I've got a client (2003SE sp2) which reports "Missing Definitions!" in the SSC. I've tried versions 10.1 MR6, MR7, MR8, and MR9.
I've tried stopping the service, replacing the virusdefs folder (c:\program files\common files\symantec shared) with files from a known good client.
After I start the service it immediately downloads the current vdb file from the parent SAV server to the 7.5 folder and creates a tmp folder in virusdefs folder, but that's where it stays.
Then every minute or so a new tmp folder is created in the virusdefs folder. Any new vdb file released is downloaded to the 7.5 folder along with all the other ones (ballooning the size of the folder if left unchecked) and creating more tmp folders in virusdefs folder. Over the course of a month it got almost 2GB in the 7.5 folder and over 13,000 tmp folders in the virusdefs folder.
We have an internal liveupdate server that we use for 64bit clients and it hosts the 32bit definitions as a just-in-case kind of thing. So when I configure the client to use the internal liveupdate location and run liveupdate, it tries to go out to symantec's ftp (which is blocked at our boundary) and fails. In the registry the HKLM\software\intel\landesk\virusprotect6\currentversion\liveupdatesource shows all the correct information for the internal liveupdate server. I've tried liveupdate 3.2, 3.3, and 3.5.
Event ID 40: "Symantec AntiVirus has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses until virus definitions are downloaded to this computer." appears in the Application Event Viewer.
There's also Event ID 7000: The SAVRT service failed to start due to the following error: A device attached to the system is not functioning. This one pops whenever a new vdb file gets in the 7.5 folder.
The support above my level, as well as the support above their level, have not been able to resolve this issue.
Any help would be supremely appreciated!