Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Symantec AntiVirus and Deep Freeze

Created: 28 Aug 2007 • Updated: 22 May 2010 | 13 comments
Does anyone have experience installing Deep Freeze on a system running Symantec AntiVirus?
 
We are considering an installation of Deep Freeze on student PCs as they have repeatedly deleted system files; however, SAV is installed on the C: drive, Deep Freeze will purge the SAV Virus Definition Updates on each reboot.
 
 
Discussion Filed Under:

Comments 13 CommentsJump to latest comment

Sam the Tech man's picture
I can help you with that if you are still stuck?? its a bit of a task though haha
 
 
we had the same problem where i work.
GlaucoLQ's picture
Hey Sam ...,
 
Post your solution here, so all of us can learn from you case.
 
Thanks
 
Glauco
RB Smith's picture
I have Clean Slate and were running into a similar problem. I lose my virus defs and scan engine disappears. help! Running 10.1.5.5000
Carsten Hoffmann's picture
Symantec Endpoint Protection the next generation of Symantec AntiVirus includes this functionality as well it is called System Lockdown.
Carsten
Bill Phillips's picture

Carsten,  I have to disagree based on the description of System Lockdown in the documentation.  Deepfreeze, restores your system to a previous known state.  You can allow users to intact with windows as full Administrators which allows usefull things such as installing applications and testing out viruses.  Lockdown appears to just restrict users abilities, not actually reset the computer to a known state.  For my computers, on SAV 10 (will work on a solution to 11 after MR1 or 2), I simply have a batch file in startup that will copy over the latest definitions (and other stuff) from the server.:

CLS
@ECHO OFF
ECHO "Deleting Symantec Antivirus GUID"
regedit /s \\server\certs$\GUIDRemove.reg
ECHO.
ECHO "Copying Server Certificates"
Copy \\server\vphome\pki\roots\*.cer "%SYSTEMDRIVE%\Program Files\Symantec AntiVirus\pki\roots" >nul
ECHO.
ECHO "Copying GRC.dat file"
Copy \\server\vphome\grc.dat "%ALLUSERSPROFILE%\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5" >nul
ECHO.
ECHO "Copying Latest Virus Definitions"
Copy \\server\certs$\*.xdb "%ALLUSERSPROFILE%\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5" >nul
ECHO.
ECHO "Restarting Symantec Antivirus Service"
Net Stop "symantec antivirus"
Net Start "symantec antivirus"
CLS
if Exist "C:\Documents and Settings\Administrator\Desktop\Shortcut to SAVSync.bat.lnk" del "C:\Documents and Settings\Administrator\Desktop\Shortcut to SAVSync.bat.lnk"
ECHO Process Complete.
ECHO Note: It may take up to a minute for the client to refresh.
ECHO Please verify the server name in Symantec Antivirus Console and
ECHO run LiveUpdate to test the connection to the server.

RB Smith's picture
this may be a stupid question, but is this batch file directly from Symantec?  I guess i'm trying to see if I can apply this as written to one of my test clients. I did see 7.5 in the file and was wondering if that needed to be changes to my current version. 10.1.5.5000. sorry for my ignornace. This got dumped in my lap.
RB Smith's picture
this may be a stupid question, but is this batch file directly from Symantec?  I guess i'm trying to see if I can apply this as written to one of my test clients. I did see 7.5 in the file and was wondering if that needed to be changes to my current version. 10.1.5.5000. sorry for my ignornace. This got dumped in my lap.
Bronzemouse2003's picture
RB,
7.5 is an existing directory that is found in Documents and Settings for Alluser profile.  It appears as 7.5 whether you upgrade from 7x, or do a first time install from new versions.
Bill Phillips's picture

Hi RB,

No, this batch file is not from Symantec.  This is based off a couple years of work of trying to fix various issues we've had with SAV since v. 8.  You can comment out or delete the parts that are not relevant to your environment.  The key part about the definitions is pulling the latest .xdb from your server and making it available on a share.

Bronzemouse2003's picture
Bill,
Since DeepFreeze returns the PC to the original configuration (with original definition file) I would expect that the daily downloading of a definition update would take longer as the file would grow considerably as time went by.
 
How did you address this?
Carsten Hoffmann's picture
Bill,
 
you are right - I mistook deepfreeze with something else
 
Carsten
Bill Phillips's picture

I haven't given it much thought.  My current XDB file is 26.690MB.  My situation is a little different than yours.  I send machines to conferences, seminars, and events, and use ghost to put down a new image.  I only deal with 10-20 machines at a time on a gigabit backbone.  Sometimes I need to exclude directories etc, the management server will update the grc.dat and I use the batch file to copy the latetest grc.dat after imaging along with the updated definitions.