Saturday, December 13, 2008

PC SECURITY - Norton AntiVirus Update Failures

This article is addresses install failures/errors when you run Norton (aka Symantec) AntiVirus LiveUpdate in WinXP, but should also apply to Vista.

When LiveUpdate runs and you get a error stating that the update could not be installed, this MAY mean that the current or previous Definition Update was corrupted. This is most likely to happen if an update download or install was interrupted (as in you rebooted before the process completed).

To check, use Explorer to navigate to the folder shown in the below screenshot.
click to enlarge

You should see the entries for ONLY 2 Definition Updates, the current + previous. The definfo.dat file is a text file that shows you what the files should be. The actual Definitions Update data are contained in the folders with the matching numeric-names.

You will know you have a problem when:
  1. You see MORE than 2 Definition Update folders
  2. There are filename.tmp files listed

Open definfo.dat with NotePad and see which 2 Definition Update folders should be kept (you may want to print this).


The following is from Symantec Support, but in (what I hope) is a more clear presentation.

In summery, what you have to do is delete the EXTRA Definition Update folders AND any filename.tmp files. The problem is you cannot do this from your Win Desktop because the files are "in use" at the time, which is why just trying to run LiveUpdate again does not fix this problem.

What you do is to reboot your system and key [F8] just as POST ends AND Windows starts. For "speedway" fast systems just keep keying [F8] as your system boots.

This brings up the Windows Boot Option screen, select to boot to the Safe Mode (no Internet, no command prompt).

After getting to the Safe Mode Desktop, use Explorer to navigate to the folder shown in the screenshot. Now you can:
  • Check what definfo.dat file lists (got printout?) as the Definitions you should keep
  • Delete the Definition Update folders NOT listed in definfo.dat
  • Delete ALL filename.tmp files

Now reboot your system and recheck the VirusDefs folder again. It should look similar to the screenshot.

You may want to manually run LiveUpdate at this time.

Also, personal preference suggestion: I prefer the Classic LiveUpdate (found in "C:\Program Files\Symantec\LiveUpdate\LUALL.EXE") that has a dialog with a listbox that shows you the process so you actually can see error messages, if any. Also suggest you set the LiveUpdate Configuration in Control Panel as shown in the following screenshot.

click to enlarge

Another option:

You can download Symantec's Intelligent Updater, the latest_version-i32 file, and SAVE to your hard drive, then run it from there.

The best way to use this option is to delete EVERYTHING in C:\Program Files\Common Files\Symantec Shared\VirusDefs BEFORE you run the updater.

No comments: