Fixing Symantec AV 10 Clients with Altiris DS

Symantec Antivirus is a great product and it will be with great reluctance that we will be moving to Symantec Endpoint Protection 11. We are not there yet, though, and we often run into a problem with version 10 that I am sure many of you have seen as well.

Sometimes, the client just stops getting new virus definitions. Without going into the reasons for why this happens we have developed a painless way to repair these clients with Altiris Deployment Solution that is fairly easy to implement and provides instant fixes. It's our understanding that even though the certificate looks right it has somehow gotten corrupted and needs to be refreshed. An uninstall and reinstall of the client will fix this but this will require more than one reboot and most users are not willing to put up with that.

We've created an Altiris job that fixes the most common problems. First, you need to grab the following files from your SAV server and put them someplace where Altiris DS can get to them:

1. \\virus server name\vphome\grc.dat
2. \\virus server name\vphome\pk1\roots\certificate file

where virus server name is your SAV system center server and certificate file is your particular certificate file (it will have a very long name)

Put these files in a folder called SAV on your eXpress share

Then create a DS job that copies the GRC.DAT file to

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\grc.dat

And copies the certificate file to

C:\Program Files\Symantec AntiVirus\pki\roots\cerfificate file

You've got to make sure that the destination path contains the name of the file. There is a peculiarity in DS that I've noticed that with long paths you cannot simply put the folder name. It will get confused and not copy the file. To be safe you should use exactly the same file name as in the Source Path.

Good hunting!