Endpoint Protection

Hello.  We have Symantec Antivirus Corporate Edition 10.1, and we are experiencing several issues.  First and foremost, we have clients that are not updating definitions from our AV server.  They can stay on all day and as a test we have it set for the installs to look for updates every 5 minutes, but the defs will never get downloaded from the parent server.  We've tried updating both server and client software, but still to no avail.  However, this seems to be hit or miss, because it appears that one out of every 10 or 12 clients will update.

 

Also, we are having an issue uninstalling an older version of SAVCE on a client (it's 10.1.4 and we wanted to update to 10.1.6) but it wouldn't uninstall, saying there was a problem with the installation.  I tried using the Removal Tool, but that said I first had to use Add/Remove programs to remove Symantec AV version 9.x (as I stated before it is ver 10.1.4).  I found the article on how to manually remove SAVCE, but that did not work either as I could not disable Tamper Protection, because it is one of the options that we chose to lock out on the clients (I work for a school and kids tend to mess with things when they get bored).  I tried to change the options for that workstation from the System Center Console, but it said that "Symantec Antivirus could not configure XXX Client Tamper Protection Options".  It sounded like a communication problem, so I tried it on other clients to the same effect...

 

Does anyone have a suggestion as to where we can start?  Thanks!

I had similar issues, when we used LUAU I had to go and set the definition file to deploy in the Parent Server definition manager, after each new file. I turned of LU internal server. Check the drop down menu on the definiton file specified to use in the def. mgr. and see if it is the same date as what you are seeing. If it is than try to update now option-check your Live Update configuration within definition manager, I find it best to make config settings for LU from the Top(parent server) and go down to client level if you want. If the definiton file is the same but a newer file is in the list, just select the newer file and it will propogate pretty quickly to the clients. I find most issues with what you are describing are related to LUAU and Definiton Manager settings combined.

 

For the second issue -removing the previous client -try a search on google for "nonav" and get the version called "nonav-noreboot.exe". It will strip it out, no problem. We had the same problem when moving from 8.x to 10.1.6 on auto-logon devices, which have no admin priveleges. Worked fine when at least 3 other nonav tools wouldnt quite get it all out. If you cant find it reply to this post with your email and I will send it to you.

 

3rd thing - make sure you have a Windows, or other, Firewall exception made for TCP port 2967, without an exception, SSC cant configure many client options, unless the client install is broke. I think you ruled that out by stating that most or all clients had the same issue.

 

Hope any of this helps.

 

BTW - any chance you know the minumum version of Live Update you need for SAV 10.1.6 clients? I have several clients that lock up when Live Update is run since updating the SAV Client. They all have Live Update version 1.5x and are Windows 2000, I know, we still have some. Uninstalling LU and installing 3.1.x or newer fixes all issues. I want to find the minimum compatable version so I can send out a SMS package to fix them all.