Did you notice very recently (May 2010) that some of the workstations you’ve been scrubbing malware from are refusing to start a virus scan? Yesterday I wasn’t able to get Symantec Antivirus Corporate Edition 2002 / 8.x to “Scan for Viruses…” from the right-click context / shell extension menu. As soon as the scan began I got back the message: “Scan stopped by user”.
A quick google search turned up a recommendation to check disk space and other resources, purge %TEMP% files, etc. Having several GiB of free space and a fair amount of memory uncommitted I didn’t think this was the issue. I proceeded to clear temp files, reboot the computer, the usual. When I still couldn’t scan after a reboot I thought, Meh, I don’t think it’s a virus, I’ll come back to this later (it was an hour past quitting time already).
This morning I ran into another machine with the same M.O.. This is disconcerting. Do I have a virus roaming around my network eating all my AV software for breakfast (when I haven’t even had coffee yet!?). Further upsetting news: scheduled scans also fail. Another Google search turned up more informative results. Evidently, this rather old version of Symantec we’ve been running around with has been abandoned by it’s family some time ago and left for dead (End of Life). It’s too bad too, because up until they broke it with this latest definition update, it seemed to be quite functional for my use. Symantec seems to feel that the product is not capable of detecting the latest threats, etc, etc — Nothing I was interested in hearing. I suppose we should have seen this coming, but it had “just worked” for so long. That’s the thing about the Dim Mak. You never know when it’s gonna take effect.
Clearly, friends of the deceased are in mourning. Some of them almost seem pissed:
If you wish to temporarily resurrect the dead, uninstall the software, reinstall from your usual installer, disable updates, and manually copy the May 10th definitions VD315402.XDB. ThatoldITguy on the Symantec forums provides an unofficial link for those of you daring enough. Of course the usefulness of this method will fade in time (unless you have Benjamin Button-like malware).
If you were curious, EoL for these products occurred/will occur on these dates (according to Symantec)
Symantec Antivirus 8.0 11/30/2005
Symantec Antivirus 8.1 01/31/2007
Symantec Antivirus 9.x 11/31/2009
I’ve set about looking at free alternatives, if I find anything I like, I’ll let you know.
[EDIT] It appears that subsequent definition updates have once again been made compatible with the older Symantec Antivirus software (raising the question of why they needed to be broken in the first place if not for new required features?). I wouldn’t recommend trusting the undead not to break again, probably best to continue with replacement.