The following events are logged in the Windows Application Event log:

Event ID 110 - The process SAVFMSESp.exe failed to start (0xC009008A).
Event ID 168 - The process SAVFMSESp.exe was restarted.
Event ID 68 - Unable to initialize scan engine. The virus definitions may be missing or corrupt. Perform a LiveUpdate to retrieve the latest virus definitions.
Event ID 167 - The process SAVFMSESp.exe terminated unexpectedly.

Symptoms 

• Users are unable to retrieve messages with attachments from Exchange
• Email during this period may be "lost"
• If the option "Scan message bodies" is checked under Scans > Auto-Protect > Advanced Scanning Options in the SMSMSE console, users may be unable to view any message bodies in Outlook.
• The following Symantec Mail Security for Microsoft Exchange events are examples of the entries found in the Windows Application Event log:

  ===========================================================

  Event ID 110 - The process SAVFMSESp.exe failed to start (0xC009008A). 

   

  Description:

  The process SAVFMSESp.exe failed to start (0xC009008A).

  =============================================================

   

  ===========================================================

  Event ID 168 - The process SAVFMSESp.exe was restarted. 

   

  Description:

  Unable to initialize scan engine. The virus definitions may be missing or corrupt. Perform a LiveUpdate to retrieve the latest virus definitions.

  =============================================================

   

  ===========================================================

  Event ID 68 - Unable to initialize scan engine. The virus definitions may be missing or corrupt. Perform a LiveUpdate to retrieve the latest virus definitions.

   

  Description:

  The process SAVFMSESp.exe terminated unexpectedly.

  =============================================================

   

  =============================================================

  Event ID 167 - The process SAVFMSESp.exe terminated unexpectedly.

   

  Description:

  The process SAVFMSESp.exe was restarted.

  =============================================================

   

• The file Usage.dat does not contain entries for SAVFMSE_SP processes.

Default path for Usage.dat:
Windows 2003 x86 - C:\Program Files\Common Files\Symantec Shared\VirusDefs
Windows 2003 x64 - C:\Program Files(x86)\Common Files\Symantec Shared\SymcData\virusdefs32
Windows 2008 - C:\ProgramData\Symantec\Definitions\SymcData\virusdefs32

This is most commonly caused by corruption in the Virus Definitions.

Repair the corrupted Virus Definitions with Intelligent Updater
 

1. Stop the Symantec Mail Security for Microsoft Exchange service.
2. Delete the corrupted virus definitions from the Hawking Structure:

   Windows 2008

   C:\ProgramData\Symantec\Definitions\VirusDefs
   C:\ProgramData\Symantec\Definitions\SymcData\virusdefs32

   Windows 2003 32-bit

   C:\Program Files\Common Files\Symantec Shared\VirusDefs

   Windows 2003 64-bit

   C:\Program Files(x86)\Common Files\Symantec Shared\SymcData\virusdefs32

3. Download the latest Intelligent Updater from http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=gw (this is an EXE file).
4. Double-click the EXE file you downloaded and run the Intelligent Updater.
5. Restart the SMSMSE service.
6. If this does not fix the problem, proceed with the next section.

Uninstall of Symantec Mail Security for Exchange/LiveUpdate AntiVirus Definition Directories
 

NOTE: If you are running Symantec AntiVirus version of less than 10.1.x, this procedure may require that you reinstall Symantec AntiVirus as well.  Please contact your Symantec AntiVirus technical support for more information.  If you are running Symantec Endpoint Protection, or backup Exec or any other software which is using that liveupdate.  Please make sure that you contact Symantec Technical Support before removing Symantec Liveupdate.

    1. Export the settings via the File menu.
    2. Open Add and Remove Programs in Windows and remove Symantec Mail Security for Microsoft Exchange.

Note: If you have any errors when performing the above steps, please refer to the manual removal instructions for your specific version of Symantec Mail Security for Microsoft Exchange.  Manual removal instructions for Symantec Mail Security for Microsoft Exchange. 

3. Remove the Antivirus definition files.

Remove the LiveUpdate Hawking files and the SMSMSE Hawking files:

Windows 2008

C:\ProgramData\Symantec\Definitions\VirusDefs
C:\ProgramData\Symantec\Definitions\SymcData\virusdefs32

Windows 2003 32-bit

C:\Program Files\Common Files\Symantec Shared\VirusDefs

Windows 2003 64-bit

C:\Program Files(x86)\Common Files\Symantec Shared\SymcData\virusdefs32

4.  Reinstall Symantec Mail Security for Microsoft Exchange and import your settings.
 

Technical Information

If after completing the steps to remediate corruption the problem recurs, please contact Broadcom Technical Support.