirus 10.2.2 client.


Component versions

Component Version
Symantec AntiVirus 10.2.2.2000
Auto-Protect 10.2.7
LiveUpdate 3.3.061


New Fixes:

    Functional:

    Windows 2008 dropping network shares with AutoProtect enabled
    Fix ID: 1296949
    Symptoms: Network shares become unresponsive after installing Symantec Endpoint Protection MR2 with AutoProtect enabled on a Windows 2008 server.
    Solution: Modified Auto-Protect to address the problem.

    When Auto-Protect is running on IA64 clients, saving the EICAR test string to a file causes the client computer to crash
    Fix ID: 1415889
    Symptom: Auto-Protect detection of the file crashes the computer.
    Solution: This version of Auto-Protect does not exhibit this problem.

    User profile duplicate problem on Windows Vista
    Fix ID: 1274978
    Symptom: During logon/logoff, duplicate user profiles are created on Windows Vista.
    Solution: The initial load of a scheduled scan was conflicting with Windows logon. The scheduled scan was not able to load correctly from a registry key, dword DelayScheduledScanLoad = 1 under ProductControl. The scheduled scans are now loaded in a more efficient manner which does not conflict with logon.

    LiveUpdate is unable to apply new definitions on IA64 agent
    Fix ID: 1407258
    Symptom: The endpoint is able to download the latest definitions but they are not applied to the client. Within the user interface, the Virus Definition File field does not update.
    Solution: The virus definitions were outdated. This version contains the latest virus definitions, which resolves this problem.

    Restoring infected files with Alternate Data Streams (ADS) doesn't restore any of the ADS, only the main file
    Fix ID: 1414332
    Symptom: When restoring an infected file with ADS from Quarantine, the main file and ADS files should be restored, but only the main file gets restored.
    Solution: A file handle was not closed prior to trying to open it for ADS processing. The handle is closed now prior to re-open attempt, which resolves this issue.

    Auto-Protect is not working on IA64 systems
    Fix ID: 1301308
    Symptom: Auto-Protect detecting a viral file causes the client computer to stop responding.
    Solution: When building up the virus info packet, Auto-Protect was not ensuring that the sub-packets are aligned on a four-byte boundary. Corrected this.

    Explorer stops responding when attempting to create files or changing permissions on files
    Fix ID: 1402630
    Symptom: On file or directory permission change or file creation, the system displays the hourglass cursor, and the system becomes non-responsive.
    Solution: Changed the Auto-Protect component which updates the flag used during permission changes.

    RTVscan.exe application error, "The instruction at "0x00419201" referenced memory. The memory could not be read."
    Fix ID: 1429103
    Symptom: When creating a Windows 2000 image to deploy, an RTVscan error occurs upon shutdown of the computer.
    Solution: Added a check to verify that the correct value is called.

    Auto-Protect exclusions do not apply to 2008 server unless "Reset All" is clicked in Symantec System Center
    Fix ID: 1401027
    Symptom: From Symantec System Center, apply Auto-Protect exclusions to a client group (that is not inheriting from the server group). The exclusions apply correctly to any Windows XP or Windows 2003 clients, but not Windows Server 2008.
    Solution: The registry keys are now correctly changed and updated on Server 2008.


    Installation:

    Setup.exe on CD1 should block installation of Symantec AntiVirus server
    Fix ID: 1435587
    Symptom: When launching setup.exe from CD1, Symantec AntiVirus server installation starts, but fails during file copy.
    Solution: Instead of blocking it, we allow it, since rollout of the server is possible. The installer now points to the Rollout folder, which is now located on CD1.

    Creating the administrative installation image fails with error
    Fix ID: 1272743
    Symptom: Attempting to create the administrative installation image, following the instruction on page 22 of Symantec_AntiVirus_Supplement_Windows_Vista_and_Windows_Server_2008.pdf, causes the error "instopts.dat is missing."
    Solution: Made change to copy the necessary files during installation, which solves the problem.


    Readme.txt updates:

    Registry keys not removed after uninstall on Windows Vista 64-bit
    Fix ID: 1410957
    Symptom: After uninstall of the client from Windows Vista, the HKEY_LOCAL_MACHINE/Software/WOW6432Node/Intel registry keys are all still present.
    Solution: Added the following to the readme.txt file:
      ----------------------------------------------------------------------------
      Symantec AntiVirus uninstallation leaves some files, folders, and registry keys behind after rebooting
      ----------------------------------------------------------------------------
      When you uninstall Symantec AntiVirus from a computer running Windows Vista and Windows Server 2008, the following files and folders are not removed from the computer:

      c:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\*.VBN c:\Users\<user name>\AppData\Local\Symantec\Symantec AntiVirus Corporate Edition\7.5\logs\*.log

      Note: ProgramData and AppData are hidden folders. You can access these folders by typing c:\<folder name> in the Start Search field and pressing Enter.

      On 64-bit operating systems, the following registry keys and subfolders are not removed:
      -----------------------------------------------------------------------------
      HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Intel\LanDesk\VirusProtect6
      \CurrentVersion HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\INTEL\DLLUsage\VP6
       
      To completely uninstall Symantec AntiVirus, remove these registry keys, files, and folders manually.


    Update specific versions mentioned in the Supplement .pdf, and other version changes
    Fix ID: 1428198
    Symptom: There is a piece of text that needs to change in the "Symantec_AntiVirus_Supplement_Windows_Vista_and_Windows_Server_2008.pdf" on Page 16
    Solution: Added the following to the readme.txt file:
      ------------------------------------------------------------------------
      Version and platform updates in the Symantec AntiVirus Supplement for Windows
      Vista and Windows Server 2008
      ------------------------------------------------------------------------
      The note on page 16 of the Symantec AntiVirus Supplement for Windows Vista and Windows Server 2008 has been updated for version 10.1.8.8000 and the Intel Itanium architecture. The note should read as follows:

      Note: You must use a server that runs Symantec AntiVirus version 10.1.8.8000 or higher to use ClientRemote to deploy Symantec AntiVirus clients on Windows Vista , Windows Server 2008, Windows Server 2008 Server Core, or on the Intel Itanium architecture (IA-64). The server software version on your installation CD is version 10.1.8.8001. Deployment from legacy Symantec AntiVirus servers is not supported.

      You can manage your Symantec AntiVirus Windows Vista and Windows Server 2008 clients using a management server that runs Symantec AntiVirus 10.1.8 or higher. However, you must browse to a custom installation path during ClientRemote tool deployment to do so.


    Readme update for Server Core deployment via ClientRemote
    Fix ID: 1427257
    Symptom: For Windows 2008 Server Core deployment via ClientRemote, additional steps are required in order to bypass ClientRemote's IE dependency check on the remote client computer.
    Solution: Added the following to the readme.txt file:
      ------------------------------------------------------------------------
      Bypassing ClientRemote's Internet Explorer requirement check on Windows Server 2008 Server Core
      ------------------------------------------------------------------------
      ClientRemote checks to make sure that Internet Explorer exists on the target computer. To deploy to a computer that does not have Internet Explorer, such as Windows Server 2008 Server Core, the Internet Explorer requirement check can be bypassed by using the version of the ClientRemote program located in the \Rollout folder on CD1. Launch the program and follow the on-screen instructions. You cannot use the Symantec System Center.






Maintenance Release 1 (MR1)

What's in this release
Symantec AntiVirus Corporate Edition 10.2.1 provides enhancements on top of the existing 10.2 functionality to support the Microsoft Windows 2008 Server and Windows Vista Service Pack 1 operating systems. Fixes and minor enhancements since the release of Symantec AntiVirus 10.2 are also included in this release.

Notes:

  • Support for Windows Server 2008 and Vista SP1 have been added to the Symantec AntiVirus 10.2.1 client only. The Symantec AntiVirus server and Symantec System Center and deployment tools have also been modified to support the management of clients that run on Windows Server 2008. The management components cannot be installed on a computer running Windows Server 2008 or Windows Vista.
  • Symantec AntiVirus client for Windows Vista does not run on Windows Server Core 2008.


Component versions

Component Version
Symantec AntiVirus 10.2.1.1000



New fixes

Scans configured with "Allow user to stop scan" unchecked can still be stopped
Fix ID: 1080342
Symptom: A scheduled scan is configured to show its scan progress, and also has "Allow user to stop scan" unchecked so that the user cannot close the scan prior to its completion. However, when that scan runs, the user can still close the scan prior to completion.
Solution: Changed the way that the scheduled scans were launched.

"Close scan progress when done" option on a scheduled scan does not work on Windows Vista
Fix ID: 1189911
Symptom: After creating a scheduled scan with the option to show the scan progress and close it when the scan has finished, the scan runs and the progress window is not closed.
Solution: Fixed scan dialog to honor configurations settings.

Symredrv.sys fails Windows Vista security code integrity check
Fix ID: 1159771
Symptom: After installing Symantec AntiVirus 10.2, the System Security log shows an error stating "Code integrity determined that the image hash of a file is not valid."
Solution: Verified correct signatures and cross signatures with Microsoft cross certificates.


Maintenance Patch 1 (MP1)

Components

Component Version
Symantec AntiVirus 10.2.322
AutoProtect 10.1.4.2
Behavior Blocking 3.1.6.2



New fixes

Enabling Windows Vista EFS on documents makes the encrypted files unreadable with Symantec AntiVirus 10.2 installed
Fix ID: 968684
Symptom: After installing Symantec AntiVirus 10.2, a user is unable to decrypt their EFS files from their Documents folder.
Solution: Updated AutoProtect engine to allow for the decryption of files while enabled.

RTVScan holds user profiles open after a user logs off
Fix ID: 1053308
Symptom: When a client logs off or disconnects a session while using roaming profiles, the profile is not completely closed, causing possible profile locks or corruption.
Solution: Changed how RTVScan handles session disconnects and logoffs to release NTUser.dat file in a more timely fashion. Also made changes to add better support for Seamless Windows within Citrix.

Symantec AntiVirus is unable to scan in Safe Mode
Fix ID: 1064915
Symptom: When a user tries to run a scan in Safe Mode, "Scan engine returned error 0x20000003" appears.
Solution: Changed service load to include necessary services to launch in Safe Mode.




Legacy ID



2007080911252448


Article URL http://www.symantec.com/docs/TECH102297


Terms of use for this information are found in Legal Notices