New definitions incorporating an engine update have been installed; what is the method to confirm that the AV Engine and/or Eraser Engine updates have been successfully applied?
The version of the Eraser Engine, SONAR Engine, IPS Engine and other engines can usually be viewed using the SEP client's built-in Help and Support, Troubleshooting utility. Simply click on the Versions tab. For more details, please see How to Export Basic Troubleshooting Information from Symantec Endpoint Protection Clients. (There are sometimes instances where a file's File Version must be checked manually in Windows Explorer.)
For SEP 12.1 clients the AntiVirus Engine (AVE) can be verified by checking the date and version number of the following files in the folder
For AV engine: look for files with names similar to:
For SEP 14.x clients the SDS Engine can be verified by checking the date and version number of the following files in the folder
For SDS engine: look for files with names similar to:
Note: Check the folder with the latest date.
Engine details can also be confirmed for Eraser engine in a similar way:
Engine details can also be confirmed for SONAR engine:
Engine detail can also be confirmed for IPS engine:
The DLL and SYS files do not necessarily have the same version for each engine. File names may differ between 32-bit and 64-bit systems.
The version number can be checked by right-clicking on the file > Properties > Version > Product Version or by adding a column for Product Version. An example:
Symantec Endpoint Protection contains an AV Scan Engine and an Eraser Engine to provide detection and side effects repair for threats found in the environment. Updates to each of these engines are released via definition update packages (typically, via LiveUpdate): there is no separate manual installation necessary. AV Engine and Eraser releases are scheduled on a quarterly basis with maintenance updates released as needed. A reboot is not usually required for AV Engine or Eraser Engines to be applied.