On the Core Server, run ldlogon\antivirus\updatevirusdefinitions.exe from a command prompt.
I think the Core side error is causing the client side error. The above command should fix the Core side. If not, you will maybe see why in the command prompt as the status is output to the screen.
Once it is fixed on the Core Side, run something like vulscan /installav
That's what I'm thinking too. I think the core server causes the error which leaves many many clients calling.
But I do know how to fix it... what I'm asking is "can they fix the error message?" esp. in 8.8.... or an SP??
And is there a way that we can get the AV client not to lock when the core has a bad sig. file? Replacing it on the server doesn't help 'cause for some reason it's not fully interactively healing!!!
1 of 1 people found this helpful
It was mentioned to me that in 8.8 there may be some auto-healing...like it tries to use a backup folder if the bases folder is corrupt.
I haven't tested it or verified it though.
Yes, if you could verify.
That would probably tip the scale for us going to 8.8 sooner rather than later... that would be a very valuable addition to the software. Esp... if, like I figure, the user is unprotected while caught in this state.
LANDesk ManagementSuite 8.8 does do a backup of the "last known good" AV-definitions.
LANDesk ManagementSuite 8.7 will do this as well, as of SP 5 (we updated the AV-engine accordingly).
Note that the # of previous definition backups you make is configurable (open Security and Patch Manager -> click on the "DOWNLOAD UPDATES" and go to the "LANDesk Antivirus"-tab - the option is in the lower half of the window). While that on its own is not quite a "last known good" so to speak, it does give an option to people who have not had a chance yet to upgrade to SP5 to react quicker, in case of problems with their definition download.
Running the following script will force clients to install the AV-content on the core. Note that this is NOT bandwidth friendly - and while the task may come back as successful, clients may well need 15-20 minutes to fully update. So you will want to run this in small and controlled groups ! Put the following into the 'MACHINES' or 'MACHINES_NT' section of a custom script.
REMEXEC1=<qt/>%LDMS_CLIENT_DIR%\Antivirus\UpdateVirusDefinitions.exe<qt/> /reset, STATUS
NOTE: Again - this is NOT bandwidth friendly, so please use with caution
LANDesk EMEA Technical Lead
Thanks for the reply.
Maybe I'm just venting... which is a GOOD think because tomorrow I'm going to the LANDesk regional user's group in Denver and it's better for EVERYONE if I get this out of my system. But c'mon.... you guys got to look at the questions before you write a quick answer about how you can solve my problem with a script. First off, I already saw your script example in another thread (and took your advice! ).... and more importantly, why do I have to do a script every time to compensate for the fact that the software is CAUSING service calls??
My goal here is to communicate to you and to the community at large what the experience is in the field... in MY reality. And hopefully either get acknowledgement or (at the very least) get the developers to consider putting something more intelligent on the error message than "Error code x93848349534 CALL your IT Administrator"
(hey- how 'bout we get a script where we can change the error message box to say "Call LANDesk support"- that would be AWESOME)
Original question 1: Is this error message any smarter in 8.8?
OQ2: Is it just me? Does everyone else think this message is OK to send to users when the AV breaks? It's cryptic, meaningless, alarming and it doesn't even tell you if protection is ON or OFF.
OQ3: What repair options? It says "contact your IT representative for Repair Options"
Then, (sorry, but I guess I do this a lot) I asked a follow-up question:
FQ1: Does the AV self-heal if we replace the damaged signature file on the core? Jared mentioned that he thinks it might in 8.8. I'm sure only the developers and testing team would know... that would help a TON if we could tell people that it will self-correct.
If, starting in SP5, the client keeps a copy of the last-known-good signature before it broke, then I'll be WAY more agressive about pushing out SP5... I didn't really care about the other improvements. But that is a MAJOR improvement that we should have known about!!!
If the AV can self-heal in 8.8 then put us down for an early upgrade- we usually wait. But I can't have broken AV out there- that is totally unacceptable.
Thanks for listening...