Release notes for Symantec Client Security 2.0.x and Symantec AntiVirus Corporate Edition 9.0.x
Question/Issue:
This article documents the changes and fixes in each update to Symantec AntiVirus Corporate Edition 9.0.x and Symantec Client Security 2.0.x, which includes Symantec AntiVirus 9.0.x and Symantec Client Firewall 7.1.x.
Solution:
As updates to Symantec Client Security are released, they are added as sections in this document. The sections are added in chronological order, with the most recent additions at the top.
For information about how to obtain the latest build of Symantec AntiVirus or Symantec Client Security, read Obtaining an upgrade or update for Symantec AntiVirus Corporate Edition or Symantec Client Security.
Notes:
- Maintenance patches apply only to the full build that precedes them. For example, the patch MR5 MP1 applies to the build Maintenance Release 5.
- If more than one maintenance patch exists for a build, the later patches are cumulative. For example, in addition to its new features, Maintenance Patch 2 includes all of the changes in Maintenance Patch 1. If you have not installed Maintenance Patch 1, you do not need to install it before installing Maintenance Patch 2.
Maintenance Release 7 (MR7)
A maintenance release is a full build of the product, which incorporates all previous maintenance patches.
Components
| Symantec AntiVirus | 9.0.7.1000-8 |
| Symantec Client Firewall | 7.1.6.1165 |
| Quarantine Server | 3.3-MR 38 |
| AMS | 6.12.0.151 |
| AntiSpam | 2004.2.0.17 |
| Auto-Protect | 9.4.100 |
| Common Client | 2.2.4 build 3 |
| Decomposer | 3.2.14.31 |
| DefUtils | 1.0.82 build 0 |
| IPS | 6.1.1.3 |
| NAVAPI | 4.2.0.8 |
| SymEvent | 11.6.8 |
| SymNetDrv | 5.5.6.604 |
| SymSentry | 1.0.0 build 28 |
Symantec AntiVirus Fixes
“Event ID 12 <number> configuration options were changed" log occurs in Application log every five minutes.
Fix ID: 864988
Symptom: When SAV 9.x server is moved into SAV 10.1.4.x Server group, you see “Event ID 12 <number> configuration options were changed" log on the secondary SAV 9.x server. This log occurs in the application log every five minutes and eventually fills up the log file.
Solution: The SAV server code was modified to ignore minor changes to the DomainGUID registry key. This prevents the event log message from occurring every five minutes.
SAV fails to create a unique GUID on a computer with two network cards.
Fix ID: 1157116
Symptom: SAV does not create a unique GUID for the client when multiple NICs are installed.
Solution: Fixed GUID creation so that a unique GUID is created even when multiple NICs are installed.
Blue screen error occurs when Symantec Antivirus 9.0.5 server is installed on Windows 2003 SP1 server.
Fix ID: 966928
Symptom: Windows 2003 SP1 server experiences random blue screens with SAV 9.0.5.1000 server installed.
Solution: Updated Auto-Protect to address the kernel crash.
Maintenance Release 6 (MR6)
A maintenance release is a full build of the product, which incorporates all previous maintenance patches.
Components
| Symantec AntiVirus | 9.0.6.1031 |
| Symantec Client Firewall | 7.1.6.1145 |
| Quarantine Server | 3.3-MR build 35 |
| AMS | 6.12.0.147 |
| AntiSpam | 2004.2.0.17 |
| Auto-Protect | 9.4.6.2 |
| Common Client | 2.2.4 build 3 |
| Decomposer | 3.2.14. build 8 |
| DefUtils | 1.0.82 build 0 |
| IPS | 6.1.1.3 |
| NAVAPI | 4.2.0.8 |
| NIS Shared Components | 2005.3.0.58 |
| SymEvent | 11.6.8 |
| SymNetDrv | 5.5.4.14 |
| SymSentry | 1.0.0 build 28 |
Symantec AntiVirus Fixes
Internet Email plug-in installs to Windows servers
Fix ID: 1-4N8O4L, 1-4NCA9E, 1-56UAD0
Symptom: Symantec AntiVirus installs the Internet Email plug-in by default when clients are installed, and allows the Internet Email plug-in to install to the Windows server. The Internet E-mail Auto-Protect scanner has a redirector that redirects all traffic and causes various problems when the Internet Email plug-in is installed.
Solution: Changed the installer logic so that the Internet Email feature does not install on Windows servers during a Symantec AntiVirus client installation. The feature is not available even when you select a Custom installation.
Symantec System Center log forwarding setting does not propagate correctly to clients
Fix ID: 1-44NXHR
Symptoms: When log forwarding is changed at a client group level within Symantec System Center (and "inherit server group settings" is unchecked), the options do not immediately apply to clients.
Resolution: Changed code to set the correct flag for the client group being modified.
When using mbox format for storing electronic mail, the inbox file is quarantined when a virus is found
Fix ID: 1-5PL4Z5
Symptom: When a threat is found within an mbox mail file, the entire mail file is quarantined.
Solution: Changed code to use the Decomposer engine to determine mbox container settings. Threats can now be quarantined individually without quarantining the entire mail file.
"Unable to scan Pagefile.sys" reported erroneously in Application Event Log
Fix ID: 1-21IE2T, 1-5WQCRJ
Symptom: "Unable to scan Pagefile.sys" (EventID 6) is reported in the Application Event Log. However, the product never scans the Pagefile.sys file.
Resolution: An erroneous error was being logged noting that PageFile.sys was being scanned. This error was eliminated.
Symantec AntiVirus fails to scan some files with filenames longer than 127 characters on Netware
Fix ID: 772476
Symptom: Symantec AntiVirus fails to scan files with filenames longer than 127 characters on the Netware platform.
Resolution: NetWare passes a length preceded string which is now cast to an unsigned char.
Improved handling of Rapid Release definitions
Fix ID: 769756
Symptom: You apply Rapid Release virus definitions to a Symantec AntiVirus server. After the server pushes the new virus definitions to its clients, the server then pushes a full virus definition set to its clients. The use of Rapid Release virus definitions creates more network traffic than the use of other virus definitions.
Resolution: Symantec AntiVirus servers can now deploy Rapid Release virus definitions without pushing a full virus definition set to clients. This change reduces the amount of network traffic that is needed to use Rapid Release virus definitions in a managed environment.
Symantec Client Firewall Fixes
SymSPort crashes during startup
Fix ID: 1-4Z45SL
Symptom: If a network connection with NULL device name exists on the system, symSPort crashes during startup.
Reslution: Changed code to handle network connections with NULL device names.
Cannot view Symantec Client Firewall logs from Netware parent server
Fix ID: 1-2ZKCZV
Symptom: Logs are written in the wrong format on the server when forwarded from a client.
Resolution: Implemented code for Netware that had previously only been running on WIN32 operating systems.
Maintenance Patch 1 (MR5 MP1)
This patch can be installed over Maintenance Release 5. For directions, read
Applying Symantec Client Security 2.0 and Symantec AntiVirus 9.0 Maintenance Release 5 Maintenance Patch 1.
Symantec AntiVirus Corporate Edition 9.0.5.1100 MR5
Shared Components
Shared Component | Version | Build |
Symantec AntiVirus | 9.0.5 | 1100-29 |
Quarantine Server | 3.3 | 24 |
AMS | 6.12.0.140 | 140 |
Auto-Protect | 9.4.6.2 | 1 |
AV Engine |  | |
Decomposer | 3.2.12.27 | 27 |
LiveUpdate | 2 | 39 |
LiveUpdate Administrator | 1.5.4 | 1 |
NAVAPI | 4.2.0 | 8 |
SymEvent | 11.6.4 | 4 |
SymSentry | 1 | 28 |
Common Client | 2.2.4 | 003 |
New fixes
Client groups disappear from secondary servers
Fix ID: 1-509QOD
Symptom: At unpredictable times, client groups disappear from secondary servers. Also, some clients may not show configuration changes made in the Symantec System Center.
Solution: Clients were accessing settings files passed from servers before the files had completely downloaded. Changed behavior to send files from the server with temporary file names, then rename the file to the expected name after the download completes.
AMS alerts are delayed on a busy server
Fix ID: 1-422CY5
Symptom: In a high traffic network environment, AMS alerts may be delayed. This problem happens because the log entries are stored in a last-in, first-out stack. This situation can cause a long delay between the time a log entry is created and the time that AMS sends an alert. AMS may send alerts for new events before it sends alerts for older events.
Solution: The log entries can now be changed to use a stack or a first-in, first-out queue. To make the change, add a DWORD registry value named "ProcessOldEventsFirst" to the HKEY_LOCAL_MACHINE\Software\Intel\LanDesk\VirusProtect6\CurrentVersion registry key, set the value to 1, and then restart the computer.
Rtvscan.exe holds CPU usage at 5%+ at all times on Windows NT
Fix ID: 1-44B0NP
Symptom: When Symantec AntiVirus runs on Windows NT, the Rtvscan.exe process holds CPU usage at around 5%+ when it runs under the SYSTEM account.
Solution: Modified Auto-Protect to account for a return code that was previously ignored. This problem caused Auto-Protect to use additional resources while constantly checking for status.
LiveUpdate server entries remain in the registry after deletion from Symantec System Center
Fix ID: 1-4FCVHB
Symptom: After you delete LiveUpdate server sources in Symantec System Center, registry values are not removed. Clients may attempt to connect to an incorrect LiveUpdate server or to a LiveUpdate server that no longer exists.
Solution: Changed the code to remove all settings from the registry before writing the new Live Update server sources
Symantec AntiVirus 9.0.2 and 9.0.3 clients do not pick up new exclusion settings when moved between client groups
Fix ID: 1-3XS131
Symptom: You move a client from one client group to another client group that has Auto-Protect exclusions. Then, you move the client back to the original client group. The exclusions are not removed from the client after you move it back to the original group.
Solution: Added a fix to reset the settings when a client changes client groups.
Some Symantec AntiVirus client events are forwarded a second time
Fix ID: 1-5AE6W0
Symptom: Starting in January, Symantec AntiVirus parents see duplicate log entries from Symantec AntiVirus client events that were already reported in December.
Solution: Changed the code so that the forwarded file list is based on the actual dates from the files instead of in alphabetical order.
Symantec AntiVirus service stops when scan dialog boxes are closed
Fix ID: 1-4CZUK9
Symptom: When a user runs multiple scans on a computer and then closes the scan dialog boxes before the scans complete, the Symantec AntiVirus service stops unexpectedly. The service must be restarted from Services in the Control Panel or by restarting the computer.
Solution: The Symantec AntiVirus service was modified to fix this problem.
High memory utilzation on computers with the SAEX tag set
Fix ID: 1-5NV0LV/536701
Symptom: A Symantec AntiVirus client with SAEX tag set uses a large amount of memory.
Solution: Fixed a memory leak in Auto-Protect.
Error 0x20000058 when running a manual or custom user scan with QAW software installed
Fix ID: 1-4DRAYI
Symptom: With the QAW agent and SAV 9.0.4 installed, run a manual or scheduled scan using an account with administrative privileges.
Solution: Made code changes to skip the process if it is QAWOption.exe.
Symantec Client Firewall 7.1.5.1136 MR5
Shared Components
Shared Component | Version | Build |
Symantec Client Security | 2.0.5 | 1100 |
Symantec Client Firewall | 7.1.5 | 1136 |
Symantec Client Firewall Administrator | 7.1.5 | 1136 |
SymNetDrv | 5.5.3 | 7 |
IDS Update | 6.1.1.3 | 3 |
New fixes
Cannot view active content when Ad Blocking is not installed
Fix ID: 1-33IFZP
Symptom: After you install Symantec Client Security, you are unable to view active content, even if the Ad Blocking component is not installed.
Solution: Disabled some content filtering if Ad Blocking is not installed.
Maintenance Release 5 (MR5)
A maintenance release is a full build of the product, which incorporates all previous maintenance patches.
Symantec AntiVirus Corporate Edition 9.0.5 MR5
Shared Components
Shared Component | Version | Build |
Symantec AntiVirus | 9.0.5 | 1000 |
Quarantine Server | 3.3 | 24 |
AMS | 6.12.0.130 | 137 |
Auto-Protect | 9.4.1.1 | 1 |
AV Engine | | |
Decomposer | 3.2.12.27 | 27 |
LiveUpdate | 2 | 39 |
LiveUpdate Administrator | 1.5.4 | 1 |
NAVAPI | 4.2.0 | 8 |
SymEvent | 11.6.4 | 4 |
SymSentry | 1 | 28 |
Common Client | 2.2.4 | 003 |
Support for Windows 2003 Server R2 Edition
Symantec AntiVirus 9.0.5 is certified on Windows 2003 Server R2 Edition. Because Symantec AntiVirus 10.0.x is not certified on this version of Windows, the recommended migration path for computers that run Windows 2003 Server R2 Edition is from Symantec AntiVirus 9.0.5 to Symantec AntiVirus 10.1.0.394 or later.
New fixes
"Submit to Symantec Security Response" button disappears after applying a patch
Fix ID: 1-2YTLG9
Symptom: Symantec AntiVirus 9.0 or Symantec Client Security 2.0 is installed, then a patch is installed. After the patch is installed, the "Submit to Symantec Security Response" button is no longer available in the Symantec AntiVirus user interface.
Solution: Certain registry values were not being updated during the patch process. The installer was modified to correct this problem.
Symantec AntiVirus logs an incorrect IP address
Fix ID: 1-39F41X
Symptom: Symantec AntiVirus starts while the computer is disconnected from the network. When the computer is connected to the network later, the Symantec AntiVirus log events (scan start, scan stop, etc.) show the default IP address (127.0.0.1) instead of the IP address that was acquired when the computer connected.
Solution: The code that checks for this condition was only checking for a new IP address every 30 minutes. Changed it to check every 30 seconds, in order to detect when a valid IP address is acquired
Auto-Protect alert appears on client when restoring file from Quarantine remotely
Fix ID: 1-3KF0EI
Symptom: When a file placed in Quarantine on a remote client is restored from the Symantec System Center, an Auto-Protect alert appears on the client.
Solution: When files placed in Quarantine on a remote client are restored from the Symantec System Center, they are restored to the computer running the Symantec System Center. This behavior is as designed. During the process of restoring the file, the file is opened for copying from the client to the Symantec System Center. Changed code to disable Auto-Protect before opening the file and re-enable it after opening the file.
Symantec System Center incorrectly sorts Last Scan Date column
Fix ID: 1-29YF9C
Symptom: Symantec System Center incorrectly sorts the Last Scan Date column in the "Symantec Norton AntiVirus" view.
Solution: Changed the sorting function to use the numeric value DATE instead of string for comparison.
User interface and Help stop responding after exporting threat list
Fix ID: 1-3M55AB
Symptom: After exporting from the Threat History panel, the Help buttons and menu items do not work, and clicking the Configure > MS Exchange plugin causes the program to stop responding or disappear.
Solution: Exporting to any directory except the Symantec AntiVirus program directory was causing the local directory of the application to reset, causing Help files to not be found and the MS Exchange plugin control to fail. Now, Export saves and restores the local directory of the application.
Symantec Event Manager for Antivirus or SESA console hangs when parsing the antivirus log file
Fix ID: 1-39EKYB
Symptom: The Symantec Event Manager for Antivirus or SESA console hangs when parsing the antivirus log file.
Solution: Null data was appearing in the antivirus log without a carriage return/line feed. Entries prior to this data are forwarded to the SESA database, but events after the null data are not. Remove null data from log events as log lines are extracted.
RFC compliant mail servers reject AMS messages
Fix ID: 1-3ILFTD
Symptom: When an AMS Internet Email alert is configured to occur, email servers that adhere to strict RFC compliance (such as SMS SMTP 4.1) will reject messages. The rejection message is "Message headers contain nonstandard SMTP line terminators." Additionally, if SMS SMTP is set to disable relaying, logs show that AMS ignores the 550 rejection of the AMS alert and continues sending the rest of the alert, one line at a time, generating protocol errors.
Solution: Fixed in a later version of AMS (by the third party creator of AMS).
Revision date is missing in certain regions
Fix ID: 1-3Z6MGK
Symptom: The revision number is missing from the "Virus Definition Date" field with Windows Regional Settings set to Hungarian.
Solution: The revision number is now always displayed.
Scanning container files with very long file names causes Rtvscan to utilize 100% CPU
Fix ID: 1-3LIWWL
Symptom: Scanning container files with very long file names causes Rtvscan to utilize 100% CPU.
Solution: Long file names are now truncated to 259 characters for scanning.
The Threat List dialog displays an incomplete list
Fix ID: 1-413GJV
Symptom: One or more definitions noted as new in the WHATSNEW.TXT released with new virus definitions are not included in the "Threat List" in the Symantec AntiVirus user interface.
Solution: Fixed an off-by-one error in retrieving the virus signature list and another in adding the list items to the control.
Computer prepared with SysPrep cannot join a domain with Symantec AntiVirus 9 installed
Fix ID: 1-2Q73CQ
Symptom: After running SysPrep to save or restore a computer image, the computer can no longer join a domain. The server cannot authenticate the user.
Solution: A low-level component was blocking the attempt to contact the Domain Server. This has been corrected in a new component version.
Auto-Protect causes delay in file interaction
Fix ID: 1-37WS5L
Symptom: In some circumstances Auto-Protect causes a delay in working with files on Windows 2000 and older, even when the folder is excluded.
Solution: Changed an algorithm to accommodate a problem in older versions of Windows that causes the slowdown.
RTVScan may ABEND when Mac clients are attached
Fix ID: 1-4EARCT
Symptom: RTVscan.nlm can cause an ABEND when a number of Macintosh computers connect to a NetWare server.
Solution: RTVScan.nlm was calling memcpy with a zero length. Changed behavior to check the length parameter before calling memcpy.
Blank user interface is displayed under Configure Internet Email Auto-Protect options
Fix ID: 1-34W9RB
Symptom: After using custom command-line switches to install Symantec AntiVirus Corporate Edition 9, the Internet Email plug-in user interface is blank.
Solution: The Pop3Smtp feature contained a hidden dependency on a second feature that had to be added to the ADDLOCAL feature list. Users can now choose to install including the "Pop3Smtp1" feature in addition to the "Pop3Smtp" feature appended to the ADDLOCAL public MSI property.
User generated logs do not appear in AllUsers logs
Fix ID: 1-3Q66JO
Symptom: User generated logs do not appear in AllUsers logs, and are therefore not forwarded.
Solution: All Users\Application Data\...\Logs folder did not have Everyone in the permissions. Added Everyone.
SESA console: events forwarded from secondary servers do not contain the correct timestamp
Fix ID: 1-44IWSP
Symptom: If secondary servers are in a different time zone than the primary server, the events shown in the SESA Console (and in the local EventLog) have incorrect timestamps: the date and time should be relative to the computer running the Console.
Solution: The code that converts the timestamps of client events was modified to also update forwarded secondary server events. (Client events were addressed previously.)
Blue screen crash in Windows XP Service Pack 1 after upgrading to 9.0.1
Fix ID: 1-3Q66M9, 1-46TZPL
Symptom: After upgrading to Symantec AntiVirus 9.0.1, the server crashes randomly.
Solution: A low-level driver had problems dealing with specific files. The driver has been updated.
Symptom: 100% CPU utilization on Windows NT 4 after deploying definitions
Fix ID: 1-4JBIYC
Symptom: After deploying virus definitions to Windows NT 4, CPU utilization spikes to 100%.
Solution: Burst mode sends were having problems with VDB files that are more than 7.5 MB in size. This is a limitation of the burst protocol. Changed behavior so that if the file is that big, it is sent in non-burst mode.
Incorrect path to Vpc32.exe in registry
Fix ID: 1-3U2D1V
Symptom: There is an extra slash in the default registry path to Vpc32.exe. The registry is telling the applications that Symantec AntiVirus is installed at C:\Program Files\Symantec AntiVirus\\VPC32.exe, when it is really installed at C:\Program Files\Symantec AntiVirus\VPC32.exe.
Solution: VPC32.exe is now included in a separate installer Merge Module, which is built from its own installer workspace.
Windows NT 4.0 shutdown problems when HIBUN encryption software is installed
Fix ID: 1-3L4OEM
Symptom: With Symevnt.sys and HIBUN encryption software installed, Windows NT 4.0 stops responding when shutting down.
Solution: The flag DO_DEVICE_INITIALIZING was not being reset correctly. Fixed.
Blue screen crash on Windows NT 4
Fix ID: 1-48Y1RM
Symptom: On Windows NT computers, a blue screen error sometimes occurred when reading a multi-string from the registry.
Solution: Certain function calls were incorrectly formatted. Changed the function call handling to solve the problem.
Symantec Client Firewall 7.1.5.1000 MR5
Shared Components
Shared Component | Version | Build |
Symantec Client Security | 2.0.5 | 1000 |
Symantec Client Firewall | 7.1.5 | 1104 |
Symantec Client Firewall Administrator | 7.1.5 | 1104 |
SymNetDrv | 5.5.3 | 7 |
IDS Update | 6.1.1.3 | 3 |
New fixes
Symantec Client Security 2.X migrations over Symantec Client Security 1.X/Symantec Client Firewall 5.X fail when deployed using Active Directory GPO or SMS
Fix ID: 1-321ZLU
Symptom: A LaunchCondition in Symantec Client Firewall 5.X checking the NISUserType private property would halt the uninstall of Symantec Client Firewall 5.X if the user type was returned as a restricted or normal user.
Solution: During migrations, the Symantec Client Security 2.X install will now detect older Symantec Client Firewall 5.X installations and remove the existing LaunchCondition, allowing the migration to succeed.
Test Rules button does not distinguish between zones in different locations
Fix ID: 1-2TNCKF
Symptom: The Test Rules button in Symantec Client Firewall Administrator does not distinguish between zones in different locations.
Solution: Changed to make the testing of zone entries location sensitive.
Symantec Client Firewall delays certain FTP commands
Fix ID: 1-427GSN
Symptom: When issuing multiple LS commands that result in a "550 not found" error, the client stops responding or delays for approximately 60 seconds on some of the commands.
Solution: Updated SymNetDrv to version 5.6 (later versions also contain the fix).
Program Rules cause firewall alerts
Fix ID: 1-35OR6V
Symptom: Some valid Program Rules cause firewall alerts.
Solution: Unified all related components to use the same ending format.
Subsequent policy files do not update Zones
Fix ID: 1-3FY1RX
Symptom: When a policy file contains too many application rules, the firewall reaches the memory limit and will not update.
Solution: Extending the memory limit to allow more application rules.
Proxy service crashes on large Web pages
Fix ID: 1-3PL8DM
Symptom: Web pages with large amounts of data do not display and Symantec Client Firewall proxy service crashes, preventing further browsing until the proxy service is restarted. Turning off Symantec Client Firewall or adding the internal server to the trusted zones resolves issue.
Solution: Updated version of Common Client to resolve an infinite loop problem.
Change to domain acquisition behavior
Fix ID: 1-4D8KVR
Situation: A previous update changed domain acquisition behavior so that the domain name is acquired from the host domain only when the connection specific domain API is not available. This causes problems when the API is available but the domain name is not available through the API.
Solution: Reverted to previous behavior, in which the domain name is acquired from the host domain any time it cannot be acquired from the connection specific domain API, whether because the API is not present or because the domain name is not available through it.
Blue screen error or memory corruption when third party applications cancel UDP traffic
Fix ID: 1-34G8CX
Symptom: Problems such as blue screen errors or memory corruptions may happen when a third party application sends UDP cancel messages.
Solution: Updated version of SymNetDrv (5.5.2) to fix this problem.
Maintenance Release 4 (MR4)
A maintenance release is a full build of the product, which incorporates all previous maintenance patches.
Symantec AntiVirus Corporate Edition 9.0.4.1000
Shared Component | Version | Build |
Symantec AntiVirus | 9.0.4 | 1000 |
Quarantine Server | 3.3.1.24 | 5 |
AMS | 6.12 | 130 |
Auto-Protect | 9.4 | |
Decomposer | 3.2.12 | 9 |
LiveUpdate | 2 | 39 |
LiveUpdate Administrator | 1.5.3 | 21 |
NAVAPI | 4.2.0.8 | |
SymEvent | 11.4.0 | 6 |
SymSentry | 1 | 28 |
Common Client | 2.2.3.4 | |
New features
Alternate Data Stream (ADS) scanning
Symantec AntiVirus incorporates ADS scanning for Realtime Protection and manual scanning. Alternate Data Streams are additional stores of data that can be contained in a single NTFS file. ADS was originally developed to support Macintosh files that contain data and resource forks. In Windows, ADS is normally used for additional document summary information (title, subject, author, etc.).
New fixes
Symantec AntiVirus Corporate Edition 9.0.4.1000, Release MR4
Floppy scanning causes drive to encounter loop
Fix ID: 1-3KQAVZ
Symptom: After saving a Microsoft Office document to floppy and removing the disk, the computer stops responding while repeatedly attempting to access the drive.
Solution: Fixed a problem with Auto-Protect that was causing a loop.
Settings revert to default after ABEND
Fix ID: 1-1B3WEU
Symptom: Symantec AntiVirus settings revert to default after a NetWare ABEND, and sometimes after a simple restart.
Solution: Increased the allowable size of the registry to allow more clients and improved the thread safe code in VPReg.nlm.
Symantec AntiVirus on NetWare ABENDs randomly
Fix ID: 1-2YL4LE
Symptom: NetWare ABENDs at random times, or while running backups, with the instruction pointer in I2_LDVP.nlm\_TrunkPath.
Solution: Added a check for a valid pointer before dereferencing it.
"Submit to Symantec Security Response" button disappears after applying a patch
Fix ID: 1-2YTLG9
Symptom: After applying a patch to Symantec AntiVirus or Symantec Client Security, the "Submit to Symantec Security Response" button is no longer available in the user interface.
Solution: Certain registry values were not being updated during the patch process. Modified the installer to correct this problem.
"Client firewall auto blocks IP address of the source computer" option is not disabled in the client user interface when Threat Tracer is locked in Symantec System Center
Fix ID: 1-35LQWJ
Symptom: The Threat Tracer option is locked in Symantec System Center. In the client user interface, all of the Threat Tracer check boxes are disabled except for "Client firewall auto blocks IP address of the source computer."
Solution: Modified the client user interface to disable the check box when the Threat Tracer is disabled.
Virus definitions become corrupt when Continuous LiveUpdate and another definition update run simultaneously
Fix ID: 1-3B40NB
Symptom: When multiple updates are posted to the Shared Virus Definition directory at the same time by Continuous LiveUpdate and another update method, virus definitions can become corrupt.
Solution: Added synchronization code to exclude these two separate processes from occurring at the same time.
Rtvscan uses 99 percent of CPU randomly on Windows NT 4
Fix ID: 1-3HGVYQ
Symptom: Rtvscan randomly uses 99 percent of CPU randomly on Windows NT 4 during definition updates.
Solution: Introduced a break in some threads and fixed task tracking during rollout.
Custom virus message is not used by the client
Fix ID: 1-2YS3HI
Symptom: When adding a custom virus message in Symantec System Center for the client or group, if the text is longer than approximately 370 characters, the client continues to use the old virus message.
Solution: Increased an internal buffer size to handle the maximum amount of text that the custom virus message edit control can accept: 720 characters, plus keyword expansion.
Limitation on Quarantine Server to 2500 samples
Fix ID: 1-3CPYEN
Symptom: The Quarantine Server view is limited to 2500 entries. More entries cause an error.
Solution: Increased the limit from 2500 to 5000 (a hard limit must be defined).
CPU Hog ABEND on NetWare when definitions are being updated
Fix ID: 1-3DC0A1
Symptom: NetWare ABENDs with a CPU Hog warning during definition updates.
Solution: Modified code to avoid overusing CPU.
Definitions do not propagate to secondary servers and clients unless you click Update Now
Fix ID: 1-3HPH2R
Symptom: Virus definitions are not distributed to the secondary servers or clients unless you click Update Now in the Symantec System Center or restart the Symantec AntiVirus service on the primary server. If you start the update in one of these ways, it may start and stop, requiring you to start it manually again.
Solution: Modified code to resolve the problem.
Symantec AntiVirus 9.0.1.1000 does not scan a particular text file
Fix ID: 1-2W1PSO
Symptom: Known threats in a specific compressed file are not scanned.
Solution: An incorrect Decomposer setting caused this problem. Corrected it.
Roaming profiles are not saved correctly on Windows NT 4 during logoff and shutdown
Fix ID: 1-3GYELU
Symptom: Roaming profiles are not saved correctly on Windows NT 4 during logoff and shutdown. Changes are not retained when rtvscan.exe starts
Solution: There were two issues. First, the HKEY_Current_User key was being opened before the Profile was correctly copied over to the local machine. Second, the CRTL_LOGOFF_EVENT is unreliable in some Windows NT environments. Compensated for this to close off the HKEY_Current_User key. Both fixes ensure Profile information is opened and released correctly.
NetWare ABENDs when renaming file with long name
Fix ID: 1-337KO9
Symptom: Symantec AntiVirus ABENDs the NetWare server if a file with a name longer 260 characters is renamed.
Solution: Added a temporary variable that can receive the long NetWare name.
Scan and Deliver submissions are "retail" instead of "corporate"
Fix ID: 1-3KMBA8
Symptom: A quarantined item is submitted to Symantec Security Response. The sample is rejected with the message "This file does not appear to be infected." If any further samples that day are submitted, you see the message "You have already submitted a single rejected file today. If you still wish to submit the file you have selected, please try again tomorrow."
Solution: The "Scan and Deliver" component of Symantec AntiVirus was not registering as the corporate version. This only allowed one rejected submission per day. The Symantec AntiVirus installer was modified to register as the corporate version.
Continuous LiveUpdate fails to update from internal LiveUpdate server
Fix ID: 1-34U0QP
Symptom: Continuous LiveUpdate is configured to update from an internal LiveUpdate server, on a network that does not connect to the internet. Continuous LiveUpdate fails.
Solution: Continuous LiveUpdate begins by trying to resolve www.symantec.com, regardless of what server it will eventually connect to, which it cannot do on a network without internet connectivity. Changed behavior to attempt to update definitions regardless of connection to www.symantec.com.
Error 2186 when stopping the Symantec AntiVirus 9.0.2 server service on Windows NT 4
Fix ID: 1-3CG79L
Symptom: When stopping the Symantec AntiVirus 9.0.2 server service on Windows NT 4 the following error appears: "Could not stop the Symantec AntiVirus service \\ <computer_name>. Error 2186: The Service is not responding to the control function."
Solution: Rtvscan reports its status to SCM at regular time intervals during starting and stopping services. Rtvscan did not report its status in time, resulting in SCM reporting an error. Increased the time interval.
Client login scan options are not retained after making changes from the Symantec System Center
Fix ID: 1-2X6BZ3
Symptom. If you change any client login scan options from Symantec System Center at the server level, the settings are not retained and the client login settings do not change.
Solution: The settings were being written incorrectly. Fixed the way they are written.
Local quarantine behavior when scanning a clean file is misleading
Fix ID: 1-2MX2NI
Symptom: A clean file (not a threat) is quarantined. When the "Clean" option is selected, the file is restored and the wording indicates that the file was cleaned. This is misleading because the file was not cleaned (it was already clean).
Solution: If no threat is detected in the file, the user is prompted if they wish to restore the file. In addition, the wording was modified to make it clearer.
Client scan type is listed as "Forwarded" instead of "Scheduled Scan"
Fix ID: 1-37XUUD
Symptom: A scheduled scan executes on a managed client. When the scan history is viewed in Symantec System Center, the client scan type listed as "Forwarded" instead of "Scheduled Scan."
Solution: There was an error in the log forwarding code that caused the scan type to be listed improperly. The code was modified to fix the error.
Shortcut Key for "Confirm Password" does not work
Fix ID: 1-3JAM93
Symptom: When deploying Symantec AntiVirus server and creating a new server group, you are prompted for a server group password and to confirm the password. After entering a password, selecting Alt+C to jump to the Confirm Password field does not work. The focus stays in the Password field.
Solution: Updated dialog settings to make the shortcut keys operate correctly.
Unable to open the help file for the "Old Virus Definition File" dialog box
Fix ID: 1-3LWRP3
Symptom: When selecting the Help button from the Old Definitions notification dialog box, you see an error that the requested help file (enucore.hlp) could not be found.
Solution: This reference is to an old, unused help file. The reference was updated to use the new HTML-based help file (SavMain.chm).
Symantec AntiVirus stops responding with LockDrives application
Fix ID: 1-36HC75
Situation: When the LockDrives application is running, Symantec AntiVirus stops responding.
Solution: Fixed in Auto-Protect 9.4.
Windows XP page file size changes after installing Symantec AntiVirus
Fix ID: 1-2JIP2D, 1-2ZLTT8
Situation: On a Windows XP computer with a static page file which is greater than the minimum size, installing Symantec AntiVirus and restarting the computer sets the page file is then showing to the recommended size.
Solution: Fixed in Auto-Protect 9.4.
Blue screen error in SAVRT
Fix ID: 1-3KK4GX
Situation: SAVRT was checking for INVALID_HANDLE, but was getting a NULL handle when the call failed.
Solution: Fixed in Auto-Protect 9.4
Chkdsk /f does not run on restart
Fix ID: 1-2KFHVQ
Situation: When Realtime Protection is set to load at system start, chkdsk /f (which runs chkdsk after the computer restarts) does not run. If Realtime Protection is set to load at Symantec AntiVirus start, chkdsk /f runs normally.
Solution: Fixed in Auto-Protect 9.4.
Internet Explorer stops responding when accessing internet training courses
Fix ID: 1-334UTB
Situation: When Symantec AntiVirus is installed, Internet Explorer stops responding when accessing internet training courses on Windows NT 4.0 SP6a.
Solution: Fixed in Auto-Protect 9.4.
SuppressReboot does not work for a silent uninstall
Fix ID: 1-2OZ064
Situation: When using MSI commands to uninstall Symantec AntiVirus silently, the SuppressReboot parameter does not suppress the restart.
Solution: Fixed in SymNetDrv 5.5
Symantec AntiVirus stops responding with VERITAS Storage Replicator and Internet Email Auto-Protect enabled
Fix ID: 1-2ZXJ07
Situation: When running VERITAS Storage Replicator Version 3.0 on Windows Server 2003 along with Symantec AntiVirus 9.01 b1000 with Internet Email Auto-Protect installed, starting the Symantec AntiVirus user interface or starting a context menu scan will cause Symantec AntiVirus to stop responding. The Symantec AntiVirus service will not restart.
Solution: Fixed in SymNetDrv 5.5
Silent uninstall of Symantec AntiVirus 8.1x and 9.x Server forces restart
Fix ID: 1-2W2X10
Situation: When you use MSI commands to uninstall Symantec AntiVirus 8.1x or 9.x server, the computer is forced to restart.
Solution: Fixed in SymNetDrv 5.5
Symantec Client Firewall 7.1.4.1000
Shared Component | Version | Build |
Symantec Client Security | 2.0.4 MR4 | 1000 |
Symantec Client Firewall | 7.1.4 | 1094 |
Symantec Client Firewall Administrator | 7.1.4 | 1094 |
SymNetDrv | 5.5 | 1 |
IDS Update | 6.1.1 | 3 |
New features
New IDS engine
Symantec Client Firewall and Symantec Client Firewall Administrator, as part of Symantec Client Security 2.0.4, include support for a new more robust and scalable IDS engine.
New fixes
ccApp uses 100% CPU in Terminal Session
Fix ID: 1-34IV15
Situation: In a Terminal Session with Symantec Client Firewall enabled, ccApp uses 100% of CPU resources.
Solution: Fixed in Common Client 2.2.3.4
Maintenance Patch 1 (MR3 MP1)
Symantec AntiVirus Corporate Edition 9.0.3.1100
| Shared Component | Version | Build |
| AMS | 6.12.0 | 130 |
| Common Client | 2.2.2 | 8 |
| Decomposer | 3.2.12 | R12N |
| QServer/Qconsole | 3.3.1.24 | 5 |
| Sym Sentry | 1.0 | 28 |
| SymNetDrv | 5.3.6 | 13 |
New fixes
Fix ID: 1-2YHL2P
Vpmsece.dll and Vpmsece2.dll both exist after migration from Symantec AntiVirus 8.x to 9.x
Symptom: When migrating from Symantec AntiVirus 8.x to 9.x, a new version of the Exchange plug-in (vpmsece2.dll) is installed. The old plug-in (vpmsece.dll) is not removed.
Solution: The installer was updated to remove the old plug-in, if it exists.
Fix ID: 1-2YS3HI
Custom Virus Message is not picked up by the client
Symptom: When adding a custom virus message in Symantec System Center for the client or group, if the text is more than around 370 characters, the client continues to use the old virus message.
Solution: Increased an internal buffer size to handle the maximum amount of text that the custom virus message can accept to 720 characters plus keyword expansion.
Fix ID: 1-2LSAQ9
Error when retrieving the threat list during a terminal server session
Symptom: Retrieving the threat list during a terminal server session generates a 0x2000002B error.
Solution: Functionality was added to cliscan.dll to support this method.
Fix ID: 1-3016RZ and 1-3091AP
SAVRoam is disabled and roaming registry values are reset to defaults after patch
Symptom: Installing the patch Symantec AntiVirus 9.0 MR1 MP1 disables SAVRoam and resets the SAVRoam registry keys to the default values.
Solution: The installer was modified to preserve the SAVRoam status and settings during patching.
Fix ID: 1-34GX0E
Client Auto-Protect option at the server group level in Symantec System Center defaults to "Selected file types"
Symptom: When no clients are available or Symantec System Center cannot communicate with the server group, the File types option at the server group level defaults to "Selected file types" rather than "All file types."
Solution: Changed the default value to "All file types".
Fix ID: 1-2VWCHO and 1-361K7J
Vpc32.exe crashes when accessing the menu
Symptom: If AntiVirus Help was not installed, navigating to Configure > Microsoft Exchange Auto-Protect causes Vpc32.exe to crash.
Solution: Fixed user interface code to prevent crash.
Maintenance Release 3 (MR3)
A maintenance release is a full build of the product, which incorporates all previous maintenance patches.
Symantec AntiVirus Corporate Edition 9.0.3.1000, Release MR3
| Shared Component | Version | Build |
| AMS | 6.12.0 | 130 |
| Common Client | 2.2.2 | 8 |
| Decomposer | 3.2.12 | 9 |
| QServer/Qconsole | 3.3.1.24 | 5 |
| Sym Sentry | 1.0 | 28 |
| SymNetDrv | 5.3.6 | 13 |
New fixes
Fix ID: 1-369K6T
Upgrading Symantec Client Security fails with errors
Symptom: Installing Symantec AntiVirus or Symantec Client Security MR2 over an installation of Symantec AntiVirus or Symantec Client Security MR1 fails.
Solution: Updated installer upgrade tables to the proper versions.
Fix ID: 1-2LKSQ0
SavClientMover tool crashes when run on a Symantec AntiVirus 9.0 client, server, or from the Symantec System Center
Symptom: When you run SavClientMover.exe on a Symantec AntiVirus Corporate Edition 9.0 client, server, or from the Symantec System Center, the tool crashes and displays the error message, "SAVClientMover MFC Application has encountered a problem and needs to close."
Solution: This has been fixed.
Fix ID: 1-2YTJVV
Patching requires access to the original source media
Symptom: A maintenance release (MR) is installed, then a maintenance patch (MP) is installed. If the original MR source media is not available, MSI will prompt the user for the source media while the patch (MP) is installing. If the source media cannot be found, the patch cannot be installed. The problem occurs with both Symantec AntiVirus and Symantec Client Security.
Solution: The Symantec AntiVirus and Symantec Client Security installers were modified to prevent this problem from occurring.
Fix ID: 1-392S9I
Symantec System Center is slow to refresh
Symptom: In large environments with many client machines in one particular client group or server, Symantec System Center will hang for a long time during refresh.
Solution: The intrinsic problem is with the algorithm for Symantec System Center/Symantec AntiVirus Server communication and network protocol limitations with the current product. To fix the problem, functionality was provided to perform a refresh asynchronously, allowing for temporary out-of-date data while an auto-refresh capability was implemented to periodically update the Symantec System Center console. This feature is by default turned off.
Fix ID: 1-23RBKM
IDS log file in Symantec System Center does not export properly
Symptom: Exporting an IDS log file from Symantec System Center shows "???????" in the Description field.
Solution: The Description value was not formatted correctly for all export types. The same function call is now used for all export types.
Fix ID: none
Deployment of Windows NT, Windows 2000, and Windows XP clients may fail if the parent server is NetWare
Symptom: A Windows 2000 deployment target shows a message about the Symantec AntiVirus home directory not found. A Windows XP deployment target shows that the process is done, but the client computers are not installed.
Solution: Added logic to correctly handle a leading period in the volume object name.
Fix ID: 1-2PQ1LA
"License not found" message on logon using non-licensed version of Symantec AntiVirus
Symptom: The user logs in, and the message "License not found" appears. The user is not running the Small Business Edition (licensed) version of the product.
Solution: A timing issue was discovered and fixed where the Symantec AntiVirus system tray icon (Vptray.exe) attempted to communicate with the Symantec AntiVirus service (Rtvscan.exe) before it was fully initialized.
Fix ID: 1-354Q6A
JPEG and JPG do not appear in the default extension scan list in Symantec AntiVirus Corporate Edition
Symptom: JPEG and JPG were not in the default extension scan list; however, they need to be included because of the Microsoft GDI+ Library JPEG Segment Length Integer Underflow Vulnerability.
Solution: JPEG and JPG were added to the default extension scan list.
Fix ID: 1-2U2BR6
Scanning .jar files on a NetWare 6 server logs a Scan Omission
Symptom: .When Symantec AntiVirus scans a .jar file during a manual or scheduled scan on a NetWare server, you find a Scan Omission entry in the Symantec AntiVirus Event Log. The .jar file is not in use by another application, encrypted, or corrupted.
Solution: Fixed a problem with the counting logic.
Fix ID: 1-325N8P
Symantec AntiVirus on NetWare may ABEND in VPReg.nlm
Symptom: Random ABENDs in VPReg.nlm
Solution: Added a parameter so that Symantec AntiVirus does not access improper memory.
Fix ID: 1-23QQIE
Symantec AntiVirus Corporate Edition Server service shows as "starting" on Windows 2003
Symptom: Symantec AntiVirus Corporate Edition Server service shows as "starting" on Windows 2003
Solution: The Symantec AntiVirus service was unable to start because the Intel Alert Handler service was locked. The Intel Alert Handler service locked up because it depends on Telephony service, and the Telephony service was not started. The Intel Alert Handler service now has a dependency on Telephony service so that the Telephony service will always be started before the Intel Alert Handler service.
Fix ID: 1-2QFUDN
Symantec AntiVirus reports that a virus file within a container was deleted, when it was not.
Symptom: Symantec AntiVirus reports that a virus file within a container was deleted, when it was not.
Solution: Corrected the code that confirms whether the file was deleted before reporting it as deleted.
Fix ID: 1-2G1FP7
User can manually change the server group password in the registry
Symptom: User can manually change the server group password in the registry.
Solution: Added code which monitors the valid methods by which the password can change. Detected changes by these valid methods are allowed. Any change that falls outside these valid methods is reversed.
Fix ID: 1-2ODNS6
PDF and DOC are not listed as valid default extensions in the scan list.
Symptom: Scan list did not have PDF and DOC in scan list.
Solution: Added PDF and DOC to list.
Fix ID: 1-2Z29QH, 1-2O4B25
SAVRoam fails to start on Windows NT
Symptom: SAVRoam fails to start on Windows NT.
Solution: SAVRoam was trying to get an API that is not supported on Windows NT. SAVRoam failed if it could not find that API. Changed behavior of SavRoam so that it continues even if it does not find the API.
Fix ID: 1-2OAVO
Access List Violations are not written to the Windows NT Event Log
Symptom: After setting up Access Lists to restrict server response to authorized Consoles only, requests by unauthorized Consoles are logged in the Symantec AntiVirus Event Log, but not in the Windows NT Event Log.
Solution: Corrected the code so that unauthorized Console access events are written to the Windows NT Event Log.
Fix ID: 1-302Q1G
Symantec System Center displays ThreatFound ! icon with no threat information.
Symptom: Symantec System Center displays ThreatFound ! icon with no threat information.
Solution: The initial value for Infection type was an expanded threat. The fix was to exclude initial value from the check for threat notification.
Fix ID: 1-35RP8D
Installing after creating a MSI admin install of two different builds causes vpc32.exe to not be updated
Symptom: An administrator performs several MSI admin installations (msiexec -a) of different builds and patches and creates a CD set for deployment to client machines. The Vpc32.exe file is not updated correctly during this kind of deployment.
Solution: Eliminated duplicate component references to Vpc32.exe (an MSI limitation).
Fix ID: 1-21D0K0
NetWare disk writes increase when Symantec AntiVirus is running
Symptom: Monitoring disk writes show 1 minute and 10 minute spikes when Symantec AntiVirus is installed on NetWare.
Solution: RegFlushKey functionality was removed from the RegCloseKey function. This causes the registry to be written to disk every five minutes instead of every time RegCloseKey is called and the Registry is dirty. This is the same as the Windows Registry.
Fix ID: 1-20V18W
Auto-Protect is not enabled after migrating to Symantec AntiVirus 9 client
Symptom: Auto-Protect is not enabled after migrating from Symantec AntiVirus 8.x client to Symantec AntiVirus 9.x client using a logon script. After you restart the computer, Auto-Protect is enabled. When the Symantec AntiVirus client migration completes, it does not force or prompt for a reboot.
Solution: Added new options during an upgrade to allow a forced reboot option.
Fix ID: 1-2GUQXJ
When performing an update of a Symantec AntiVirus server that was installed into the NetWare Directory Tree, the server is changed to BINDERY mode.
Symptom: If BINDERY emulation is turned off, the upgrade will fail.
Solution: Added functionality to treat NetWare 6 and 6.5 the same as NetWare 5.
Fix ID: 1-2QST22
Microsoft Outlook hangs when sending or receiving email
Symptom: Microsoft Outlook hangs when sending or receiving email with Symantec AntiVirus 9 installed.
Solution: Updated Common Client component to fix the problem.
Fix ID: 1-2ZXNR1
Network Proxy fails when navigating to some Web sites
Symptom: When you access certain Web sites, a Service Monitor Alert appears stating that Symantec Common Client HTTP Proxy is disabled. You may lose Internet connectivity after you see the alert.
Solution: Updated Common Client component to fix the problem.
Fix ID: 1-2OV18W
Auto-Protect is not enabled after migrating to Symantec AntiVirus 9.x client
Symptom: Auto-Protect is not enabled after migrating to Symantec AntiVirus 9.x client using a logon script. After you restart the computer, Auto-Protect is enabled. When the Symantec AntiVirus 9.x client migration completes, it does not force or prompt for a restart.
Solution: Added new boot options during an upgrade to allow an option to force a restart.
Symantec Client Firewall 7.1.3.1000, Release MR3
| Component | Version | Build |
| Symantec AntiVirus | 9.0.3 | 1000 |
| SCF/SCFA | 7.1.3 | 1039 |
| AMS | 6.12.0 | 130 |
| Common Client | 2.2.2 | 8 |
| Decomposer | 3.2.12 | 9 |
| IDS Update (SCF) | 5.3.6 | 13 |
| IDS Update (SCFA) | 5.3.6 | 13 |
| QServer/Qconsole | 3.3.1 | 5 |
| Sym Sentry | 1.0 | 28 |
| SymNetDrv | 5.3.6 | 13 |
New fixes
Fix ID: 1-23RBKM
IDS log file in Symantec System Center does not export properly
Symptom: Exporting an IDS log file from Symantec System Center shows "???????" in the Description field.
Solution: The Description value was not formatted correctly for all export types. The same function call is now used for all export types.
Fix ID: 1-36LLCM
Cannot access secure sites after installing Symantec Client Firewall
Symptom: Unable to access SSL sites after installing Symantec Client Firewall.
Solution: Common Client added change to ignore the SSL stream in proxy. However, that setting is turned on only when the CommonClient/ccProxy/Private/HttpPassThruConnectRequests setting is set to True in ccSettings. Made this setting the default.
Fix ID: 1-36ACHJ
Cannot access secure sites after installing Symantec Client Firewall
Symptom: Unable to access SSL sites after installing Symantec Client Firewall.
Solution: Symantec Client Firewall cannot process SSL requests since they are encrypted. However, there was a bug causing Symantec Client Firewall to process SSL requests if they were made on the same port as HTTP ports. The behavior was changed to not process any SSL data.
Fix ID: 1-2YTJVV
Patching requires access to the original source media
Symptom: A maintenance release (MR) is installed, then a maintenance patch (MP) is installed. If the original MR source media is not available, MSI will prompt the user for the source media while the patch (MP) is installing. If the source media cannot be found, the patch cannot be installed. The problem occurs with both Symantec AntiVirus and Symantec Client Security.
Solution: The Symantec AntiVirus and Symantec Client Security installers were modified to prevent this problem from occurring.
Fix ID: 1-2OLM4D
Existing client pRules are not overwritten when applying policy
Symptom: When applying a policy that contains pRules, any existing pRules on the client are not overwritten.
Solution: ALE files were distributed as writable. Changed them to read-only so that existing client settings cannot overrule them.
Fix ID: 1-2RDX79
Symptom: With "Client Firewall" off, but "Security" still on, firewall rules are still applied.
Solution: When Common Client initialized after applying a policy, the state was incorrectly set to Enabled. Set to check settings during initialization.
Fix ID: none
SCFPing update to handle enabling/disabling of Network Detector
Symptom: Symantec AntiVirus Server was not working correctly when the Network Detector is disabled and then re-enabled.
Solution: SCFPing was updated to respond correctly.
Maintenance Release 2 (MR2)
A maintenance release is a full build of the product, which incorporates all previous maintenance patches.
Symantec AntiVirus Corporate Edition 9.0.2.1000, Release MR2
| Shared Component | Version | Build |
| AMS | 6.12.0 | 126 |
| Common Client | 2.2.1 | 4 |
| Decomposer | 3.2.12 | 3 |
| QServer/Qconsole | 3.3.1.24 | 4 |
| Sym Sentry | 1.0 | 28 |
| SymNetDrv | 5.3.5 | 1 |
New enhancements
Windows Security Center enhancements
Maintenance Release 2 adds enhanced functionality for working with the Windows Security Center (WSC). For information about changes in WSC reporting, read the document Changes in Windows Security Center status reporting after Maintenance Release 2.
Maintenance Release 2 also adds the ability to configure WSC alerting, either during installation or after the product has been installed.
To configure WSC alerting during installation, read Configuring Windows Security Center alerts during installation of Symantec AntiVirus 9.0 or Symantec Client Security 2.0 MR2 or later.
To configure WSC alerting when the product has already been installed, read the document for your product:
New fixes
Fix ID: 1-2XZVIR
Shutdown error on Windows NT 4: "OleMainThreadWndName Will Not Close (Must be Ended)"
Symptom: After upgrading Symantec AntiVirus, shutting down NT4 (SP6) will hang, and get a pop-up window saying the OleMainThreadWndName will not close (End, Wait, Cancel). This occurs twice before NT4 will shut down successfully.
Solution: Recent changes to support Windows Security Center introduced a new dependency on the code as defined by Microsoft (KB 136885). The code has been corrected to resolve this problem.
Fix ID: 1-2YAR0T
Duplicate server group created after restarting computer using Symantec System Center from Symantec AntiVirus 9
Symptom: After installing Symantec System Center (Symantec System Center) from Symantec AntiVirus 9.01, restart the computer, open Symantec System Center, type in the password to unlock the server group and click OK. Upon clicking OK, a duplicate server group is created.
Solution: This occurred because of a password mismatch between addresscache and the console password from Symantec AntiVirus server. Corrected the mismatch.
Fix ID: 1-2XYRXH
SAVRoam.exe is not updated after migration or patching
Symptom: Symantec AntiVirus 9.0 is migrated or patched to a newer version. After migration or patching, SAVRoam.exe is not updated. The date, version, and file size remain the same.
Solution: The version of SAVRoam.exe was modified to be in line with the remainder of the Symantec AntiVirus binaries. Migration or patching will now update SAVRoam.exe correctly.
Fix ID: 1-2YG4VB
CLT-INST\WIN32 files are not updated after migration
Symptom: Symantec AntiVirus 9.0 Server is migrated from the original shipping build to MR1. After migration, the files in the CLT-INST\WIN32 directory are not updated to MR1.
Solution: The installer was modified to correctly update the CLT-INST\WIN32 files.
Fix ID: 1-2GUQXJ
Upgrading Symantec AntiVirus on NetWare changes to BINDERY mode
Symptom: When performing an update of a Symantec AntiVirus server that was installed into the NetWare Directory Tree, the server is changed to BINDERY mode. If BINDERY emulation is turned off, the upgrade fails.
Solution: Added functionality to treat NetWare 6 and 6.5 the same as NetWare 5.
Symantec Client Firewall 7.1.2.1000, Release MR2
| Component | Version | Build |
| Symantec AntiVirus | 9.0.2 | 1000 |
| SCF/SCFA | 7.1.2 | 1021 |
| AMS | 6.12.0 | 126 |
| Common Client | 2.2.1 | 4 |
| Decomposer | 3.2.12 | 9 |
| IDS Update (SCF) | 5.3.5 | 1 |
| IDS Update (SCFA) | 5.3.1 | 54 |
| QServer/Qconsole | 3.3.1 | 3 |
| Sym Sentry | 1.0 | 28 |
| SymNetDrv | 5.3.5 | 1 |
Maintenance Patch 1 (MR1 MP1)
Note: Maintenance Patch 1 is available only for unlicensed versions of Symantec Client Security and Symantec AntiVirus. If you have a license-enabled version of Symantec Client Security or Symantec AntiVirus, such as Symantec Client Security Business Pack 2.0, do not install this patch.
Symantec AntiVirus Corporate Edition 9.0.1.1100, Release MR1 MP1
Fix ID: 1-2TNWQA
Secondary servers do not forward virus log messages to primary servers
Symptom: Clients forward virus log messages to secondary servers, but secondary servers do not forward the logs to the primary server. The Threat History log on the primary server is empty or does not contain any threats found on secondary servers or clients. AMS virus alert actions on the primary server do not trigger for threats found on secondary servers or clients.
Resolution: The following registry value was set to 0 by default on servers:
HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\Common\AlertParent
This value controls whether virus log messages are forwarded from one computer to its parent. The value was changed to be 1 by default.
Fix ID: 1-2W3JXV
Logs stop forwarding from clients to secondary servers to primary servers
Symptom: Clients are configured to forward logs to their parent server, and secondary servers are configured to forward logs to the primary server. Forwarding works correctly when the Symantec AntiVirus service starts, but the forwarding eventually stops after a period of time. If the Symantec AntiVirus service is restarted, the logs begin forwarding again. No data is lost.
Resolution: Rtvscan was not identifying when new log files appeared in the logs directory (C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs). The code was modified on clients and servers to identify new files and process them accordingly.
Symantec Client Firewall 7.1.1.1100, Release MR1 MP1
No changes to Symantec Client Firewall are included in Maintenance Patch 1.
Maintenance Release 1 (MR1)
Symantec AntiVirus Corporate Edition 9.0.1.1000, Release MR1
| Shared Component | Version | Build |
| AMS | 6.12.0 | 126 |
| Common Client | 2.2.1 | 4 |
| Decomposer | 3.2.12 | 3 |
| QServer/Qconsole | 3.3.1 | 2 |
| Sym Sentry | 1.0 | 28 |
| SymNetDrv | 5.3.5 | 1 |
New enhancements
Enhancements for Windows XP Service Pack 2 (SP2)
Symantec AntiVirus Maintenance Release 1 includes new features for Windows XP SP2. This support comprises two new features:
- Support for Windows Security Center
Symantec AntiVirus is now recognized by the Windows Security Center. Note that in the current implementation, its status is always displayed as green regardless of product configuration.
- Disable Windows Security Center function
The Symantec System Center now allows administrators to disable and hide the Windows Security Center (WSC) in Windows XP SP2 and later. This option is present on the General tab in Client Administrator Only Options.
This processing is performed by Symantec AntiVirus at startup and when the value changes. Note that the Restore WSC option only affects computers on which the WSC has already been disabled.
Note: While this setting hides the WSC icon in the Classic view of the Windows Control Panel, it is not hidden in the Category view (the Windows XP default view) or in the Start Menu. You can hide the Category view by using the group policy setting User Configuration > Control Panel > Hide specified Control Panel applets, or the view can be disabled by using the policy User Configuration > Control Panel > Force classic Control Panel style.
New Fixes
Fix ID: None
NetWare installation fails with error code CC001000
Symptom: An installation to a NetWare server fails, and displays Error Code: CC001000, "Virus definition file is invalid."
Resolution: Changed the code to pass the path to the Symantec AntiVirus directory to LoadLibrary.
Fix ID: 1-24X257
Clients become "stuck" with outdated virus definitions when instructed to revert to a set of virus definitions that do not exist on the client
Symptom: Large numbers of "Potential backrev spam" messages appear on the server console and never go away, combined with a large number of clients stuck on an out-of-date set of definitions.
Resolution: This was fixed at the server by adding a new backrev spam processor thread to fix any clients with the problem. Now, whenever the server would previously have reported "potential backrev spam," the client is added to a queue of clients. The new thread checks every client in the queue, makes sure their virus definition values are correct, and logs whether they needed to be fixed or not. Once the fixed build is in place on the server, the messages should be substantially reduced within a few hours, or one day at most.
Fix ID: 1-2MVPI5
Roaming between Servers starts a scheduled scan
Symptom: When a Symantec AntiVirus client roams between servers, a scheduled scan starts.
Resolution: The schedule settings are now saved before migrating to the server and then restored correctly after migration.
Fix ID: 1-2NBNUR
Symantec AntiVirus 9.0 is missing NAVAP32.dll
Symptom: The shipped build of Symantec AntiVirus Corporate Edition 9.0 was missing NAVAP32.dll. This caused incompatibilities with other Symantec products (such as Symantec AntiVirus/Filtering for Microsoft Exchange and Symantec Mail Security for Microsoft Exchange) when installed on the same computer as Symantec AntiVirus 9.0.
Resolution: NAVAP32.dll was added to the installer.
Fix ID: 1-44TY9
AMS Installs PDS.exe and XFR.exe on unmanaged clients
Symptom: Installing an unmanaged client installs the PDS.exe and XFR.exe components of AMS. These components provide no benefit to unmanaged clients, and should be not be installed.
Resolution: Changed installation to omit these components on unmanaged clients.
Fix ID: 1-245YF7
SESA Console: Virus Found events are created for files that have already been detected
Symptom: Rescanning quarantined files when new definitions are delivered generates new virus alerts for old viruses.
Resolution: The original fix corrected this by filtering out Quarantine detections. This fix changes the mechanism used to forward any other alerts that might be detected in this manner.
Fix ID: 1-2GLHOL
Server and client group settings change after promoting new primary server
Symptom: Changes to the settings in the Configure Primary Server dialog in the Virus Definition Manager do not propagate when the primary server is changed. The changes to the group property "Inherit settings to server group" are also lost when the primary server is changed.
Resolution: The data not being written to the right place in the registry and the Grcgrp.dat file. Fixed by creating the right data.
Fix ID: 1-1NXE1Z
Secondary servers cannot get virus definitions from another secondary server that does not have any clients
Symptom: In the Symantec System Center, a secondary server is configured to retrieve virus definitions from another secondary server as the source. The source secondary server does not have any clients. The source does not have a full definition set because it does not have any clients. The destination secondary server never receives virus definition updates.
Resolution: The System Center was modified to check for the definitions on the source server when it is selected, and warns the user if the definitions cannot be found. This does not prevent the user from proceeding; it is only a warning.
Fix ID: 1-28R3K7
Symantec System Center topology view does not show all clients in the environment
Symptom: There are large numbers of clients registered in the parent server's registry, but only a few hundred appear in the Symantec System Center under that server.
Resolution: Clients that are created using a cloning process (such as Symantec Ghost) have the same internal ID values, so they appear as the same client to the parent server (and to Symantec System Center). The client code was previously updated to detect the condition and generate new IDs, but to address large numbers of existing clients in this condition, this fix attempts to force new IDs to be generated by the server for the clients, using an existing client update mechanism.
Fix ID: 1-28VYYT
Automatic install on NetWare login fails if the pop-up window is closed too soon.
Symptom: If the pop-up window is closed and the search drive is deleted before all of the install programs complete (particularly LiveUpdate), the install fails.
Resolution: Removed the system close button from the menu bar of the pop-up window
Fix ID: 1-2C1D5A
VPN access causes clients to be dropped from server because of changing IP addresses
Symptom: When a client logs in through a VPN, there is a possibility that the IP address will change. When this happens, the server does not get updates of changed client data, and may drop the client and fail to send relevant updates to the client.
Resolution: Added functionality to turn on detection of changing IP addresses on the client. This will result in check-ins to the server. By default, this detection mechanism is turned off.
Fix ID: 1-2FXJYC
Configuring Continuous LiveUpdate for a server in Symantec System Center displays incorrect pop-up
Symptom: The warning message displayed with enabling continuous LiveUpdate is confusing because it refers to clients, but also applies to servers.
Resolution: The message has been reworded to refer to both clients and servers.
Fix ID: 1-1LU7MH
Navapi.nlm is not unloaded when Symantec AntiVirus service is unloaded from the console
Symptom: When unloading the Symantec AntiVirus service (RTVScan.nlm) from the NetWare Console, NAVAPI.nlm, which is used by RTVScan.nlm, is not unloaded.
Resolution: The problem turned out to be due to the use of an incorrect API in function LoadLibrary(). The fix was to remove the incorrect API call.
Fix ID: 1-2FSZ2T
Rtvscan registry handle leaks every 5 minutes
Symptom: The Rtvscan registry handle leaks every 5 minutes when using the ACL functionality to restrict Symantec System Center access.
Resolution: The fix was to close the handle when that handle is no longer being used.
Fix ID: 1-29YF9C
Symantec System Center incorrectly sorts the Last Scan Date column in the Symantec AntiVirus view.
Symptom: Symantec System Center incorrectly sorts the Last Scan Date column in the Symantec AntiVirus view.
Resolution: Changed the sorting function to use the numeric value DATE instead of string for comparison.
Fix ID: 1-2F5ATG
Symantec AntiVirus logs an error when scan is stopped while scanning a .jar file
Symptom: Symantec AntiVirus logs an error if scan is stopped while scanning a .jar file.
Resolution: Changed code not to log an error.
Fix ID: 1-2ICOLR
MAC address displayed incorrectly in Symantec AntiVirus log files
Symptom: MAC addresses are displayed incorrectly in the Symantec AntiVirus log files. For example, the MAC address is displayed as 0:D:56:29:6F:F9.
Resolution: Symantec AntiVirus was modified to pad the MAC address with zeros, if necessary. The correct MAC address will be of the form 00:0D:56:29:6F:F9.
Fix ID: 1-2NAI7D
Symantec AntiVirus server fails to install client onto client with ICF enabled
Symptom: Symantec Antivirus server cannot remotely install a client when Internet Connection Firewall is turned on. It can install if Allow File and printer sharing is checked in the ICF settings.
Resolution: Added a new section in the Readme.txt to specify that you must turn on File and printer sharing, or open ports 137 and 138 in the exception list of ICF, to install Symantec AntiVirus or Symantec Client Security.
Fix ID: 1-2FOOKL
RTVScan.nlm waits for threads to exit when stopping service on NetWare
Symptom: RTVScan.nlm waits up to five minutes for threads to exit when it is shut down on NetWare servers. It eventually exits and displays an unreleased connection resource.
Resolution: Added a check in CleanupKeys to signal waiting threads before the key is deleted. Also added a check of the return value so that WhenRegChange will not loop until shutdown.
Fix ID: 1-1WTD4F
Status of Client Updates field in Symantec System Center is inaccurate when showing 100% complete
Symptom: Virus definitions are updated in Symantec System Center with the Update Virus Defs Now command. Near the end of the update, the Status of Client Updates field misleadingly shows 100% complete for a period of time before changing to Finished.
Resolution: As the percentage of clients completed increased above 99% it was rounding up to 100%. The Symantec System Center was fixed to round down to 99% until the entire update is completed. The number of pending clients was also added to the status string for enhanced user feedback.
Fix ID: 1-247LWV
Scheduled LiveUpdate configured at client group level is not distributed to clients in the group
Symptom: When LiveUpdate is scheduled at the client group level in the Symantec System Center, the configuration is not distributed to clients in the client group.
Resolution: The server now sets the schedule values to Locked if the option "Do not allow client to modify LiveUpdate Schedule" is checked. These server settings are enforced on the client if they are locked. The client settings are not modified by the server if the option "Do not allow client to modify LiveUpdate Schedule" is unchecked. This behavior is now similar to the other options that can be locked, such as real-time file protection.
Fix ID: 1-22OXVK
Symantec System Center in Japanese mixed NetWare/Windows environment produces extra server group folders when switching primary servers
Symptom: If you create a new group in Symantec System Center using certain double-byte character sets, it will create extra groups that are not well formed when you switch between NetWare and Windows primary servers.
Resolution: The fix cleans up the extra groups that are not well formed.
Fix ID: 1-1X2QB1
Group settings not received by a new server installed into the group
Symptom: The server group policies should propagate to a newly installed server. When a new NetWare server is installed into an existing server group, the settings do not propagate to it.
Resolution: Fixed by increasing the size of a temporary variable from WORD to DWORD.
Fix ID: 1-2JZG2R
Looping MIME header causes Symantec AntiVirus to hang
Symptom: Scanning certain MIME files with looping headers causes Symantec AntiVirus to hang.
Resolution: Symantec AntiVirus was updated to Decomposer 3 Release 12, which solves the problem.
Fix ID: 1-2IGUN0
Upgrading NetWare server from 8.x to 9.x disables Symantec AntiVirus on clients
Symptom:
When upgrading NetWare 6.5 from Symantec AntiVirus 8.x to Symantec AntiVirus 9.x it changes the LicenseNumber registry value in HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LanDesk\VirusProtect6\ClientConfig to "%LICENSE%". When that propagates to clients, that setting prevents the Symantec AntiVirus service from starting. There is no way to push out further changes because the clients stop communicating with the server.
Resolution: Deleted references to the %LICENSE% variable from the upgrade code.
Fix ID: 1-2HE2JD
After Upgrading 8.1 to 9.0, Errors occur when running Outlook (cannot load plug-in .dll)
Symptom: After upgrading Symantec AntiVirus 8.1 to 9.0 and running Outlook, you see an error message that the plug-in .dll file, vpmsece.dll, could not be loaded.
Resolution: The Exchange/Outlook email plug-in .dll has been renamed to avoid this problem. Also, the installation has been updated to remove any leftover entries from previous versions.
Fix ID: 1-2E5WG9
Symantec AntiVirus on NetWare server mishandles virus-infected .zip archives
Symptom: When copying a .zip file containing a virus, the NetWare console displays Access Allowed and the file is not placed in Quarantine. The .zip file is destroyed, leaving an empty .zip file behind.
Resolution: Changed the functionality so that if the file is successfully destroyed, RTVScan considers that a successful denial of access. It then displays Access Denied and places the file in Quarantine, allowing later file recovery. This is not a complete fix, as an empty .zip file still appears on the NetWare server share.
Fix ID: 1-21D0K0
NetWare disk writes increase when Symantec AntiVirus is running.
Symptom: Disk writes show 1 minute and 10 minute spikes.
Resolution: RegFlushKey functionality was removed from the RegCloseKey function. This causes the registry to be written to disk every five minutes instead of every time RegCloseKey is called and the Registry is dirty. This behavior is the same as in the Windows registry.
Fix ID: 1-2FXFY9
Contents of drop-down list are sorted incorrectly after translation (Localization issue)
Symptom: When selecting the time frame to delete older records from the Symantec AntiVirus history view, events are not deleted when expected.
Resolution: Because the elements of the drop-down list (Days, Months, Years) are sorted, they appear in a different order when translated into different languages. The order is what determines the final time frame, so a different sort order causes the time frame to be calculated incorrectly. The solution is to not sort the items in the list so they are in the same order no matter what language is used.
Symantec Client Firewall 7.1.1.1000
| Component | Version | Build |
| Symantec AntiVirus | 9.0.1 | 1000 |
| SCF/SCFA | 7.1.1 | 1009 |
| AMS | 6.12.0 | 126 |
| Common Client | 2.2.1 | 4 |
| Decomposer | 3.2.12 | 9 |
| IDS Update (SCF) | 5.3.5 | 1 |
| IDS Update (SCFA) | 5.3.1 | 54 |
| QServer/Qconsole | 3.3.1 | 3 |
| Sym Sentry | 1.0 | 28 |
| SymNetDrv | 5.3.5 | 1 |
New features
Enhancements for Windows XP Service Pack 2 (SP2)
Symantec Client Firewall now includes new features for Windows XP SP2. These features are:
- Support for Windows Security Center
Symantec Client Firewall is now recognized by the Windows Security Center. Note that in the current implementation, its status is always displayed as "green" regardless of product configuration.
- Functionality to disable the Windows Internet Connection Firewall
It is not necessary for more than one client firewall to be installed on a machine. Since Symantec Client Firewall provides superior protection to Windows Internet Connection Firewall, Symantec Client Firewall automatically disables Windows Firewall at startup. By default, Symantec Client Firewall will do this only once, and will re-enable Windows Firewall when it is uninstalled. This functionality is supported regardless of whether Windows Firewall is enabled before Symantec Client Firewall is installed or after, as is the case when Windows XP SP2 is deployed to a machine. The firewalls in the original Windows XP, Windows XP SP1, and Windows XP SP2 are all supported.
Administrators can configure this behavior using the Symantec Client Firewall Administrator policy settings WindowsFirewallControl and WindowsFirewallSuppressDisabledMessage. For administrators in unmanaged environments, these can be configured at the time of installation by using the MSI Properties ICFCONTROL and ICFDISABLENOTIFY (which allows administrators to disable notification of the fact that the Windows firewall is disabled). Valid values are as follows:
ICFCONTROL values:
| 0 | No action - disables all Windows Firewall interaction |
| 1 | (Default) Disable once |
| 2 | Disable always |
| 3 | Restore if disabled |
ICFDISABLENOTIFY values:
0 |
(Default) Do not disable the notification message |
1 |
Disable the notification message |
New fixes
Fix ID: 1-2L5JUJ
SYMNETCLIENTTYPE flag is not set to Enterprise when importing SymNetDrv merge modules
Symptom: Running LiveUpdate may result in SymNetDrv components being updated with versions not meant for the Corporate product.
Resolution: A property flag was added to prevent future LiveUpdates from downloading erroneous SymNetDrv packages.
Fix ID: 1-2KTSIR
Explorer becomes unresponsive after installing Symantec Client Security 2.0
Symptom: Explorer becomes unresponsive after installing Symantec Client Security 2.0. Response returns to normal after uninstalling Symantec Client Security 2.0.
Resolution: The Common Client component of Symantec Client Firewall was updated to version 2.2.1, which contains a fix for the issue.
Fix ID: 1-23RBKM
Symantec Client Firewall does not forward IDS violation events to Symantec AntiVirus
Symptom: Symantec Client Firewall fails to forwards some IDS violation event log entries to Symantec AntiVirus.
Resolution: The code was modified to allow the entries to be forwarded.
Maintenance Patch 2 (MP2)
Symantec AntiVirus Corporate Edition 9.0.0.1400
Note: Maintenance Patch 2 is distributed in both licensed and unlicensed versions. Installing an unlicensed patch over the licensed build is not supported and is not a valid upgrade path. Be sure to install the correct patch for your version of Symantec AntiVirus or Symantec Client Security. If you install the unlicensed patch over a licensed version, the installation will appear to succeed, but the resulting installation will not be complete.
New enhancements
Enhancements for Windows XP Service Pack 2 (SP2)
Fix ID: 1-2IMSIG, 1-2N28HQ, 1-2N28OV
Feature: Symantec AntiVirus now includes support for Windows XP SP2. This support is compromised in two new features:
- Support for Windows Security Center
- Support to disable Windows Security Center
Symantec AntiVirus is now recognized by the Windows Security Center. Note that in the current implementation, its status is always displayed as "green" regardless of product configuration.
The Symantec System Center console now supports a new option allowing administrators to disable and hide the Windows Security Center (WSC) in Windows XP SP2 and later. This option is present on the General tab of the Client Administrator Only Options. Note that while the WSC icon is hidden in the Control Panel's classic view, it is not hidden in the new Category view or the Start Menu expansion of the Control Panel. The Category view icon can be hidden by using the group policy setting User Configuration > Administrative Templates > Control Panel > Hide Specified Control Panel Applets, or the view can be disabled by using the User Configuration|Control Panel|Force classic Control Panel style policy.
This processing is performed by Symantec AntiVirus at startup and when the value changes. Note that the "Restore WSC" option only affects machines where the administrator has used "Disable once" or "Disable always" to disable WSC.
New fixes
Roaming between Servers starts a scheduled scan
Fix ID: 1-2MVPI5
Symptom: When a Symantec AntiVirus client roams between servers, a scheduled scan starts.
Resolution: The schedule settings are now saved before migrating to the server and then restored correctly after migration.
Symantec AntiVirus Server fails to install client on Windows XP Service Pack 2 when ICF is enabled
Fix ID: 1-2NAI7D
Symptom: Symantec AntiVirus Server cannot remotely install a client with Internet Connection Firewall (ICF) on. It will install if "Allow file and printer sharing" is checked in the ICF settings.
Resolution: Added a new section in the Readme.txt file to specify that customer must either turn on File and Printer sharing or open ports 137 and 138 in the exception list of ICF to install the client.
Symantec Client Firewall 7.1.0.1400
New fixes and enhancements
No changes to Symantec Client Firewall are included in Maintenance Patch 2.
Maintenance Patch 1 (MP1)
Symantec AntiVirus Corporate Edition 9.0.0.1300
New fixes and enhancements
Scan engine error when launching scan
Fix ID: 1-296YUZ and 1-2FCES6
Symptom: When launching a manual scan through the user interface or through a right-click scan on a computer with System Management Server (SMS) installed, the message "Scan engine error 0x20000058" appears.
Resolution: This is a timing issue caused by SMS. The SMS internal account is reported as the shell account at login. However, if another query takes place after a few seconds, the right account is reported. The fix is to fail if the SMS internal account is returned, and retry after a few seconds.
Symantec Client Firewall 7.1.0.1300
New fixes and enhancements
No changes to Symantec Client Firewall are included in Maintenance Patch 1.
Document ID: 2004080614001248
Last Modified: 06/19/2008
Date Created: 08/06/2004
Product(s): Symantec AntiVirus Corporate Edition 9.0, Symantec Client Firewall 7.1
Release(s): SAV 9.0 [All Releases], SCF 7.1
Cart
PRINT THIS PAGE