Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Any Active SVS layer prevents forefront from updating

Created: 31 Dec 2013 • Updated: 31 Dec 2013 | 2 comments
JJV's picture

We use SCEP (Forefront) Microsofts AntiVirus product to manage AV in our envrionment.  Since mid December, all our dat files fail if we have any layer active.  If we deactivate the layer, it updates.  Turning the layer back on it fails again.  We have tested this on SVS sp7,8 and 7.5.  If we turn off the layer, update the dat, reactivate the dat and reboot, the dat file reverts.  This is happening on layers that have been around for years or brand new layers.

Does anyone have any ideas?

Operating Systems:

Comments 2 CommentsJump to latest comment

ksreek's picture

Considering your statements , "Since Mid- December" and happens in all versions SP7,8 & 7.5 , i suppose an update to the existing FF Anti-Malware Engine migh have caused a confict to our layer operations ?

Ok lets narrow down the problem a little bit.

1. Are you managing your updates for clients through System Center or Windows Updates ?

2. Could you provide more specifics ? (Forefront Endpoint Protection client version details, Environment, Steps to reprduce this in a standalone client environment (w/o System center)) etc

3. Have you tried to install the updates manually . I remember seeing this in the past if it helps http://blogs.technet.com/b/clientsecurity/archive/2011/11/03/how-to-use-the-definition-update-automation-tool-for-forefront-endpoint-protection-2010-update-rollup-1.aspx .This will reveal if the engine is struggling to fetch the signatures or applying them to the endpoint and where we are interfering. You may also notice which sequence fails from the FF log files and post us.

4. Just to confirm, when you say  "If we turn off the layer, update the dat, reactivate the dat and reboot, the dat file reverts" ? are you saying the updates reverts back to a older version ? . Also Have you checked this whole scenario with a 'empty' layer in"Active State" ?

Thanks.

ksreek's picture

We have hunted down this issue. It looks like we needed to adopt our code based on a change in microsoft's function for registry enumeration. please visit http://www.symantec.com/docs/TECH214228 for more details.Thank you.