How to check the version of AV Engine, IPS Engine and Eraser Engine from the client computer

book

Article ID: 177882

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

New definitions incorporating an engine update have been installed; what is the method to confirm that the AV Engine and/or Eraser Engine updates have been successfully applied?

Resolution

The version of the Eraser Engine, SONAR Engine, IPS Engine and other engines can usually be viewed using the SEP client's built-in Help and Support, Troubleshooting utility.  Simply click on the Versions tab.  For more details, please see How to Export Basic Troubleshooting Information from Symantec Endpoint Protection Clients. (There are sometimes instances where a file's File Version must be checked manually in Windows Explorer.)

For SEP 12.1 clients the AntiVirus Engine (AVE) can be verified by checking the date and version number of the following files in the folder

  • Windows XP and Server 2003: C:\Program Files\Common Files\Symantec Shared\VirusDefs\20xxxxxx.xxx
  • Windows Vista, Server 2008 and newer: C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Definitions\VirusDefs\20xxxxxx.xxx

For AV engine: look for files with names similar to:

  • eng64.sys
  • ex64.sys
  • NAVENG32.DLL
  • naveng64.dll
  • NAVEX32A.DLL
  • navex64a.dll
  • ecmsvr32.dll
  • ecmsvr64.dll

For SEP 14.x clients the SDS Engine can be verified by checking the date and version number of the following files in the folder

  • Windows Vista, Server 2008 and newer: C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Definitions\SDSDefs\20xxxxxx.xxx

For SDS engine: look for files with names similar to:

  • sds_engine_x86.dll

Note: Check the folder with the latest date.

Engine details can also be confirmed for Eraser engine in a similar way:

  • CCERASER.DLL
  • eeCtrl64.sys
  • eraser64.sys

Engine details can also be confirmed for SONAR engine:

  • C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Definitions\BASHDefs\20xxxxxx.xxx
    • BHDrvx86.sys
    • BHDrvx64.sys
    • BHEngine.dll

Engine detail can also be confirmed for IPS engine:

  • C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Definitions\IPSDefs\20xxxxxx.xxx
    • IDSvia64.sys
    • IDSvix86.sys
    • IPSEng32.dll
    • IPSEng64.dll

The DLL and SYS files do not necessarily have the same version for each engine.  File names may differ between 32-bit and 64-bit systems.

The version number can be checked by right-clicking on the file > Properties > Version > Product Version or by adding a column for Product Version. An example:


 

Technical Information
Symantec Endpoint Protection contains an AV Scan Engine and an Eraser Engine to provide detection and side effects repair for threats found in the environment. Updates to each of these engines are released via definition update packages (typically, via LiveUpdate): there is no separate manual installation necessary. AV Engine and Eraser releases are scheduled on a quarterly basis with maintenance updates released as needed. A reboot is not usually required for AV Engine or Eraser Engines to be applied.

Attachments