At the office, we are using the Symantec Endpoint Protection (corporate edition) anti-virus solution. One day we realise that every computers running Windows XP Professional in the office is having an issue with low disk space. After a details check-up we found out that the Symantec is storing all the virus definition updates in the “C:\Program Files\Common Files\Symantec Shared\VirusDefs\” folder and it will never gets deleted ! most computers will have at least 20-40GB alone in that folder. The workaround is by using this simple MSDOS batch file to actually delete all the TMP files in that folder.

The MSDOS batch file (or you can call it script) is as below:

cd "C:\Program Files\Common Files\Symantec Shared\VirusDefs\"
for /F "tokens=*" %%G IN ('dir /b /ad "C:\Program Files\Common Files\Symantec 
Shared\VirusDefs\*.tmp"') do RD /S /Q %%G
exit

bare in mind that the “for” statements is in one line. Just use any text editor to create this MSDOS batch file, and give a usefult name like “symantecfix.bat”. save it in one folder under C:\ (for example C:\scripts ).

Some explanation on the scripts. firstly it will actually Change Directory to the “C:\Program Files\Common Files\Symantec Shared\VirusDefs\”, Then it will use the “for” loop to just list out all the *.tmp files in the directory (again here to be safe I include the whole path – just to be sure).


Afterthat once we are in the loop with all the *.tmp files, it will execute the “RD /S /Q filename.tmp” command. RD is a “Remove Directory” (including all the files in the sub-directory), the /S to include the sub-directory, and /Q to skip all the Yes/No question. The %%G is the variable to hold the *.tmp filename – if you were to test this “for” loop at the MSDOS command line (not from the scripts) you should use %G instead. Lastly is the “exit” command – this will just close the MSDOS environment, optional only.

To execute the script, just open the MSDOS window (command “cmd”), change directory to the location of the script file, then type the full filename – in this case symantec.bat, to execute it.

To make it automated, you can use the “Scheduled Task” (from Control Panel). You can make it daily or weekly depend on your preferences.

Have fun.

Tags: , ,

9 Responses to “Workaround for Symantec Endpoint Protection VirusDefs issues”

  1. Mike says:

    MSIE 7.0 Windows 7

    How can you make the del or rd commands to remove folders named by yyyymmdd.xxx in the virusdefs folder?

    Additionally to your script, you may want to include smc -stop /net stop symantec antivirus and the with the start when job is done.

  2. mike says:

    MSIE 7.0 Windows 7

    How can you make the del or rd commands to remove folders named by yyyymmdd.xxx in the virusdefs folder?

  3. MP says:

    MSIE 8.0 Windows XP

    @mike:
    That apparently would not be a good idea — for details, see this Symantec article. Thanks.

  4. MR.OMAR says:

    Chrome 13.0.782.41 MacIntosh

    hmm… if thats the case then Symantec have to answer why that folders taken up a lot of spaces especially considering it’s located in the boot drive C:, we found some grows up to 40GB and more… anyway, we now using the Microsoft Security Essentials

  5. Rachel53461 says:

    Chrome 16.0.912.75 Windows 7

    Thank you, this drives me crazy because our servers are old and constantly running out of space due to Symantec taking a few GB for it’s old virus definitions.

    I altered the script a bit to delete the actual folders instead of the .tmp files. I’ve always deleted folders in the past to make space, and it hasn’t caused any problems.

    The only change needed is to replace *.tmp with 20*.*, since the folder naming convention is yyyymmdd.xxx, and I figure the year is going to start with 20 for the next 90 years or so 🙂

  6. paul says:

    MSIE 8.0 Windows XP

    Great solution! love it. this is exactly what I was looking for. Thanks!

  7. Original Paulie D says:

    MSIE 8.0 Windows 7

    On WinXP and Server2003, the folder is “C:\Program Files\Common Files\Symantec Shared\VirusDefs\”

    Virus Defintions reside in their own subfolder named YYYYMMDD.### where ### is Revision.

    You’ll want to keep folders whose name appears in the DEFINFO.DAT file, listed under [DefDates], as Symantec retains the current and prior virus definitions. The values for CurDefs= and LastDefs= are formatted as YYYYMMDD.### where ### is Revision.

    Another folder that often contains older objects (such as older virus defs, failed LiveUpdate attempts, etc.) is:

    “C:\documents and settings\all users\application data\symantec\liveupdate\Downloads\”

    Caution should be used, when manually cleaning this directory. That said, I reference the file’s date to determine age and typically remove *.m25 and avenge*livetri.zip files deemed as outdated.

    By design, LiveUpdate or similar mechanisms are responsible for cleanup … but I am in agreement that they are known to fail, consuming free disk space in the process.

  8. Original Paulie D says:

    MSIE 8.0 Windows 7

    To update my prior post, Symantec will delete ALL files from the folder:

    “C:\documents and settings\all users\application data\symantec\liveupdate\Downloads\”

    As follows:
    1) Launch LiveUpdate
    2) Click OPTIONS (top-left of window)
    3) Choose CONFIGURE
    4) Choose UPDATE CACHE tab
    5) Click REMOVE ALL FILES FROM CACHE button

    Therefore, it’s safe to assume that one may manually purge that folder. The only obvious consideration is that a LiveUpdate session is not in-progress, since the aforementioned folder is the default and (unfortunately) unchangable workspace.

  9. devang says:

    MSIE 8.0 Windows 7

    hello All,

    Can anyone provide the batch file with command to remove yyyymmdd.xxx folder from C:\Program Files\Common Files\Symantec Shared\VirusDefs..

    I tried but giving error ” Syntax error, file not find etc..

    Thanks in adance,,

Leave a Reply

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>