Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

SAV Times out when opening e-mail w/ attachment in Outlook '03

Created: 09 Feb 2010 | 2 comments
SRed's picture
SRed
0 0 Votes
Login to vote

 Hey all, I've been lurking in the forum for quite some time, relying on others to ask the questions I need answered.  Today I've encountered an issue I've not seen discussed on this forum (or at least not applicable to my environment), affecting several machines in an enterprise environment.  

Issue seems to reside with emails that contain file attachments. Emails that did not contain file attachments opened promptly.  Checking Event Manager under the SYSTEM portion, we found several of the following:

Timeout (30000 milliseconds) waiting for a transaction response from the Symantec AntiVirus service.

Checking for similarities on other machines, I found that this appears to stem from a corrupted dat file from 2-3-2010 rev 4 for Symantec Anti-virus.  When we attempt to LiveUpdate, the process completes, appearing to have downloaded and install new definitions, but the version does not update in the SAV screen, nor has anything changed.  A look in the Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\ folder shows a few folders containing updates, the most recent one (the last day updated) contains numberous *.9## files, all of which are only a few KB in size, compared to the more normal looking definitions in the previous folders.

 
Unfortunately, the corrupted dat file also corrupts the .msi for Symantec Anti-virus,  which makes it almost impossible to remove cleanly through normal measures. We have acquired the NoNAv2.49 removal tool and if you DO NOT call the msi in the setup, the tool is successful in removing Symantec Antivirus. (this tool was linked on the forum)  From there, a traditional reinstall is possible, and the pc will advance to the next definition.  

Has anyone had similar issues?  Something about this whole process--namely, that it is only affecting users in a single department known for sharing files frequently, with one exception--and the great difficulty involved in rectifying the issue, plus the fact that whatever is causing this effectively locks the system at a particular version number, makes me believe that a rootkit or some malicious virus activity is taking place.  We've tried antivirus scans from a known good machine and have returned no viruses.

Any advice or direction would be greatly appreciated
 

discussion Filed Under:
, , , ,

Comments

Brian81's picture
20
Dec
2010
0 Votes 0
Login to vote
Brian81

What version of SAV are you

What version of SAV are you running?

Endpoint Knowledge Base

Security Best Practices

Thomas K's picture
20
Dec
2010
0 Votes 0
Login to vote
Thomas K
Admin
Accredited

If this is SAV 9 or older,

If this is SAV 9 or older, the product is End-of-Life, and is no longer supported. The NoNav tool is extremely old and is not recommended for software removal. The Cleanwipe tool replaces NoNAv, and you would need to contact support to get the latest Cleanwipe tool.

 

Here are the manual uninstall documents KB -

http://www.symantec.com/business/support/index?pag...

 

Best,

Thomas

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,916