Endpoint Protection

Searched long and hard on the Internet.  Couldn't find a solution.  Decided to try here. 

I downloaded an updated Virus Definition file.  LiveUpdate did its normal thing, downloaded files, installed them.  The file definition version gives a date of 9/28/2009 rev 3.  But I updated today (5 Oct 09).  File version never changed on the Home Screen.  Symantec's website reports that the newest virus file is, in fact, the one I downloaded with today's date.

Then I checked the file menu.  The "Unload Service" option is dimmed out.  Never seen this before.  Makes me very nervous.  I've run multiple virus programs to check if I have an infection - everything comes up clean. 

Any advice/suggestions on what's going on?

Very frustrated.  Would appreciate some help.  My "program number" is 10.1.8.8000, "scan engine" 91.2.1.10.

It is possible that you have corrupted definitions.

See - How to determine if virus definitions used by Symantec AntiVirus Corporate Edition are corrupted.

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/5fe90bc001d96b5d88256c0e0057700b?OpenDocument

Hello,

Thanks for your assistance.  The link you included above (http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/5fe90bc001d96b5d88256c0e0057700b?OpenDocument)  has the following instructions:

"Open the Usage.dat file and verify that the numbered folder heading inside the square brackets [ ] matches the folder referenced by "CurDefs"in Definfo.dat. Verify that there is a single square bracket."

My usage.dat file has:

[20090928.003]
NAVCORP_70=1
NAVCORP_70_2=1
[20091008.003]
DEFWATCH_10=1

Since I have more than one "square bracket" then I can assume I have a corrupt virus definition?

It says in a note:

Note: If you have other Symantec products running on the same system, there may be other entries in the Usage.dat file. It is important that all entries are under the same numbered folder heading. If there is more than one numbered folder heading, stop all Symantec services, edit the Usage.dat file to have all Symantec products under the same numbered folder heading, save the changes, and restart the services. Depending on the nature of the issue, this may or may not resolve symptoms associated with corrupt virus definitions.

The first sentence in that note starts with "If you have other Symantec products".....  which I don't.  Does that mean I should also ignore the SECOND sentence, which says "it is important that all entries.....etc."?  Or is the second sentence independent from the conditional sentence immediately before it?  Should I continue with the instructions after, to edit the Usage.dat file?  Or should I just skip that whole Note and move on?

The next step says:

If virus definitions appear to be corrupted, do one of the following, depending on your product version:

• If you use Symantec AntiVirus 10.x, read How to revert to the previous definition set using Symantec System Center. If the problem persists. do not attempt to manually repair virus definitions. Symantec AntiVirus 10.x includes an automatic definition repair feature. If Symantec AntiVirus 10.x virus definitions remain corrupted, contact Symantec Technical Support for assistance.

When following that link, it tells me:

To select a different set of virus definitions for the primary server

1. In Symantec System Center, right-click the primary server, click All Tasks > Symantec AntiVirus > Virus Definition Manager.
2. Click Configure.
3. Click Definition File.
4. Select the virus definition file that you want to use.
5. Click Apply.

Can you tell me where to find a) the Symantec System Center, and b) a menu option for "All Tasks"?   Neither appear in my program, nor do I follow all the talk about primary vs. secondary server.....  any gudiance?

Thanks,
Phil

If you dont have SSC install it from SAV CD...

  After installing it on the server.. you can unlock the server and right click on the server.. you will get the All tasks--> Virus Definition Manager...

Now I'm seeing that Yellow "Auto-Protect is Disabled" box at the lower-right of the desktop on a semi-regular basis.  After plenty of searching online, I found that this is a real Symantec message (although it sure looks rather informal and non-technical) and that it is associated with a corrupt virus definition.  I sincerely think Symantec should consider addressing that Yellow Message box error more directly- there is ALOT of speculation around the Internet about the source of that error message, mainly because it looks so informal.  

Anyway, any guidance on how to decipher the ambiguous language above would be helpful.  (i.e., in section "How to determine if virus definitions used by Symantec AntiVirus Corporate Edition are corrupted.")   Thanks.

Previous user wrote:

My usage.dat file has:

[20090928.003]
NAVCORP_70=1
NAVCORP_70_2=1
[20091008.003]
DEFWATCH_10=1

Beyond replacing the top line with the current updated virus folder name (in this case,  [20091008.003]) 
What is the correct edit to usage.dat file?  If the following correction to usage.dat is not right, please advise.

[20091008.003]
DEFWATCH_10=1
NAVCORP_70=1
NAVCORP_70_2=1