Endpoint Protection

Can you tell me what version of Antivirus you are running? When did the issue first appear? Are there any Windows event errors that are being generated?

I am moving this thread to the Endpoint Protection forum for greater visibility.

Regards,

Thomas

Scheduled automatic updates for virus defintions are enabled for every Friday night.

Weekly? Something tells me you're using something that's quite old... SAV 10 was (I think) daily; SEP 11 and higher is 3x a day for AV updates.

sandra

Hi Thomas,

I have Symantec AntiVirus Corporate 10.1.0.394.  There are no Windows event errors. 

Symantec Antivirus takes my computer offline everytime a new virus definition file is released.  I am able to track the exact dates to when these files are released at http://www.symantec.com/business/security_response/definitions.jsp

and this is exactly when the computer is taken offline.  Please help.

Hi Sandra,

The updates can be set to any time interval, but I scheduled the automatic updates to weekly to try to stop this problem, but Norton Antivirus is still taking the computer offline.  Please help.

Sorry for the misunderstanding there.

What do you mean by 'offline': can't connect to the internet, can't connect to the local network, or that they show up as 'offline' in the System Center?

Does using the Intelligent Updater have the same effect (http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce, look for the file ending in -i32.exe)?

What is your computer's operating system?

Just so you know, the build you're using is rather an old one (from March of 2006, as best as I can determine). There have been a lot of fixes since that release:

Release notes for Symantec Client Security 3.1.x and Symantec AntiVirus 10.1.x
http://www.symantec.com/docs/TECH101820

I strongly recommend migrating up to at least SAV MR 10, or better yet, plan to migrate to SEP, which provides broader technology to protect against modern threats.

sandra

Hi Sandra,

1) The operating system is Windows 2000.  The antivirus takes the computer offline, ie. it cannot connect to the internet.  The only way to fix this problem is to reboot the computer.

2) At http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce it says:
Use the i32 executable file for 32-bit client installations only if you are using one of the supported products that are listed below. IMPORTANT: Do not use the i32 executable file to update the server version of Symantec AntiVirus.

How can I see if I have the server version of Symantec Antivirus?

3) RE: http://www.symantec.com/business/support/index?page=content&id=TECH101820

Will manually deleting all files in quarantine fix my problem?

4) RTVSCAN uses 100% of CPU for 5-60 minutes
Fix ID: 1879071
Symptom: Rtvscan.exe may consume 100% of available CPU for a period of 5-60 minutes. The issue is intermittent.
Solution: Rtvscan.exe was modified to prevent a case where the IDB processing logic could get into a loop, consuming all CPU.

How can I check if my version has this fix?

5) What is the price for SAV MR 10 or SEP?  Where can I read more about them?

this was happening on one of our servers

It happens only on Windows 2000, right?

if u go to start run and type

luall.exe ; the cpu would go to 100%

we installed the latest version on this box and the issue is resolved.

Hi Rafeeq,

What is luall.exe?  What is the version that you installed exactly to fix this specific problem?

luall.exe is the process related to liveupdate.

Hi,

2) My mistake. If you have to put in a password to open the User Interface through the shield, then it's the server version. (If it is Windows 2000 Server, it's likely the server version.) If that's the case, you will want to download the XDB file from that same page.  See the following, under the section "To use the Intelligent updater for Symantec Antivirus servers:":

How to update virus definition files using the Intelligent Updater
http://www.symantec.com/docs/TECH102391

If you aren't sure, the XDB should still be able to update a SAV client.

3) I don't know. To which fix are you referring?

4) Fix 1879071 is part of MR 10, so no, your version does not have that fix.

5) I don't believe we are selling licenses for SAV anymore. If you have a current serial number you could download MR10 via on FileConnect, or if you have a current contract with us for SAV you could log a case.

sandra

Hi Rafeeq,

What is the version that you installed exactly to fix this specific problem?  What version of Windows 2000 were you using?

remove SEP completely

installed the version 11.0.61000 on the server with only AV and AS...

Hi Rafeeq,

What is SEP, AV and AS? 

Rafeeq and Sandra - Will version 10.2.4 fix the specifc problem?

We updated to Symantec endpoint 11.0.6100 with only Antivirus and Antispyware definition.

Always update to the latest version.

10.2.4 should fix the issue.

How is Symantec Endpoint different from Symantec Antivirus Corporate?

entirely different

this has mulitple feature..including firewall.

SAV 10.2.4 is the Vista-only build. I believe it will also install on Server 2008. Windows 7 is not supported for SAV.

http://www.symantec.com/business/endpoint-protection has some migration information. Be aware that the newest Endpoint Protection client, 12.1, does not install on Windows 2000. For a managed environment, a 'legacy' 32-bit 11.0.6300 client package is included with the 12.1 download, which can be installed on Windows 2000 clients.

sandra

Sandra,

I was referring to SAV Corporate Edition 10.2.4 which is for Windows Server 2000.  Please confirm.

As I mentioned above. SAV 10.2.4 is not going to install on Windows 2000, because the 10.2 branch is intended for the Vista codebase:

Release notes for Symantec AntiVirus 10.2 Client for Vista and Windows Server 2008
http://www.symantec.com/docs/TECH102297

You will need either SAV 10.1.9.9100 (Maintenance Release 10), or SEP 11.0.7101 (Release Update 7, Maintenance Patch 1). SEP offers greater, broader protection than SAV. Any new licensing you might purchase will be for SEP.

Hope this clears things up.

sandra