Continuing the global fight against Symantec Endpoint Protection 🙂 here is a possible way to ensure that old virus definitions are not staying on the C drive.
First of all we need to temporarily turn the Tamper Protection off for the whole environment. It can be done from the SEP Manager console for a particular group. Go to Clients view, on the left hand side you will see a list of groups. Select your target group and then on the right hand side select Policies tab:
Then select General Settings and Tamper Protection tab:
Uncheck “Protect Symantec security …”
This setting will be propagated to all your computers located in the group. You can refresh the policy to speed up the process. To some extend you are decreasing the level of security, but that’s the trade off.
Now, when the Tamper Protection is disabled you can delete old definitions. Not manually of course 🙂
Here is a vbscript that can be scheduled on the machines or executed remotely:
'Ensure the Paths array includes all possible paths Dim Paths(2) Paths(0) = "C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs" Paths(1) = "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs" 'How many days to keep old = 4 For Each rootPath In Paths Set FSO = CreateObject("Scripting.FileSystemObject") If FSO.FolderExists(rootPath) Then Set folder = FSO.GetFolder(rootPath) For each Subfolder in folder.SubFolders 'msgbox subfolder If (Left(Right(Cstr(SubFolder),12),2)) = "20" Then If DateDiff ("d", SubFolder.DateCreated, now) > old then SubFolder.Delete True End If Next End If Next
Few comments. Variable Paths is an array storing all possible paths to the virus definitions. This is because there are many SEP versions and every has a different path to a VirusDefs folder. Also SEP location depends on the OS version. Therefore, if you want to make this script really universal, you can easily endup with 20 different paths.
When all done, do not forget to turn the Tamper Protection on 🙂