SEP – old virus definitions are not being deleted

Continuing the global fight against Symantec Endpoint Protection 🙂 here is a possible way to ensure that old virus definitions are not staying on the C drive.

First of all we need to temporarily turn the Tamper Protection off for the whole environment. It can be done from the SEP Manager console for a particular group. Go to Clients view, on the left hand side you will see a list of groups. Select your target group and then on the right hand side select Policies tab:

Then select General Settings and Tamper Protection tab:

Uncheck “Protect Symantec security …”
This setting will be propagated to all your computers located in the group. You can refresh the policy to speed up the process. To some extend you are decreasing the level of security, but that’s the trade off.

Now, when the Tamper Protection is disabled you can delete old definitions. Not manually of course 🙂
Here is a vbscript that can be scheduled on the machines or executed remotely:

'Ensure the Paths array includes all possible paths
Dim Paths(2)
Paths(0) = "C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs"
Paths(1) = "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs"

'How many days to keep
old = 4
For Each rootPath In Paths
 Set FSO = CreateObject("Scripting.FileSystemObject")

 If FSO.FolderExists(rootPath) Then
  Set folder = FSO.GetFolder(rootPath)
  For each Subfolder in folder.SubFolders
  'msgbox subfolder

   If (Left(Right(Cstr(SubFolder),12),2)) = "20" Then
   If DateDiff ("d", SubFolder.DateCreated, now) > old then SubFolder.Delete True
   End If
 End If

Few comments. Variable Paths is an array storing all possible paths to the virus definitions. This is because there are many SEP versions and every has a different path to a VirusDefs folder. Also SEP location depends on the OS version. Therefore, if you want to make this script really universal, you can easily endup with 20 different paths.
When all done, do not forget to turn the Tamper Protection on 🙂


Leave a Comment here

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s