Had a few PCs in an older Symantec AntiVirus 10 Corporate environment that would update their Virus Definitions automatically. Having a quick hunt round managed to find the below on a forum post which did the trick, it would appear the local definitions on the clients had become corrupted. The second step looked to be the primary fix as communication itself was fine back to the server.
The Client is unable to communicate with the server to get updates –
- On the Server open Command Prompt
- Type “Telnet clientname 2967″ and press enter, if successful a blank prompt should appear
- If no prompt appears you need to check the port is open (firewall issues etc)
- Repeat the above on the Client PC replacing the clientname with the appropriate servername for the Telnet test.
- Compare the root certificate on the server (\\servername\vphome\pki\roots) and the client (c:\program files\Symantec Antivirus\pki\roots)
The old virus definitions are corrupted –
- Stop the Symantec Antivirus service
- Stop the Symantec Antivirus Definition Watcher service
- Delete the old Virus definitions (yyyymmdd.xxx) from “c:\Program Files\Common Files\Symantec\Shared\VirusDefs”
- Empty the “c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads” folder
- Delete all .inventory and .setting files from the “c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate” folder.
- Empty the “c:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\I2_LDVP.VDP” folder
- Go to “c:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\” and delete *.vdb or *.xdb files not folders
- Start the Symantec Antivirus service
- Start the Symantec Antivirus Definition Watcher service
- Run LiveUpdate again and hopefully all is ok!