Virus definition files not updating. Symantec System Center v.6
Created: 28 Nov 2011 | Updated: 30 Nov 2011 | 10 comments
This issue has been solved. See solution.
Guys,
I have a 32 bit poweredge, Win2008 server that has Symantec System Center ver. 6.0 installed on it and it still has an old virus definition file on it. The clients as well have this same old definition file too. It shows as 5/2/2011 rev.2. Doing a definition file update doesn't help. No error messages. Neither the server or clients are updating.. clients are set to update from the win08 server as well.
help!!!!!
Discussion Filed Under:
Comments 10 Comments • Jump to latest comment
try this might help
To download an .xdb file from Symantec
You can also find the file from the Symantec Security Response Virus Definitions Download Page.
The file name should be similar to the following:
vd12bc02.xdb
To copy an .xdb file to a Symantec AntiVirus server
The location of the folder can vary if you upgraded from a previous version.
For help with this, see the "To find the Symantec AntiVirus program folder" section in the Technical Information section of this document.
To copy an .xdb file to a Symantec AntiVirus client
The Application Data folder may be hidden. To show hidden and system folders, read the document How to make Windows show all files.
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\ or C:\Program Files\Symantec AntiVirus\
C:\WinNT\Profiles\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\
Automatically updating definitions using the .xdb file
Symantec provides a batch file that you can schedule to update the definitions with the latest .xdb file. This batch file automatically downloads and extracts the latest .xdb file from a statically named executable (Navup8.exe), and copies the .xdb file to the appropriate location. For more information, read the document How to automatically update Symantec AntiVirus Corporate Edition definitions without using LiveUpdate
http://www.symantec.com/business/support/index?page=content&id=TECH99867
Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.
Swapnil
So does this mean that I will not be able to use liveUpdate to update the virus definition files?
The event logs show the following error in LiveUpdate:
Event Type: Error
Event Source: LiveUpdate
Event Category: None
Event ID: 55
Date: 11/27/2011
Time: 10:00:01 PM
User: NT AUTHORITY\SYSTEM
Computer: NRMC005
Description:
6001: LiveUpdate failed because the LiveUpdate package is corrupt. Internal authentication files are not present.
Please run LiveUpdate again. If the error persists, contact your network administrator or LiveUpdate provider.
????
This is what 6001 is The guard or signature file is missing from the TRI file.
https://www-secure.symantec.com/connect/blogs/live-update-number-which-will-help-you-determine-what-exactly-luxxxx-means
Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.
Swapnil
Er... Neither Symantec System Center nor SAV server is supported to run on Windows 2008:
From "System requirements for Symantec AntiVirus 10.1" (http://www.symantec.com/docs/TECH101699):
The only supported SAV product on Windows 2008 is the SAV 10.2 client.
Don't mean to be rain on the parade--the xdb workaround may work and if it does, great--though there's going to be no further development on SAV, so I would definitely consider migrating up to Endpoint Protection (SEP).
sandra
Symantec, Information Development, IMDP
Symantec Endpoint Protection / Core Security Engineering Group
Don't forget to mark your thread as 'solved' with the answer that best helped you!
I am sorry it's actually Win2003 R2.. I was thinking of another server we have here :) So, is this problem fixable so I don't have to use this manual process above. We have over 400 clients!
Thanks for the clarification.
So did something about your environment change back in May? My suspicion is that, based on '6001: LiveUpdate failed because the LiveUpdate package is corrupt. Internal authentication files are not present.', is that perhaps a firewall, a proxy or some other gateway appliance or application, was put into place or enabled (or possibly even upgraded) that is scanning and modifying the content received from LiveUpdate.
You mentioned that the SSC is 'version 6'. From what I can find, this translates to Symantec Antivirus 9.x. If this is true and this is the version you are using, let me be frank: you are doing the security of your environment no favours by using a product that old--it can't handle the modern threat landscape, and it's not even supported anymore. Definitions are no longer certified for use with SAV 9.x (emphasis mine):
Symantec Antivirus 9.x will reach its End of Standard Support as of March 31, 2009. Virus definition updates for version 9.x will be discontinued on April 1, 2009. Please contact your account manager or reseller for information about our current shipping versions. (http://www.symantec.com/business/security_response...)
sandra
Symantec, Information Development, IMDP
Symantec Endpoint Protection / Core Security Engineering Group
Don't forget to mark your thread as 'solved' with the answer that best helped you!
You are correct Sandra.g.. I figured this out yesterday and it is due to the version of AV being outdated. We will be upgrading to Endpoint 12.1 soon.
Glad to hear, and good luck migrating your environment!
sandra
Symantec, Information Development, IMDP
Symantec Endpoint Protection / Core Security Engineering Group
Don't forget to mark your thread as 'solved' with the answer that best helped you!
Hi
Try this might help.
http://www.symantec.com/business/support/index?page=content&id=TECH91335&actp=search&viewlocale=en_US&searchid=1292646719517.
Copying the most recent .jdb file, renamed to remove .zip extension, to C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\content\incoming fails
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Would you like to reply?
Login or Register to post your comment.