Antivirus headaches

[wayrad]

OK, this is driving me nuts...

My Z60m came with Symantec Client Security 3.1, and when it ran out I ordered a license, since it seemed to be doing an OK job and had a decent reputation. Well, it was on backorder and not available as a download (!), so after waiting for a month, I was forced to cancel. (In the meantime I had found out that an unmanaged version of Symantec Antivirus 10.1 was available free from my workplace, so I was regretting the purchase anyway.)

So...I created a backup set with Rescue & Recovery, uninstalled Symantec Client Security with Add/Remove Programs, installed Symantec Antivirus and Kerio, and figured I was good to go.

Rather quickly things began to go wrong. The first problem was probably my fault - I had Spybot running in resident mode, and after being annoyed for the umpteenth time by its request to confirm a registry change every time SAV started, I tried denying the change, which apparently broke my Symantec tray icon. Attempting to repair or reinstall SAV didn't fix it, so I uninstalled it(again with Add/Remove Programs), disabled and uninstalled Spybot, and reinstalled SAV. Now I had my tray icon back, but I discovered that Word documents could no longer be opened by clicking on them. I also noticed an unusual degree of drive fragmentation (with Diskeeper Lite).

OK, I thought, something is really messed up, but I have a backup. So, I booted into the R&R workspace and restored from the backup set. Deleted Spybot (which I no longer trusted) and the Symantec trialware again with Add/Remove Programs. Installed Kerio and the Symantec Antivirus from my workplace.

Now I have a tray icon, and Word docs open fine, but things are still strange. Links in Thunderbird emails take forever to open with Firefox, and last night fragmentation was about 13% (it had been only about four days since the last defrag). Trying to defrag takes a couple of hours, with a lot of Symantec-related files getting moved around, including a 280 MB (!) log file. Furthermore, Diskeeper tells me it has defragged the drive, but if I exit, then restart it and reanalyze, fragmentation looks even worse.

After doing some looking around, I am wondering if the problem is due to an incomplete uninstall of the SCS trialware. I'm thinking I should do another restore, test the system a few days (hopefully the antivirus definitions won't be too far out of date...), then try getting rid of the trialware with a removal tool. My workplace has a download of SCSCleaner available and recommends it for removal of "Symantec 10 clients only". After Googling a bit, it looks like it should remove all Symantec components, so I was thinking of trying it.

Does this seem a reasonable course of action? Or is there a better/faster way out of this nightmare?

wayrad

[lev]

Disable "tamper protection" of symantec antivirus.
Or remove ThinkVantage Away manager.

The two conflict.

http://forum.thinkpads.com/viewtopic.php?t=30611

[jdhurst]

I agree with lev. Same thing happens with Ad Aware and Client Security.

By the way, on a Laptop, that is not always connected to the shelter of a Company, Symantec Client Security is a better overall tool in that it includes a firewall with SAV. I have a client where the laptops are licenced for Client Security, and the domain-connected Desktops use SAV. Works well.
... JD Hurst

[wayrad]

A BIG thank you to both of you! My drive defragged in about 5 minutes flat after I disabled Whisper Mode and Tamper Protection. This forum is great!

A couple more questions: are those humongous log files still hanging around, and if so, what's the easiest way to get rid of them? And, how does one uninstall Away Manager? I don't see it in Add/Remove Programs.

Thanks again!

[lev]

A BIG thank you to both of you! My drive defragged in about 5 minutes flat after I disabled Whisper Mode and Tamper Protection. This forum is great!

A couple more questions: are those humongous log files still hanging around, and if so, what's the easiest way to get rid of them?

Yes, they're still there. You can just delete them manually. For me they are in:
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs

And, how does one uninstall Away Manager? I don't see it in Add/Remove Programs.

I don't remember. Maybe I used the ThinkVantage Software Installer utility. I don't think I had to do anything manual, there was an automated way of doing it.

Lev

[wayrad]

Wow, there was almost a GB worth of stuff there. Those log files were eating up my drive...no wonder I had problems! I really appreciate your help.

You're right, it was the ThinkVantage Software Installer. I got rid of Away Manager and reenabled tamper protection.

I still see a lot of sluggishness when trying to open links in emails. Any ideas?

[lev]

EDIT: you changed your message, so the first part of my reply is now meaningless, so I removed it.

I still see a lot of sluggishness when trying to open links in emails. Any ideas?

You could start task manager (ctrl-alt-del) and see what's using the CPU at those times. Might give a clue. If it's Rtvscan.exe or ccEvtMgr.exe then it's still something to do with symantec av

[wayrad]

Yeah, tried that after I posted. The first time I still saw some defragger activity. After I killed the process and rebooted, it didn't come back. Couldn't quite see whether there was antivirus activity (display changing too fast), but the system began responding better after several minutes. I remember my workplace's IT web page said something about an auto-generated quick scan in the unmanaged SAV that could slow things down a lot in the first 15 minutes, and that it could be disabled. I'll probably try that if I see any indications that it's the problem. At least this is minor compared to the trouble I had before.

[wayrad]

Still experiencing occasional problems with email links, and the fragmentation rate still bothers me a little, although it's much better than before. I am seriously thinking about doing another restore and trying Kaspersky Internet Security (having given up on the idea of persuading Symantec to actually send me the single-user SCS). Does that have any known conflicts with AwayManager or other ThinkVantage components?

[lev]

Still experiencing occasional problems with email links, and the fragmentation rate still bothers me a little, although it's much better than before. I am seriously thinking about doing another restore and trying Kaspersky Internet Security (having given up on the idea of persuading Symantec to actually send me the single-user SCS).

I've had much better results with Symantec Corporate edition vs the other versions of Symantec. This has also been the experience of a number of other posters on this forum. The corp edition seems much lighter weight, and less likely to bog down the machine and generally get in the way, than the consumer versions...

Does that have any known conflicts with AwayManager or other ThinkVantage components?

Never tried it, but it has been strongly recommended by a number of members of this forum, some in the last couple of weeks. Search the forum archives.

[wayrad]

I've had much better results with Symantec Corporate edition vs the other versions of Symantec. This has also been the experience of a number of other posters on this forum. The corp edition seems much lighter weight, and less likely to bog down the machine and generally get in the way, than the consumer versions...

Hmm, I was under the impression that what I have is the corporate version, i.e. the antivirus part of SCS - just the unmanaged variant. Isn't Norton Antivirus the consumer version? This nomenclature is really confusing.

I'd have certainly bought SCS (with the firewall included) if they would only have sent it to me in a timely fashion or offered a download, but a month is way too long to be sitting around waiting...