Remove Virus Definitions

If your feeling motivated, you might add in support for 64bit OSes. ;-)

-Mike

i'll check it then...

Good have to experiment it. Thanks for sharing

Nice work, 

The service Symantec Antivirus will no longer be there if it has been a clean install. I will be Symantec End point protection.
If you could have it modified and checked for 64 bit machines it would be great.

The following link might aid your work

This works even if the SEP has password.

 http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009032409384048?Open&seg=ent

@ABN: I'll check on the 64 bit ones soon. Thank's for the link.

@Cicero: You need administrative rights to do this. Some active directory settings prevents regular users from making changes to certain files and folders.

Hi,

I have run but nothing happen no definition were remove,

Is there any changes to be make in this batch file?

I just based it on Symantec's procedure for manual removal. You may check the contents of the batch file.
Were there any errors returned?

If you want, you may remove the non essential lines in the script.

 Nice work Mon..

Nice work. Thanks

You can't do net stop/start smcservice. you need to type in "%programfiles%\Symantec\Symantec Endpoint Protection\smc.exe" -stop / start.

I see you removed the NET STOP "Symantec AntiVirus" in v2, not sure why.

Have you guys noticed that by following this procedure, either manually from Symantec kb article or executing a script, the client will persist for a long time without definitions? No matter how many times I forced the client to check in with the SEPM, it still won't go faster. And if after it started downloading and populating the virusDefs folder, it still wouldn't install new defs.

Anything I'm missing? I kept on restarting the services, even restarted the computer. When it came back, it seemed to have installed definitions, but displayed malfunction of auto-protect. Long after that it came back to normal.

Let it be clear that I'm not questioning Mon's batch file, but Symantec's workaround.

Thanks!

Thanks again aa23. :D

I checked the v2 and actually found some errors. The script starts the services before removing the defs which should be afterwards. Posted it in the main thread.

The 2 scripts are basically the same in the process of deleting the definitions. The only difference is in their method of stopping the services. The first one terminates SEP by force and the other follows what the KB article says.

And I also noticed the lag in getting new updates. Even with using the Intelligent Updater on a working or non-corrupt definitions. The common factor is that the definitions are either non-existent or very old so it's taking a while to load the full list compared to deltas being deployed on a regular basis. Takes about 2-5 minutes.

It takes a lot in my  case until clients show new defs, they keep on popping they are missing defs, which is a healthy sign, but takes too long, and probably users go suspicious that was the right way to fix their problem....  I noticed that if, after removing corrupt defs, you do a repair it works fast. Anyone able to include a script to repair SEP11 install? If it can be done remotely, it would be even better.

And regarding the corrupts defs - I also found quite a number of machines that experienced quite a pattern in that, they had new virus definitions downloaded and just one old defs folder that showed the old date.

Now the definfo.dat showed new date, while usage.dat the old date of the old folder. Clearly a sign of corrupt defs. For all these machines, i found to be working just a kill of the RTVScan process. I simply killed the process remotely :) and optionally restarted SEP service (restarted many times automatically) and SMCservice.... By watching the virusdefs folder, I could see the the old definitions being discarded, and instantly client writing the correct date to usage.dat file. Soon the same was communicated to the SEPM and could be seen in the console. All this without deleting all definitions nd registry keys...Nice...