New definitions incorporating an engine update have been installed; what is the method to confirm that the AV Engine and/or Eraser Engine updates have been successfully applied?
The version of the Eraser Engine, SONAR Engine, IPS Engine and other engines can usually be viewed using the SEP client's built-in Help and Support, Troubleshooting utility. Simply click on the Versions tab. For more details, please see How to Export Basic Troubleshooting Information from Symantec Endpoint Protection Clients. (There are sometimes instances where a file's File Version must be checked manually in Windows Explorer.)
For the AntiVirus Engine (AVE), check the date and version number of the following files in the folder
- Windows XP and Server 2003: C:\Program Files\Common Files\Symantec Shared\VirusDefs\20xxxxxx.xxx
- Windows Vista, Server 2008 and newer: C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Definitions\VirusDefs\20xxxxxx.xxx
Note: Check the folder with the latest date.
For AV engine: look for files with names similar to:
Engine details can also be confirmed for Eraser engine in a similar way:
The DLL and SYS files do not necessarily have the same version for each engine. File names may differ between 32-bit and 64-bit systems.
The version number can be checked by right-clicking on the file > Properties > Version > Product Version or by adding a column for Product Version. An example:
Symantec Endpoint Protection contains an AV Scan Engine and an Eraser Engine to provide detection and side effects repair for threats found in the environment. Updates to each of these engines are released via definition update packages (typically, via LiveUpdate): there is no separate manual installation necessary. AV Engine and Eraser releases are scheduled on a quarterly basis with maintenance updates released as needed. A reboot is not usually required for AV Engine or Eraser Engines to be applied.