Event ID
168 - The process SAVFMSESp.exe was restarted.
Event ID 68 -
Unable to initialize scan engine. The virus definitions may be missing or
corrupt. Perform a LiveUpdate to retrieve the latest virus definitions.
Event ID
167 - The process SAVFMSESp.exe terminated unexpectedly.
The following steps were carried out to resolve
the problem:
1. Stop the Symantec Mail
Security for Microsoft Exchange service.
2. Open usage.dat file from the
directory C:\Program Files\Common Files\Symantec Shared\VirusDefs\ and confirm
that it's missing SAVFMSE_SP_x=1 entries, where x is a number from 1 to 9.
Example of how an
invalid usage.dat file looks:
[20121024.017]
SMSMSE=1
[20121025.021]
DEFWATCH_10=1
NAVCORP_70=1
NAVCORP_70_2=1
Example of how a valid usage.dat file looks:
[20120424.005]
DEFWATCH_10=1
NAVCORP_70=1
SSS_MICROSOFT_EXCHANGE_30=1
SAVFMSE_SP_3=1
SAVFMSE_SP_1=1
SAVFMSE_SP_2=1
[20121024.017]
SMSMSE=1
[20121025.021]
DEFWATCH_10=1
NAVCORP_70=1
NAVCORP_70_2=1
Example of how a valid usage.dat file looks:
[20120424.005]
DEFWATCH_10=1
NAVCORP_70=1
SSS_MICROSOFT_EXCHANGE_30=1
SAVFMSE_SP_3=1
SAVFMSE_SP_1=1
SAVFMSE_SP_2=1
3. Remove VirusDefs0000000x folders from the directory C:\Program
Files\Common Files\Symantec Shared\definitions\Antivirus (where 'x' is a
number).
4. Remove files from the
directory C:\Program Files\Common Files\Symantec
Shared\definitions\Antivirus\incoming.
5. Copy all files from the latest
definition folder from the directory C:\Program Files\Common Files\Symantec
Shared\VirusDefs\ to the directory C:\Program Files\Common Files\Symantec
Shared\definitions\Antivirus\incoming.
6. Restart the SMSMSE service.
7. When the service starts
up, SMSMSE will read new definition files from incoming folder and create new
virus definition folder (i.e. VirusDefs0000000x)under
definitions folder.
No comments:
Post a Comment