I've created a batch file to remove Symantec virus defs. It's my first in a while. :D I've tested and used it in our production environment to clear corrupted definitions. Even took care of the machines with the 12/31/2009 definitions that just wouldn't update. At least it beats memorizing what to remove and where. Note: You must have administrative priveledges to cleanup the directory and the registry. Zip has no password.
It takes a lot in my case until clients show new defs, they keep on popping they are missing defs, which is a healthy sign, but takes too long, and probably users go suspicious that was the right way to fix their problem.... I noticed that if, after removing corrupt defs, you do a repair it works fast. Anyone able to include a script to repair SEP11 install? If it can be done remotely, it would be even better.
And regarding the corrupts defs - I also found quite a number of machines that experienced quite a pattern in that, they had new virus definitions downloaded and just one old defs folder that showed the old date.
Now the definfo.dat showed new date, while usage.dat the old date of the old folder. Clearly a sign of corrupt defs. For all these machines, i found to be working just a kill of the RTVScan process. I simply killed the process remotely :) and optionally restarted SEP service (restarted many times automatically) and SMCservice.... By watching the virusdefs folder, I could see the the old definitions being discarded, and instantly client writing the correct date to usage.dat file. Soon the same was communicated to the SEPM and could be seen in the console. All this without deleting all definitions nd registry keys...Nice...
Thanks again aa23. :D
I checked the v2 and actually found some errors. The script starts the services before removing the defs which should be afterwards. Posted it in the main thread.
The 2 scripts are basically the same in the process of deleting the definitions. The only difference is in their method of stopping the services. The first one terminates SEP by force and the other follows what the KB article says.
And I also noticed the lag in getting new updates. Even with using the Intelligent Updater on a working or non-corrupt definitions. The common factor is that the definitions are either non-existent or very old so it's taking a while to load the full list compared to deltas being deployed on a regular basis. Takes about 2-5 minutes.
I see you removed the NET STOP "Symantec AntiVirus" in v2, not sure why.
Have you guys noticed that by following this procedure, either manually from Symantec kb article or executing a script, the client will persist for a long time without definitions? No matter how many times I forced the client to check in with the SEPM, it still won't go faster. And if after it started downloading and populating the virusDefs folder, it still wouldn't install new defs.
Anything I'm missing? I kept on restarting the services, even restarted the computer. When it came back, it seemed to have installed definitions, but displayed malfunction of auto-protect. Long after that it came back to normal.
Let it be clear that I'm not questioning Mon's batch file, but Symantec's workaround.
Thanks!
Thanks for the feedback. I created a new batch file that changes to the SEP directory and doing the commands from there including the smc -stop / -start.
A drawback I found for this batch script is that it wouldn't work if the client is password protected.
You can't do net stop/start smcservice. you need to type in "%programfiles%\Symantec\Symantec Endpoint Protection\smc.exe" -stop / start.