Hi all,
Just wondering if anyone has any idea on whats goinig on with our Symantec setup. Details below:
Using:
Symantec System Center ver 10.8.1.8000 - We have this on 3 parent servers
Symantec Antivirus ver 10.8.1.8000 - We have this on our clients
We have it setup where our 3 parent servers pull down the virus definitions and then the clients pull the virus definitions from them. The big BUT is that:
SERVER 1: You can assign any machine to a client group on this server and it will automatically do the updates
SERVER 2: Some machines will automatically update when others wont!
SERVER 3: Some machines will automatically update when others wont!
I have done the below tests on all servers with clients:
Add new GRC.DAT
- copied from \\servername\VPHOME
Add Cert (for v10 clients only)
- copied from \\servername\VPHOME\pki\roots
Turn off Simple File Sharing
- via Tools menu in Explorer, Folder Options -> View -> uncheck Simple File Sharing
Turn on exceptions for File and Print sharing in XP Firewall
- Open XP Firewall, Exceptions tab, check File and Printer Sharing
Add holes for SAV to XP firewall
- Used these three command line options to open up UDP and TCP ports so as to cover all versions of SAV
netsh firewall set portopening protocol=tcp port=2967 mode=enable name=SAVtcp2967 scope=custom addresses=10.1.1.1/255.255.255.255
netsh firewall set portopening protocol=udp port=2967 mode=enable name=SAVudp2967 scope=custom addresses=10.1.1.1/255.255.255.255
netsh firewall set portopening protocol=udp port=2968 mode=enable name=SAVudp2968 scope=custom addresses=10.1.1.1/255.255.255.255
On the server machine.
- open command prompt
- type telnet <client name> 2967 and press enter.
- it should open a blank command prompt window - which it does
- compare the root certificate on the server(\\<server>\vphome\pki\roots) and the cline(c:\program files\Symantec Antivirus\pki\roots.
2. The old virus definition is corrupted.
- stop symantec antivirus services.
- stop symantec antivirus Definition watcher.
- delete old virus defs(yyyymmdd.xxx) from "C:\Program Files\Common Files\Symantec Shared\VirusDefs"
- empty "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads" folder
- delete all <number>.product.inventory and <number>.setting files from "C:\Documents and Settings\All
Users\Application Data\Symantec\LiveUpdate" folder.
- empty "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate
Edition\7.5\I2_LDVP.VDB" folder.
- go to "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\ delete *.vdb or *.xdb files not folders.
- start the symantec service.
- start the symantec antivirus definition watcher.
With all above done I just cant get the machines to update automatically!! Anyone know why???
Kind regards,
Anthony