10.x
blenahan
|
November 20th, 2009
AV servers in Symantec System Center 10.1.7 has thousands of clients. Most update normally via VDTM. One or two hundred of these clients are stuck on a certain date. In this case either 11/2/2009 or 11/11/2009. Clients are online, just not getting updates from AV server. on the Event Viewer of the AV server, I see many entries like Event ID: 4 "Update to computer JGELLERM-T60 of virus definition file 111102c failed. Status FFFFFFFF" What does this mean?
I know there are ways to resolve on a case by case basis for each machine, whether that means running rx4defs or reinstalling the client, but with a hundred or more machines, I am hoping to be able to script something that can fix these machines remotely.
thanks.
2 comments
Bryan S
|
November 20th, 2009
and not just the first 10? I want to be able to reference my info, but all I can see is like the first 10-12 entries. I have hundreds and want to see them all.
Thank you.
5 comments
ylevadoux
|
November 20th, 2009
Hello,
We have an existing SAV 10.1infrastucture for servers and workstation which works very well.
We now need to add Symantec Client running windows Server 2008 .
Does Symantec Antivirus Server (a Windows Server 2003 , with Symantec Antivirus Server version 10.1.6.6010) can manage client running Windows Server 2008 ?
The Symantec client we install on Windows 2008 is 10.2.4.4000.
Yannick
3 comments
breakerboi
|
November 20th, 2009
Hi,
I'm facing problems with installing V10.0.2 on one client with XP
in the installation progress when modifying the registry, the following error comes up
Error 1402. Could not open key:
HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\Snap-In\LotusNotes.
Verify that you have sufficient access to that key, or contact your support personell.
i've checked the registry key, and the lotus notes key does not exist
can I export the key out of the registry of a similar client?
or do I need to create it manually - and if so, can you give me the key details
thanks for the support
Bert
3 comments
sahir
|
November 19th, 2009
Dear All,
I have SAV 10.2 Server client setup spreaded across different regions in the country across WAN includes 340 clients. Now we planned to migrate SAV to SEP. Is it possible to migrate it without affecting the present setup ? What are the steps to be taken care before proceeding with migration ? What are the challeges may occur since it is a WAN setup .?
Thanks in Advance ,
Sahir.k
1 comments
Bryan S
|
November 19th, 2009
Hello, I made NO changes, and up until the time of Halloweeen 10-31-2009, the updates and the latest definitions were being pushed out properly, and the machines were all up to date. Now I have to go in and MANUALLY update everything. Almost ALL of the machines on my network are reflecting 11-14-2009 as the date for the definitions. I have 2 client groups. One has the clients up to date, the other is behind now by 5 days. I need to know what I can do to make these definitions go out system wide without manually pushing them. I need the to work and I need to know what I am missing and why this is occuring. Do I need to change anything in the group for this to work properly? It worked all this time and with no change I now have to manually do this.
Thank you.
9 comments
sri2384
|
November 18th, 2009
Try this script...if competitve uninstall did not work...
1. open a notepad
2. type msiexec /x {Product code of CA Etrust 8.1} /passive or /quiet
/passive - visible uninstallation /quiet - silent uninstallation
3. Save this notepad as a .bat file
4. Run this .bat file on the machine which has CA etrust 8.1
Product code can be obtained from the registry
HKLM \ Software \ Microsoft \ Windows \Current Version \ uninstall.
Under the unistall folder you would find multiple folders respective to each application. Find the right folder for CA etrust 8.1 and copy the product code from Dword string Uninstall String or Modify Path
0 comments
MFishman
|
November 18th, 2009
Basic question (I hope). If there are two servers on the same network, one running SAV 10.x and the other running SEP 11.x, will the workstations discovered by SEP 10.x show up as unmanaged by SEP 11.x & vice versa?
2 comments
Kevin Haley
|
November 17th, 2009
Yes, it’s a cheap trick and not even close to original. But the lesson here is that even obvious social engineering tricks can get people to click on a link. We can’t help ourselves. We love to click. Clicking on links and attachments that are accompanied by just the slightest bit of social engineering appears to be a basic human need. I expect it to show up in a revision of Maslow’s Hierarchy of Human Needs any day now—behind love, but certainly ahead of safety.
I do have a point to all this. Two actually. As we compiled the Security Trends to Watch in 2010, what occurred to me is that the people who most needed to read this information never will. At least not without some social engineering on my part. And since social engineering plays such a prominent role in future trends, it seemed appropriate. So I’ve decided to use this little trick to get people to read the list of trends below. So…
Don’t read this if you think antivirus technology...
11.x, Security, Security Response, 10.x, Evolution of Security, 9.x and Earlier, IT Risk Management, Malicious Code, Online Fraud, Security Risks, Spam, Vulnerabilities & Exploits, Endpoint Protection (AntiVirus)
0 comments
MFishman
|
November 17th, 2009
I am getting messages from SAV 10.x saying that a virus was found, but it reports the risk discovered by "Unknown" (not prefixed by Heuristic, etc.).
So who did indeed catch this one?
4 comments
Eduardo Rodriguez
|
November 17th, 2009
Estimados,
Tengo el siguiente problema:
Tengo instalado el Symantec Antivirus corporate 10 en una red con alrededor de 250 pcs.
Además tenemos instalados aplicaciones q conectan via ODBC a un sql server 2000 con service pack 4. He notado que si ejecuto los programas previo a la instalación del cliente de Norton Antivirus tarda en abrir entre 3 y 6 segundos. Sin embargo, luego de instalar el cliente del antivirus la conexión al odbc da time out, luego de aceptar el mensaje de error del time out abre normalmente el programa.
Esto implica una demora importante al ejecutar los sistemas.
Si alguien puede aportar alguna idea se lo agradezco.
Saludos cordiales,
Eduardo Rodriguez.
Montevideo - Uruguay
Security, 10.x, Drivers, Compatibility, Configuring, Installing, Windows, Endpoint Protection (AntiVirus)
10 comments
Mike Gardner
|
November 16th, 2009
Anyone having this problem?
Started today at 0900 Arizona time
Outlook receives a message stating:
"We are contacting you in regards to an unusual activity that was identified in your mailbox. As a result, you mailbox has been deactivated. To restore your mailbox, you are required to extract and run the attached mailbox utility."
Best regards, {domain}.com tachnical support.
the attachment is utility.zip
Thanks
7 comments
Subhi Pattiam
|
November 16th, 2009
Hi,
how tu run the norten scan ?. The link is http://security.symantec.com/sscv6/WelcomePage.asp .It is giving the error 'unable to download the definition'.I am using the internet through proxy connection.This is very much required for me because am unable install the symantec in one machine.Suspecting some infections.
11 comments
scottmc10
|
November 14th, 2009
Hi. I have Symantec Antivirus 10.1.6.6000, virus definitions 11/03/09 rev. 3. Windows XP. I hope I'm posting in the correct forum. It seems the version of Symantec AV software my graduate school gives out to students and faculty is a corporate version, and the people on the Norton board sent me here.
In the last two days I have seen auto-protect pop up with Backdoor.tidserv something like 12 times. Each time it says, "cleaned by deletion." But then a few hours later it comes back. It seems there must be some part of this infection not being removed. I have the risk history log that just shows the dozen occurences I mentioned and a cluster of trojan horse files that were supposedly quarantined on 11/8/09. Can anyone help?
Thanks in advance. Apologies if I have omitted some baseline information. I have never posted to this forum before.
8 comments
537116137
|
November 13th, 2009
Hello
Hopefully this will be helpful to someone. We have had some Windows 2000 machines that continually have problems with Auto Protect failing to load at startup. The only thing we could find that did any good was uninstalling and reinstalling the client which would break again in about two weeks. We have corporate edition 10. Well, after months of looking through website after website and help sites and who knows what else sites, and trying registry fixes and file repairs and updated this and that, we finally tracked it down on our own. There is a windows update, KB922582, that was causing the issue. Once we took it out, the autoprotect started fine after the reboot. The update relates to Windows Update issues with the Filter Manager. I don't like having to take out an update, but the company getting infected because the autoprotect isn't working would be worse. Hope this helps someone.
2 comments
adamwillmott
|
November 13th, 2009
Afternoon,
We have a few performance issues on some of our older laptops on the domain, if I change client auto protect options within SSC to modify only, the stations log on much faster than when auto protect is set to access or modify? I don't want to leave auto protect set to modify only, as this prevents a security risk to the laptops and the domain. Instead i want to find out what auto protect is doing at log on and if i can add a few exclusions to help speed these laptops up.
As part of the investigation i have enabled debugging and i am still none the wiser. Attached is the file, it looks like it's checking for scheduled scans every minute, can this be stopped? Is there anyway of finding out what auto protect is actually doing?
Has anyone got any ideas?
Thanks in advance.
Adam.
4 comments
shp
|
November 12th, 2009
I would like to add an idea about online status of the users in Symantec connect.
It will be good to see a status icon(small bubble) beside user virtual face(avatar) like Green for online orange for inactive etc....
It will be easy for us to know the person availability and do PM.
11.x, Emerging Threats, Security, 10.x, Evolution of Security, 9.x and Earlier, Basics, IT Risk Management, Best Practice, Malicious Code, Security Risks, Configuring, Spam, Features, Installing, Performance, Reporting, Endpoint Protection (AntiVirus), Tip/How to, Upgrade
2 comments
capt_morgan
|
November 12th, 2009
I am currently using Symantec Enterprise AV v10.x I have recently upgraded some clients that used to be on AV 10.x to SEP v11.x and I thought they would automatically get removed from the System Center but that does not seem to be the case. I see the client now appears in SEPM console which is what I want but it still appears also in the SCS as well.
I deleted the client in the SCS and did a "Clear Cache" and then an "Intense Discovery" but within a few minutes the same client that I deleted earlier reappeared again.
How to I get this client from permanently reappearing in the Symantec System Console?
Capt.
4 comments
Andy Chow
|
November 10th, 2009
Everyday, I'm looking at the Symantec ThreatCon level. It is always either between level1 and level2.
Can anyone here tell me whether Symantec has escalated their ThreatCon to Level 3 or even Level 4 before?
If so, when was the last time it has happened, and what was the cause of it?
5 comments
spacey
|
November 9th, 2009
"... because it might prevend your computer from starting correctly in the future." etc. etc. the message then prompts to download an update from Symantec, and when I go to Symante's web site I can't hardly find any references to TDI / NDIS drivers let alone any updates. Googling has for the solution has not produced anything because while I found some hits for people having the same problem, here on the Symantec support forums mainly, there are either no responses to those queries, or a questions asking for more details or redirects to a different forum. NO answers or even hints of how to fix this.
Has anyone ever figured this out or everyone just stopped caring/using AV or something?
My system: Vista Business (build 6000); AntiVirus 10.2.0.199; Dell Latitude D630.
Symantec folks - do you have a solution/fix/explanation/way to stop this?
Thanks,
spacey
3 comments
sbathina@silicon.in
|
November 9th, 2009
Hi all,
I installed symantec antivirus 10.1 in my clients managed from centralised server.
Recently w32.virut.conflicker virus infected in some systems
symantec is detecting this virus but instead of cleaning & quaruntine it is deleting the infected files but they are important application files.
please help in this issue
Thanks in advance.
4 comments
Day7Theory
|
November 6th, 2009
it reads "Unsolicited incoming ARP reply detected, this is a kind of MAC spoofing that may consequently do harm to your computer" ive done a few tracert reports and didnt see any alarm there. I am also on a wireless network and my question is could this be the network im on "bridging" trying to find my IP address causing the Message above? and should this be any concern for alarm?
Emerging Threats, Security, 10.x, Internet Security Threat Report, Security Risks, Reporting, Endpoint Protection (AntiVirus)
4 comments
ant2010
|
November 6th, 2009
My Domain server has this problem 2 weeks ago. it worked fine before.
About every one day, the DC server will automatically create user's profile under "document and setting" in server. No roaming profile was set. when we have this problem, we cannot access the shared folder in server. Restart the server solve it temporary but about 10 hours later, same problem come again.
I searched the solutions for this problem, some one suggested uninstall symantec, so I stopped all symantec service in DC server, and seems the problem fixed.
we use symantec antivirus version 10.1.5.5002.
any one know how to fix it?
Any suggestion would be appreciated..
Thanks,
Ant
Security, 10.x, IT Risk Management, Security Risks, Configuring, Features, Endpoint Protection (AntiVirus)
3 comments
Bryan S
|
November 6th, 2009
Can I safely delete .vdb files? They can become quite large and kill disk space.
Thank you
3 comments