Anti-Virus definition update for Symantec fails

(imported topic written by SystemAdmin)

I am having problems updating Symantec Anti-Virus definitions using the fixlet “UPDATE: Outdated Symantec Anti-Virus Corporate Edition Virus Definition Detected.” The fixlet will show several machines as being relevant but whenever the action is run on the machines it always fails on the line immediately after it runs the definition update file. The line that fails is here:

continue if {(not ((preceding text of last “.” of following text of last “” of (value “NAVCORP_70” of key “HKEY_LOCAL_MACHINE\Software\Symantec\SharedDefs” of registry as string) as integer < 20090610) OR ((preceding text of last “.” of following text of last “” of (value “NAVCORP_70” of key “HKEY_LOCAL_MACHINE\Software\Symantec\SharedDefs” of registry as string) as integer = 20090610) AND (following text of last “.” of following text of last “” of (value “NAVCORP_70” of key “HKEY_LOCAL_MACHINE\Software\Symantec\SharedDefs” of registry as string) as integer < 002)))) AND ((exists setting “AVDelay” of client) AND (value of setting “AVDelay” of client as lowercase = “yes”) AND (exists setting “AVDelayTime” of client) AND (exists (value of setting “AVDelayTime” of client as string as integer)))}

I took the relevance from the action script and put it into the relevance debugger on the same machine it failed on “before” I ran the action and I broke out some of the sections as well. The results are below. It looks like the action is actually running the update and the def’s are getting updated but why the failure on the action script?

Q: (not ((preceding text of last “.” of following text of last “” of (value “NAVCORP_70” of key “HKEY_LOCAL_MACHINE\Software\Symantec\SharedDefs” of registry as string) as integer < 20090610) OR ((preceding text of last “.” of following text of last “” of (value “NAVCORP_70” of key “HKEY_LOCAL_MACHINE\Software\Symantec\SharedDefs” of registry as string) as integer = 20090610) AND (following text of last “.” of following text of last “” of (value “NAVCORP_70” of key “HKEY_LOCAL_MACHINE\Software\Symantec\SharedDefs” of registry as string) as integer < 002)))) AND ((exists setting “AVDelay” of client) AND (value of setting “AVDelay” of client as lowercase = “yes”) AND (exists setting “AVDelayTime” of client) AND (exists (value of setting “AVDelayTime” of client as string as integer)))

A: False

Q: (preceding text of last “.” of following text of last “” of (value “NAVCORP_70” of key “HKEY_LOCAL_MACHINE\Software\Symantec\SharedDefs” of registry as string) as integer < 20090610)

A: True

Q: (preceding text of last “.” of following text of last “” of (value “NAVCORP_70” of key “HKEY_LOCAL_MACHINE\Software\Symantec\SharedDefs” of registry as string) as integer = 20090610)

A: False

Q: (following text of last “.” of following text of last “” of (value “NAVCORP_70” of key “HKEY_LOCAL_MACHINE\Software\Symantec\SharedDefs” of registry as string) as integer < 002)

A: False

Q: (exists setting “AVDelay” of client)

A: False

Q: (value of setting “AVDelay” of client as lowercase = “yes”) AND (exists setting “AVDelayTime” of client)

E: Singular expression refers to nonexistent object.

Q: (exists (value of setting “AVDelayTime” of client as string as integer))

E: Singular expression refers to nonexistent object.

Q: ((preceding text of last “.” of following text of last “” of (value “NAVCORP_70” of key “HKEY_LOCAL_MACHINE\Software\Symantec\SharedDefs” of registry as string) as integer < 20090610) OR ((preceding text of last “.” of following text of last “” of (value “NAVCORP_70” of key “HKEY_LOCAL_MACHINE\Software\Symantec\SharedDefs” of registry as string) as integer = 20090610) AND (following text of last “.” of following text of last “” of (value “NAVCORP_70” of key “HKEY_LOCAL_MACHINE\Software\Symantec\SharedDefs” of registry as string) as integer < 002))) AND ((exists setting “AVDelay” of client) AND (value of setting “AVDelay” of client as lowercase = “yes”) AND (exists setting “AVDelayTime” of client) AND (exists (value of setting “AVDelayTime” of client as string as integer)))

A: False

Q: preceding text of last “.” of following text of last “” of (value “NAVCORP_70” of key “HKEY_LOCAL_MACHINE\Software\Symantec\SharedDefs” of registry as string) as integer

A: 20090608

(imported comment written by BenKus)

You can ignore the settings because they won’t error the relevance expression (they are protected by the “exists” clause)…

I think your problem is here:

(preceding text of last “.” of following text of last “” of (value “NAVCORP_70” of key “HKEY_LOCAL_MACHINE\Software\Symantec\SharedDefs” of registry as string) as integer < 20090610)

If this returns true (which is will because you posted that the value was 20090608), then it means the update was not successful…

So the question is why is this Symantec registry value not updating when you run the Symantec update?

Ben