How to determine if virus definitions used by Symantec AntiVirus Corporate Edition are corrupted
|Article:TECH99824|||||Created: 2002-01-07|||||Updated: 2011-06-03|||||Article URL http://www.symantec.com/docs/TECH99824|
You need to determine if one or more of the following symptoms is caused by corruption:
- LiveUpdate does not update virus definitions
- Servers and clients do not update through the Virus Definition Transport Method
- The Symantec AntiVirus Server or Client service fails to start
- The number of Scan Omission errors in the Event Log is larger than normal
To check for possible corruption, open Windows Explorer and navigate to:
C:\Program Files\Common Files\Symantec Shared\Virus Defs
You should see the following items. The numbered folders are named by date in the format <year xxxx><month xx><day xx><revision .xxx>.
If there are more than two numbered folders, this is not a cause for concern, though in excess of four or five folders may indicate some underlying corruption.
Check for the following:
- Temporary folders identified by a .tmp extension are indications of corruption.
- Any files in the Incoming folder are indications of corruption.
- Open the Definfo.dat file and verify that the "CurDefs" value equals the most recent folder and that the "LastDefs" value equals the previously dated folder. In the example of the screen shot, the Definfo.dat file should look like this:
- Open the Usage.dat file and verify that the numbered folder heading inside the square brackets [ ] matches the folder referenced by "CurDefs"in Definfo.dat. Verify that there is a single square bracket. On a computer that is only running Symantec AntiVirus Corporate Edition, the Usage.dat file should look like this:
Note: If you have other Symantec products running on the same system, there may be other entries in the Usage.dat file. It is important that all entries are under the same numbered folder heading. If there is more than one numbered folder heading, stop all Symantec services, edit the Usage.dat file to have all Symantec products under the same numbered folder heading, save the changes, and restart the services. Depending on the nature of the issue, this may or may not resolve symptoms associated with corrupt virus definitions.
If virus definitions appear to be corrupted, do one of the following, depending on your product version:
- If you use Symantec AntiVirus 10.x, read How to revert to the previous definition set using Symantec System Center. If the problem persists. do not attempt to manually repair virus definitions. Symantec AntiVirus 10.x includes an automatic definition repair feature. If Symantec AntiVirus 10.x virus definitions remain corrupted, contact Symantec Technical Support for assistance.
- If you use Symantec AntiVirus 9.x or earlier, read How to manually repair or backdate virus definitions for Symantec AntiVirus Corporate Edition 8.x and 9.x.
Article URL http://www.symantec.com/docs/TECH99824