Registry values to check status of Norton/Symantec AntiVirus

I do not need a solution (just sharing information)

This is a general question. I am trying to find information to determine TimeOfLastScanPatternFileRevision and PatternFileDate etc settings directly in the registry for Norton AntiVirus on Windows 10.

I believe most Norton AntiVirus values should be located under HKEY_LOCAL_MACHINESOFTWAREIntelLANDeskVirusProtect6CurrentVersion…, but the latest Norton AntiVirus 22.19.8.65 trial version does not appear to have the same location in the Registry?

I can only see HKEY_LOCAL_MACHINESOFTWARENorton… and HKEY_LOCAL_MACHINESOFTWARESymantec…. But I cannot find these values I want to check programmatically (Time of last scan and pattern file date etc).

Have Symantec changed the design and Registry location for Norton AntiVirus at some point in the past? Or is the usual location missing because I am using the trial version?

Can someone please clarify why HKEY_LOCAL_MACHINESOFTWAREIntelLANDeskVirusProtect6CurrentVersion… is no longer visible in the latest version of Norton (Symantec) AntiVirus?

Thank you.

Trevor

0

Related:

How to view and mount GHO images? Where to download Norton Ghost Explorer?

I need a solution

I used Norton Ghost for many years.  i want to clean up my old GHO files.  My recovery experience is that GHO files are often corrupted, so I want to verify them before selecting which GHO files to save.  I also want to open the GHO files to ensure that I’m not throwing away any important data that I haven’t backuped elswere before deleting them.  (would also like the ability to load an GHO image in a virtual machine in case I need to use some old program that I no longer have, but that’s not a current need right now.)

Norton Ghost Explorer 11.5 was free but the download links are not working for me.  Is it because I am in Indonesia at the moment and VPN is blocked, or are the files no longer there?  

ftp://ftp.symantec.com/public/english_us_canada/pr…

ftp://ftp.norton.com/public/english_us_canada/prod…

Alternatively, how to install old versions of Norton Ghost on Windows?  I understand that it is not compatible for imaging, but surely it could open and extract GHO files?

I have the CDs for:

  • Norton Ghost 2003 (but no key on the sleeve)
  • Norton Ghost 10 (2005) with key – but will not install on windows 10 (gave error that it is not compatible with the OS)
  • Norton Ghost 14 (2007) with key – installed ok but I don’t see how to open GHO files!  (only opens v2i files?!)
  • Nortong Ghost 15 (2009) but the key is unredable (old thermal yellow sticker, parts of the numers faded or rubbed off)

I should also have my old NG boot CDs.  Can I boot them in a Virtual Machine in Win 10?  (Sounds cumbersome.)

Other possible solutions?

Thank you in advance.

0

Related:

Client Manager

I need a solution

Hi, I am new in this forum. My friend bought a 2019 Symantec Endpoint Protection 14 for home use. Since my Norton Lifelock is about to expire, he told me that he can install his SEP 14 for me and be his client for just a small amount. I am wondering since he is the client manager or server manager (correct me if I am wrong), can he spy on my laptop using the SEP 14 antivirus? Thank you. Mon

0

1559793349

Related:

SEP Cloud branding problem

I need a solution

Hi all.  I’ve been with SEPC since the beginning, and regular SEP back to version 11, then the client security back to version 9. 

SEPC has a way to go and has some poor design flaws that they seem to not want to address yet, but they’re working hard on it and contiuously as evidenced by the status alerts I get on maintenance, upgrades, etc.  So that’s great.

What’s not great, is their insistent need to brand everything under the hood as Norton.  Part of the reason I am able to convince my small business customers to go with SEPC instead of buying cheaper Norton subscriptions, besides the technical stuff, is that it carries a bit more clout a a business product.  And indeed it does, but this only gets apparent by having a technical discussion.  That’s fine, but often I have to make excuses for Symantec when the customer asks me why there’s so much Norton stuff popping up. 

Like, today, even now as I write this, I’m deploying a bunch of SEPC clients to a new customer, and what does it do after installing?  Gives this great big welcome across thanking the user for installing NORTON.  It even prompts to givec a tour of the Norton product!  Seriously Symantec, you guys really need to prioritize and focus your branding efforts at the SMB level, it’s not well done.  Sure, some people (not many, despite what you might think) recognize the Norton label on websites as a good thing, but 99% of SMB and consumers recognize the name Norton as the consumer antivirus product many of them have grown to dislike over the years, primarily due to past issues with things like system performance.  So it’s a real nuistance to make excuses for Symantec’s poor granding decisions by saying that they’ve layered on a management framework to the Norton technology, don’t worry, it’s not Norton antivirus.  

Words always make the situation sound harsh – I’m half-smiling here, but not also half shaking my head and a multi-billion leader in the security space not being able to properly differentiate their product branding.  Trust me, it does not do you any favors citing Norton as the backend of your SEPC platform.  

0

1559142752

Related:

Having issues with the newest rollout of 22.15.2.22

I need a solution

We have PCs throughout our company that fail the installation to the nesent SEP agent, 22.15.2.22.  The PCs update  then when the user reboots they get a window popup that states Symantec endpoint Protection installation has encountered an error and is unable to continue.  There is s send button when you click that then the next popup some up stating……Liveupdate error Your computer may not be protected.  Norton Installer is not working properly due to an error that occurred during LiveUpdate.  Your computer may be vulnerable to viruses, spyware, and other threats.  uninstall and reinstall this Norton Prodcut to correct the problem.

This has happened on many PCs about 10-15 %. Both Dell Optiplex and HP notebooks.

Symantec tech support states that no one elsle has reported this issue since they started rolling this out last week.

I find that hard to believe. Has anyone else had this issue.

It occurs enough to be frustrating.  Our only solution is to run the SymRedistributable.exe which takes time……

For now we have changed out policies to defer software updates for 30 days.

All feedback is appreciated.

MJ

0

Related:

Upgrading SEP14.2 to SEP 15

I need a solution

Hi,

I want to upgrade from SEP 14.2 to SEP 15 while protect mobile devices.

What is the best path?

SEP 15 + sep mobile or Symantec protection cloud + sep mobile or symantec protection cloud?

0

Related:

Symevent overlap BSOD

I need a solution

Norton Security Suite v. 22.15.2.22. BSOD on Symevent overlap of address regions for BHDrvx86 while watching Netflix and PBS News on NorCal Camp Fire Vista loaner system [pls note jeers notably over-stocked]. Assuming Support/Updating Symevent files for Symantec Endpoint Protection 11.x client link found elsewhere here outdated/not applicable. Norton’s support trigger spins through quick check Autofix to show Internet Connectivity Host File Cleanup – Success; Installation – Failed (installation of what, unknown). Clicked Open Support website as directed, goes to https://support.norton.com/sp/en/us/norton-securit… Norton Remove and Reinstall Tool. Likely never find my way back so will try later if nothing else comes up here. Sorry if posted to wrong place, first rodeo [duh] with Symantec online support forums via DuckDuckGo. WinDBG Loading Dump File [C:WindowsMinidumpMini040219-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:devsymbols*http://referencesource.microsoft.com/symbols;SRV*c:devsymbols*http://msdl.microsoft.com/download/symbols Executable search path is: Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (4 procs) Free x86 compatible Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 6002.24202.x86fre.vistasp2_ldr.170913-0600 Machine Name: Kernel base = 0x83440000 PsLoadedModuleList = 0x83558c70 Debug session time: Tue Apr 2 12:14:21.179 2019 (UTC – 7:00) System Uptime: 0 days 16:08:51.450 Loading Kernel Symbols ……………………………………………………… ………………………………………………………. ………….. Loading User Symbols Loading unloaded module list ……. ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 29, {3c1a88d1, c000000d, 3c1a88d1, 3c1a88d1} *** WARNING: Unable to verify timestamp for SYMEVENT.SYS *** ERROR: Module load completed but symbols could not be loaded for SYMEVENT.SYS Probably caused by : SYMEVENT.SYS ( SYMEVENT+1b10 ) Followup: MachineOwner ——— 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SECURITY_SYSTEM (29) Arguments: Arg1: 3c1a88d1 Arg2: c000000d Arg3: 3c1a88d1 Arg4: 3c1a88d1 Debugging Details: —————— OVERLAPPED_MODULE: Address regions for ‘BHDrvx86’ and ‘BHDrvx86.sys’ overlap CUSTOMER_CRASH_COUNT: 2 DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x29 PROCESS_NAME: nortonsecurity. CURRENT_IRQL: 0 LAST_CONTROL_TRANSFER: from 83658162 to 8350defd STACK_TEXT: b4e5a514 83658162 00000029 3c1a88d1 c000000d nt!KeBugCheckEx+0x1e b4e5a534 83658503 8a1f5518 00000003 00000000 nt!SeDefaultObjectMethod+0x27 b4e5a570 83672667 b4e5a700 00000001 8a1f5518 nt!ObAssignSecurity+0x77 b4e5a6a4 8365980e 8a1f5518 b4e5a7d0 001fffff nt!ObInsertObject+0x54a b4e5a754 83659ec3 8a1f5518 89baf3c8 b4e5a9a0 nt!PspInsertThread+0x269 b4e5a8a0 8365dc52 03e0f910 001fffff 00000000 nt!PspCreateThread+0x282 b4e5acb0 99b3cb10 03e0f910 001fffff 00000000 nt!NtCreateThreadEx+0x133 WARNING: Stack unwind information not available. Following frames may be wrong. b4e5ad30 8348ae86 03e0f910 001fffff 00000000 SYMEVENT+0x1b10 b4e5ad30 00000023 03e0f910 001fffff 00000000 nt!KiSystemServicePostCall 00000000 00000000 00000000 00000000 00000000 0x23 STACK_COMMAND: kb FOLLOWUP_IP: SYMEVENT+1b10 99b3cb10 ?? ??? SYMBOL_STACK_INDEX: 7 SYMBOL_NAME: SYMEVENT+1b10 FOLLOWUP_NAME: MachineOwner MODULE_NAME: SYMEVENT IMAGE_NAME: SYMEVENT.SYS DEBUG_FLR_IMAGE_TIMESTAMP: 5a95cc1d FAILURE_BUCKET_ID: 0x29_SYMEVENT+1b10 BUCKET_ID: 0x29_SYMEVENT+1b10 Followup: MachineOwner ——— 0: kd> lmvm SYMEVENT start end module name 99b3b000 99b53000 SYMEVENT T (no symbols) Loaded symbol image file: SYMEVENT.SYS Image path: ??C:Windowssystem32DriversSYMEVENT.SYS Image name: SYMEVENT.SYS Timestamp: Tue Feb 27 13:22:37 2018 (5A95CC1D) CheckSum: 0001B071 ImageSize: 00018000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

0

Related:

After new portal took over, I am unable to see my unmanaged devices (Mac)

I need a solution

Hello.

After the portal upgrade, I am unable to see any of my unmanaged devices, the Mac computers. Now the Macs are getting the new Norton Cloud upgraded endpoint protection and they are being asked to enter a PIN. I DON’T HAVE THIS PIN. I can only find it in my old portal. Can I go back to the old portal? If not, where are my devices?

thanks!
 

0

Related:

Trail Version required for Testing

I need a solution

Hi,

i want to download and test the Symantec Data Loss Prevention trail version, where can i download the trail version.

since i am new to this community, any help would be appreciated.

thanks

0

Related:

Norton Secured Seal

I need a solution

Hi,

I will describe the question.

I developed a progressive web application that generate strong passwords. All passwords are generated locally on the user’s computer (JS). I noticed that many users do not trust my website. Therefore, I wanted to add Norton Secured seal to my website in order to increase user confidence.

I would like to add a clickable icon so that when users click on it, the Symantec website opens with information about the security check of my website. Is it true that for this I need to buy Symantec SSL Certificate for $ 995 first? is it enough to have a certificate for $ 399 for this Norton seal?

0

Related: