Endpoint Protection

 View Only
Expand all | Collapse all

Symantec Scan Engine 5.1 and Symantec AntiVirus Scan Engine for Windows

Rafeeq

RafeeqMar 03, 2010 01:09 PMBest Answer

  • 1.  Symantec Scan Engine 5.1 and Symantec AntiVirus Scan Engine for Windows

    Posted Feb 19, 2010 06:43 AM
    Can someone tell me if Symantec Scan Engine 5.1 and Symantec AntiVirus Scan Engine for Windows are the same application?

    I have Symantec Scan Engine 5.1 a separate server application than the Symantec AntiVirus 10.1.7.7000 Corporate Edition Client, both installed on a server here.

    The Symantec Scan Engine 5.1 app virus definitions are not updating. Is there a procedure or checklist out indicating where the defs are stored and how to clean them out if neccessary to get this app to work properly?


  • 2.  RE: Symantec Scan Engine 5.1 and Symantec AntiVirus Scan Engine for Windows

    Posted Feb 19, 2010 06:50 AM
    more or less it should be same , its all in symantec shared.
    http://service1.symantec.com/support/ent-security.nsf/docid/2007123111551948 


  • 3.  RE: Symantec Scan Engine 5.1 and Symantec AntiVirus Scan Engine for Windows

    Posted Feb 19, 2010 08:36 AM

    Hi Rafeeq,

          Thanks for the response. This is getting frustrating, hopefully you can explain/straighten this out for me.

           I've been trying to find out if the server application Symantec Scan Engine 5.1 is the same thing as Symantec AntiVirus Scan Engine for Windows. The reason why is Symantec has the i32 executable definition update and the x86 exexcutable definition update. 

    On this server I'm refering to it has both Symantec Scan Engine 5.1 and Symantec AntiVirus 10.1.7.7000 Corporate Edition Client.
    According to the Symantec web site http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce
    the Symantec Scan Engine 5.1 should be using the x86 executable (that's if the Symantec Scan Engine 5.1 is the same thing as Symantec AntiVirus Scan Engine for Windows) and the Symantec AntiVirus 10.1 Corporate Edition Client should be using the i32 executable. So which one do I use?

    The link you gave me above for cleaning out Symantec Shared is for SEP.

    The only thing is on this server the Symantec Scan Engine 5.1 the definition updates are stuck on May 8, 2008 and the only place I see where these definition files are at D:\Program Files\Symantec\Scan Engine\Definitions\AntiVirus\VirusDefs.
    So from what I can tell is the Symantec Scan Engine 5.1 is not getting the updates from the same place as the SAV client.

    The SAV client is updating and the Symantec Shared folder has the current defs.

    Now what's happening is I've been using the i32 defintion executable for quite some time now and did not notice until recently that the Symantec Scan Engine 5.1 application's definitions were not updating (assumed all was OK) I so I tried running the x86 executable but it is causing an error and will not work.



  • 4.  RE: Symantec Scan Engine 5.1 and Symantec AntiVirus Scan Engine for Windows

    Posted Feb 19, 2010 08:44 AM
    I'm sure that Symantec scan engine and  Symantec AntiVirus Scan Engine for Windows are one and the same
    "Symantec Scan Engine, formerly marketed as Symantec AntiVirus Scan Engine, is a carrier-class content-scanning engine"
    http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2005111011073954

    Hi you tried this

    Updating virus definitions in Symantec Scan Engine 5.x when LiveUpdate is used for another installed Symantec product

    http://service1.symantec.com/support/ent-gate.nsf/docid/2005102514480454


  • 5.  RE: Symantec Scan Engine 5.1 and Symantec AntiVirus Scan Engine for Windows

    Posted Feb 19, 2010 10:01 AM
    Rafeeq,
           Yes I did try the "Updating virus defintions in Symantec Scan Engine 5.x when LiveUpdate is used for another Installed Symantec product" at http://service1.symantec.com/support/ent-gate.nsf/docid/2005102514480454 the day before yesterday and it did not help. 
    What I did try this morning was to copy and paste the current definitons from Symantec Shared into the D:\Program Files\Symantec\Scan Engine\Definitions\AntiVirus\VirusDefs directory and according the Symantec Scan Engine 5.x GUI the defintion status did update. 

    Since this server and some others with the same setup are on closed networks I have to download the def updates from the Internet and manually move them over to these systems. This would be ridiculous having to go through this weekly. And doing things this way doesn't seem proper and I'm not sure of the implications. Within the Symantec Scan Engine 5.x GUI even though the Date of definitions has updated the Date of URL dictionaries and Date of DDR dictionaries are now N/A status. They at least had an older date previously.

    I was told that the Symantec Scan Engine 5.x applcation uses the x86 executable but unknowningly had been using the i32 executable. Now if i try to use the x86 executable it causes an "NTVDM encountered a hard error" What the x86 executable has to do with 16-bit applications I have no idea and cannot find any answer. The i32 executable does not have this problem.

    I know the NTVDM error is not your problem but I do know that it's not the reason why the Symantec Scan Engine 5.x isn't updating and I don't know if Symantec is even supporting the Symantec Scan Engine 5.x application anymore so I don't know what sort of assistance /advice I could get from you guys.
     


  • 6.  RE: Symantec Scan Engine 5.1 and Symantec AntiVirus Scan Engine for Windows

    Posted Feb 19, 2010 10:07 AM
    Good its showing the udpates now, since you have sav10 and scan engine, just update the SAV10 and copy paste the
    Virusdefs folder to scan engine :)  after it updates.
    WRT to URS dictionaries i think it will be available if you are have internet access ( not sure if these are included in the manual updates)
    if two or more symantec products are installed, I think we would face problems like these with scan enginee.
     


  • 7.  RE: Symantec Scan Engine 5.1 and Symantec AntiVirus Scan Engine for Windows

    Posted Feb 19, 2010 11:43 AM
    Thanks Rafeeq,

               Constantly having to copy and paste into the VirusDefs folder is not the answer I was looking for a fix would be nice, just having to run the update executable would be the way to go.

    According to the docs I found the DDR and URL dictionaries are updated through LiveUpdate and Intelligent Updater does not provide URL/DDR defintiions or product updates.

    What no one has been able to tell me is why the i32 executable works and the x86 executable does not and would a working x86 executable take care of the Scan Engine not updating? And what the x86 executable has to do with 16-bit applications?

    If these questions can't be answered  I guess this closed.


  • 8.  RE: Symantec Scan Engine 5.1 and Symantec AntiVirus Scan Engine for Windows

    Posted Feb 19, 2010 12:01 PM
    I was confused on that.
    I32 is the one which should update your defs for scan engine, it depends on what installed on box, hope you have seen this before

    How to apply Intelligent Updater virus definitions manually to Scan Engine 5.x

    http://service1.symantec.com/support/ent-gate.nsf/854fa02b4f5013678825731a007d06af/65bfe9ec7a3c533c80257504004eb67c?OpenDocument

    1. if Scan Engine does not reside on a machine with Symantec Antivirus Corporate Edition (SAVCE) or Symanec Endpoint Protection (SEP), download and execute the file that ends in -x86.exe
    2. Download and execute the file that ends with -i32.exe (NOTE: this is not the file that has v5 before the i32.exe)
     Does this answer?


  • 9.  RE: Symantec Scan Engine 5.1 and Symantec AntiVirus Scan Engine for Windows

    Posted Feb 23, 2010 09:26 AM
    Hi Rafeeq,
           I just recently tried this link you sent "How to apply Intelligent Updater virus definitions manually to Scan Engine 5.x" which is similar to the other you sent in an earlier post "Updating virus definitions in Symantec Scan Engine 5.x when LiveUpdate is used for another installed Symantec product". This new one you sent does help explain which i32 or x6 update to use. Thanks.

    The setup-iu.bat is enabled but it is not working. According to the setup-iu.bat file the Symantec Scan Engine 5.x should be getting it's updates from the \Symantec Shared\VirusDefs folder. Correct?

    But it's not.
     

    The Scan Engine is updating from the \Program Files\Symantec\Scan Engine\Definitions\AntiVirus\VirusDefs folder.
    But that's only if I copy and paste the entire contents of the current Definition folder i.e 20100222.017 (in the \Symantec Shared\VirusDefs folder) into it.

    The setup-iu.bat file is located and enabled from the install location of the Scan Engine folder <INSTALL_DIR>\Definitions\AntiVirus\ but no where inside this setup-iu batch file does it say that the Scan Engine gets it's update from this same location.

    SO IT LOOKS LIKE I'M RUNNING THE CORRECT UPDATE EXECUTABLE "20100222-017-i32.exe", I HAVE THE SETUP-IU.BAT ENABLED AND THE SAV CORP CLIENT WHICH IS LOCATED ON THE SAME SERVER AS THE Symantec Scan Engine 5.x IS UPDATING JUST FINE SO IT"S SAFE TO SAY A CORRUPT DEFINITION IS NOT THE CASE.

    So I'm at a loss here.

     



  • 10.  RE: Symantec Scan Engine 5.1 and Symantec AntiVirus Scan Engine for Windows

    Posted Feb 23, 2010 09:42 AM
    I really did not work on scan engine however i think the definitions are kept in different place, coz earlier when you cleared out defs there was nothing related to scan engine in symantec shared folder, so its definitely not there.

    since scan engine does not use shared structure , setup-iu.bat would just copy from shared folder virus defs and put in the scan engine folder

    is your scan engine on D drive, i think its very much related to this, which explains the same.

    When the default drive is some other drive than C, such as D, run the following command:
    D:\Program Files\Symantec\SMSSMTP\csapi\AntiVirus>   setup-iu.bat enable

    http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2004043008200254

    All I can think is of this document, when i first started i just speculated about how it gets virus defs but indeed i was correct, check the below document.

    In Scan Engine 5.2, CSAPI does not copy Definitions from the VirusDefs Folder
    http://service1.symantec.com/SUPPORT/ent-gate.nsf/ebb584f44403dcf188256ffc006c8900/364e3a241f612ae5802574cd003a63c1?OpenDocument


     


  • 11.  RE: Symantec Scan Engine 5.1 and Symantec AntiVirus Scan Engine for Windows

    Posted Feb 23, 2010 02:55 PM
    Hi Rafeeq,
                Yes I did catch that earlier. I did run the setup-iu.bat file from the Scan Engine directory which is on the D drive. D:\]Program Files\Scan Engine\Definitions\AntiVirus. When I did run the bat file with command, setup-iu.bat enable, it created the shadow.iu file with Enabled inside.

    I've been trying to disect this setup-iu.bat file to figure out what it's supposed to be doing but I'm not very promamming knowledgable so I'm not sure.

    I could go ahead and try to re-create that shadow file manually but I don't see the point since it is being created by the batch file.


  • 12.  RE: Symantec Scan Engine 5.1 and Symantec AntiVirus Scan Engine for Windows

    Posted Feb 23, 2010 03:09 PM
    that file would shadow , symantec shared folder from c drive, copy defs to d: virusdef folder (i think i'm sure on this) 


  • 13.  RE: Symantec Scan Engine 5.1 and Symantec AntiVirus Scan Engine for Windows

    Posted Feb 25, 2010 09:50 AM

    Sorry for the delay.

    Besides creating and deleting siu-ia and siu-defs .txt and .bat files, looking through the registry for Symantec installed apps, making a directory called CSAPIDefs (which it doesn't appearing to be doing). coping the defs is what it's supposed to be doing, but it's not.

    What I'm going to have to do is install this config onto a test server and research it some more.

    Currently this Symantec Scan Engine 5.x AV def updating is not working properly and it's content filtering is important. Doing this copying and pasting work-around I'm not even sure if the Symantec Scan Engine is really secure. Even though the GUI status the Defs are current.

    So like I said I'm going to have to recreate this on a different server else and go from there.

    I really appreciate you helping me with this and if/when I get this ironed out I'll let you know.
     



  • 14.  RE: Symantec Scan Engine 5.1 and Symantec AntiVirus Scan Engine for Windows

    Posted Mar 02, 2010 06:46 AM

    I installed the Symantec Scan Engine 5.x and Symantec Corporate Edition Client on a new system. Same OS. This system has not been locked down. Running the x86 executable update works and does not cause the 16-bit NTVDM error. Everything is installed on the C drive. Unlke the other system which is isolated this one can connect to the Internet.
     
    But the Symantec Scan Engine 5.x definitions are still not updating. Shadowing has been enabled. The SAVCE client updates using either the x86 executable or live update.

    We also have licenses for the Scan Engine and it is configured as so in the System-License section,

    Feature                       Expiration                 Fullfilment ID

    AV Scanning              Never Expires          ********.* (License #)

    AV Content                 Not Licensed           N/A

    URL/DDR Filtering   Never Expires         ********.* (License #)

    RL/DDR Content      Not Licensed           N/A

    IS THERE ANYONE WHO CAN SHED SOME MORE LIGHT ON THIS ISSUE? THERE HAS TO BE SOMEBODY OUT THERE WHO USES THIS SCAN ENGINE AND UPDATES THE DEFINITIONS.



  • 15.  RE: Symantec Scan Engine 5.1 and Symantec AntiVirus Scan Engine for Windows

    Posted Mar 03, 2010 12:57 PM
    The problem was the content licenses expired. After getting clarification that the content license was needed for def updates, I set the clock back to just before the expiration date on a test system and the scan engine updated.


  • 16.  RE: Symantec Scan Engine 5.1 and Symantec AntiVirus Scan Engine for Windows
    Best Answer

    Posted Mar 03, 2010 01:09 PM
    good to hear that ;) happy for you