среда, 4 июня 2014 г.

How to clear out corrupted definitions for a Symantec Endpoint Protection client manually

Источник: http://www.symantec.com/business/support/index?page=content&id=TECH103176
Issue
How to fix and rebuild corrupted definitions for a Symantec Endpoint Protection (SEP) client.
Instructions for 32-bit Operating Systems:

For Windows 2000/2003/XP
    1. Stop the Symantec Endpoint Protection Services:
    2. Click Start, Run, typing in smc -stop, and pushing Enter.
      1. Click the Start button and then click Run
      2. Type services.msc and click OK
      3. Right-click Symantec Endpoint Protection and click Stop.
      4. Minimize the Services window

        Note: If you are unable to stop the Symantec Management Client you will need to temporarily disable Tamper Protection. Please see the Technical Information at the bottom of this document for instructions.
    4. Delete the data from the Definition folders:
      • Virus Definitions
        C:\Program Files\Common Files\Symantec Shared\VirusDefs\
        - Delete all files and subfolders
      • Delete the downloaded data in the "C:\Documents and Settings\All Users\Application Data\Symantec\Liveupdate\downloads"
       
    5. Delete the data from the registry:
      1. Click the Start button and then click Run
      2. Type regedit and click OK
      3. Navigate to:
        HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs
      4. Delete the following values:
        1. SRTSP
        2. NAVCORP_70
        3. DEFWATCH_10
        4. SepCache3
        5. SepCache2
        6. SepCache1
    6. Restart the Symantec Endpoint Protection Services stopped in the previous step, 3.c.
    7. Click Start, Run, type in smc -start, and push Enter.
      1. Maximize the Services window.
      2. Right-click Symantec Endpoint Protection service and click Start.
       
      Для остальных систем - под катом:
For Windows Vista/Server 2008/Windows7
    1. Stop the Symantec Endpoint Protection Services:
    2. Click Start, Run, type in smc -stop, and push Enter
      1. Click the Start button.
      2. In the search bar type services and then press Enter.
        Note: If the User Account Control prompt pops up click Continue.
      3. Right-click Symantec Endpoint Protection and click Stop.

        Note: If you are unable to stop the Symantec Management Client you will need to temporarily disable Tamper Protection. Please see the Technical Information at the bottom of this document for instructions.
         
    4. Delete the data from the Definition folders:
      • Virus Definitions
        C:\ProgramData\Symantec\Definitions\VirusDefs\
        - Delete all files and subfolders
    5. Delete the data from the registry:
      1. Click the Start button
      2. Type regedit and press Enter
      3. Navigate to:
        HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs
      4. Delete the following values:
        1. SRTSP
        2. NAVCORP_70
        3. DEFWATCH_10
        4. SepCache3
        5. SepCache2
        6. SepCache1
    6. Restart the Symantec Endpoint Protection Services stopped in the previous step, 3.c.
    7. Click Start, Run, type in smc -start, and push Enter.
      1. Maximize the Services window.
      2. Right-click Symantec Endpoint Protection and click Start.
Instructions for 64-bit Operating Systems:

For Windows 2000/2003/XP
    1. Stop the Symantec Endpoint Protection Services:
    2. Click Start, Run, type in smc -stop, and push Enter.
      1. Click the Start button and then click Run
      2. Type services.msc and click OK
      3. Right-click Symantec Endpoint Protection and click Stop.
      4. Minimize the Services window

        Note: If you are unable to stop the Symantec Management Client you will need to temporarily disable Tamper Protection. Please see the Technical Information at the bottom of this document for instructions.
    4. Delete the data from the Definition folders:
      • Virus Definitions
        C:\Program Files (x86)\Common Files\Symantec Shared\VirusDefs\
        - Delete all files and subfolders
       
    5. Delete the data from the registry:
      1. Click the Start button and then click Run
      2. Type regedit and click OK
      3. Navigate to:
        HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Symantec\SharedDefs
      4. Delete the following values:
        1. SRTSP
        2. NAVCORP_70
        3. DEFWATCH_10
        4. SepCache3
        5. SepCache2
        6. SepCache1
    6. Restart the Symantec Endpoint Protection Services stopped in the previous step, 3.c.
    7. Click Start, Run, type in smc -start, and push Enter.
      1. Maximize the Services window.
      2. Right-click Symantec Endpoint Protection service and click Start.
For Windows Vista/Server 2008/Windows 7
    1. Stop the Symantec Endpoint Protection Services:
    2. Click Start, Run, type in smc -stop, and push Enter.
      1. Click the Start button.
      2. In the search bar type services and then press Enter.
        Note: If the User Account Control prompt pops up click Continue.
      3. Right-click Symantec Endpoint Protection and click Stop.
        Note: If you are unable to stop the Symantec Management Client you will need to temporarily disable Tamper Protection. Please see the Technical Information at the bottom of this document for instructions.
    4. Delete the data from the Definition folders:
      • Virus Definitions
        C:\ProgramData\Symantec\Definitions\VirusDefs\
        - Delete all files and subfolders
       
    5. Delete the data from the registry:
      1. Click the Start button
      2. Type regedit and press Enter
      3. Navigate to:
        HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Symantec\SharedDefs
      4. Delete the following values:
        1. SRTSP
        2. NAVCORP_70
        3. DEFWATCH_10
        4. SepCache3
        5. SepCache2
        6. SepCache1
    6. Restart the Symantec Endpoint Protection Services stopped in the previous step, 3.c.
    7. Click Start, Run, type in smc -start, and push Enter.
      1. Maximize the Services window.
      2. Right-click Symantec Endpoint Protection and click Start.

References
In some instances, Symantec Technical Support may recommend the use of an unsupported tool that automates the removal of corrupted SEP definitions. For details please see Using the "Rx4DefsSEP" utility at http://www.symantec.com/business/support/index?page=content&id=TECH93036&locale=en_US

Technical Information
How to disable Tamper Protection:
    1. Open and log into the Symantec Endpoint Protection Manager console
    2. Click the Clients view.
    3. Select the appropriate group.
    4. Under the Policies tab, in the "Settings" section, click General Settings.
    5. Under the Tamper Protection tab, uncheck Protect Symantec security software from being tampered with or shut down.
    6. Click OK.
 IMPORTANT: Once definitions will be purged, the following popup message will appear:
"Virus definitions are missing on this computer. This computer will remain unprotected until definitions are downloaded from the network. Contact your system administrator for help updating your virus definitions."
This message will keep showing (after every smc -stop/smc -start or session opening), even when Symantec Endpoint Protection will receive/apply new set of definitions, until "Symantec Endpoint Protection" service is restarted. To avoid this, it is possible either:
 - to drop JDB file to update client then restart "Symantec Endpoint Protection" service
 - to use Rx4DefsSEP
 - to use a script which is checking Antivirus/Antispyware definition status and restart "Symantec Endpoint Protection" service if appropriate
NOTE: this behavior is as designed.
Автор: на
Ярлыки: , , ,

Комментариев нет:

Отправить комментарий

Подписаться на: Комментарии к сообщению (Atom)