Windows Security Center Shows non exisitng Symantec firewall

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I had some trouble with Norton Antivirus and Interet Security so I removed
them from my machine. There are no Symantec files on my machine and the
registry has been cleaned -- everything according to Symantec's instructions.
However, Windows Security Center still shows Norton Antivirus and Norton
Firewall as operating. Does anybody know what cause this and how to fix it?
Thanks a lot for your help.
 
Robert said:
I had some trouble with Norton Antivirus and Interet Security so I
removed
them from my machine. There are no Symantec files on my machine and
the registry has been cleaned -- everything according to Symantec's
instructions.
However, Windows Security Center still shows Norton Antivirus and
Norton
Firewall as operating. Does anybody know what cause this and how to
fix it? Thanks a lot for your help.
Click to expand...

Did you also uninstall the Norton WMI Update from Add/Remove Programs?
If not, do so (if you still can after removing registry entries).
Symantec has a "cleanup" uninstaller tool for their products. You might
try running it.

http://tinyurl.com/cbs36 - Uninstalling/reinstalling NIS Norton
AntiSpam, or Norton Personal Firewall 2005

http://castlecops.com/f80-Norton_Anti_Virus.html - forum for Symantec
products at CastleCops

Malke
 
Everything (including WMI) was removed using either Add/Remove Programs or
SymNRT tool. Then I cleaned leftover files according to their instructions.
Still no help.

After several hours of chatroom discussion with Symantec suport people, I
was thinking that this may be an issue with some registry (or some other)
entry not related to Symantec (since they told me what to remove and I did).
Since Windows Security Center did not exist before SP2, I removed it SP2 and
installed it again, hoping this would clean up some entry somewhere. Well,
it did not help. I still see the same info about Norton Internet Security
being ON in the firewall section if I turn off Windows firewall. The Virus
Protection section tells me that Norton AntiVirus reports that it is up to
date and virus scanning is on. Obviously, both are not true.

One of the things a Symantec tech told me to do was to look in msconfig for
Symantec services. I found there Symantec Core LC. After all the cleaning,
it still shows up there, but its status is stopped, even though it is checked
to run. Unchecking doesn't help anything. Could this be a problem and how
do I remove this entry from msconfig?

Here some more questions, then:
1. What would happen if I uninstalled Windows XP and installed them back?
Would this fix the problem without creating too many others? Obviously this
is the last thing I want to do.
2. If I know that the standard Windows firewall is working, is it safe to
just ignore the message that the system may have more than one firewall on?
I'm assuming here that whatever Symantec left on my computer is just telling
the Security Center that it exists, but does not interfere with Windows
firewall.
3. Similar tquestion to the one in (2), but for the virus protection. If I
were to install new virus protection (after the experience with Symantec, I'm
strongly leaning towards somebody else), will it be effective or maybe it
will even erase this wrong message about NAV?

I would summarize the above three questions as: is it safe to ignore what
the Security Center is telling me and provide protection for my computer by
using appropriate software (standard Windows firewall and some virus
detection software)?

Sorry, for the long message, and thanks for your suggestions.
 
Hi,

Yes, in your case it is safe to ignore what the Security Center is
telling you.

Anyway, see if removing the WMI repository helps on the phantom
entry.

How to move or delete the WMI repository to force an auto-recover of
it's default state:

Open a command window (Start/Run --> cmd.exe) and run the following
commands:

net stop winmgmt
cd /d %windir%\system32\wbem
ren repository repository.old
net start winmgmt

(or alternatively delete it using the command "rd /s repository" instead
of the ren command)

It may take a minute or so to complete while WMI rebuilds the database.
 
It worked! Thanks a lot!

Torgeir Bakken (MVP) said:
Hi,

Yes, in your case it is safe to ignore what the Security Center is
telling you.

Anyway, see if removing the WMI repository helps on the phantom
entry.

How to move or delete the WMI repository to force an auto-recover of
it's default state:

Open a command window (Start/Run --> cmd.exe) and run the following
commands:

net stop winmgmt
cd /d %windir%\system32\wbem
ren repository repository.old
net start winmgmt

(or alternatively delete it using the command "rd /s repository" instead
of the ren command)

It may take a minute or so to complete while WMI rebuilds the database.




--
torgeir, Microsoft MVP Scripting, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx
Click to expand...
 
I am having exactly the same problem and would like to try removing the WMI
repository, but, being a novice, I don't understand exactly how to run the
commands.

Is this correct?

Set a System Restore point.

Open command window and then:

Type or paste (without quotes) "net stop winmgmt" and press the enter key;

Type or paste "cd/d%windir%\system32\wbem" [actually it looks as if there's
a space before and after "/d"] and press enter;

Type or paste "ren repository repository.old" and press enter;

Type or paste "net start winmgmt" and press enter.

Wait a few minutes while WMI rebuilds the database. How will I know when
this is finished?

Check the Security Center to see if the ghost of Norton has been vanquished.

Thanks.
 
Mary said:
I am having exactly the same problem and would like to try removing the WMI
repository, but, being a novice, I don't understand exactly how to run the
commands.

Is this correct?

Set a System Restore point.

Open command window and then:

Type or paste (without quotes) "net stop winmgmt" and press the enter key;

Type or paste "cd/d%windir%\system32\wbem" [actually it looks as if there's
a space before and after "/d"] and press enter;

Type or paste "ren repository repository.old" and press enter;

Type or paste "net start winmgmt" and press enter.

Wait a few minutes while WMI rebuilds the database. How will I know when
this is finished?

Check the Security Center to see if the ghost of Norton has been vanquished.
Click to expand...

Once again:

Start>Run>cmd [enter]
net stop winmgmt [enter]
cd /d %windir%\system32\wbem [enter] - yes there is a space after cd and
after /d
ren repository repository.old [enter]
net start winmgmt [enter]

Reboot your computer and things should be OK now. Also check in the
Security Center options at the left side ("Change how Security Center
alerts me") to make sure there are checks in all three boxes.


Malke
 
Thanks, Malke, I've done it. Not without a few oddments before & after
including a couple of Event Viewer error messages:

"Failed to load MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\ASPNET.MOF
while recovering repository file."
and
"Failed to load MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET.MOF
while recovering repository file."

I'm ignoring them until/unless I see something weird happening.



Malke said:
Mary said:
I am having exactly the same problem and would like to try removing the WMI
repository, but, being a novice, I don't understand exactly how to run the
commands.

Is this correct?

Set a System Restore point.

Open command window and then:

Type or paste (without quotes) "net stop winmgmt" and press the enter key;

Type or paste "cd/d%windir%\system32\wbem" [actually it looks as if there's
a space before and after "/d"] and press enter;

Type or paste "ren repository repository.old" and press enter;

Type or paste "net start winmgmt" and press enter.

Wait a few minutes while WMI rebuilds the database. How will I know when
this is finished?

Check the Security Center to see if the ghost of Norton has been vanquished.
Click to expand...

Once again:

Start>Run>cmd [enter]
net stop winmgmt [enter]
cd /d %windir%\system32\wbem [enter] - yes there is a space after cd and
after /d
ren repository repository.old [enter]
net start winmgmt [enter]

Reboot your computer and things should be OK now. Also check in the
Security Center options at the left side ("Change how Security Center
alerts me") to make sure there are checks in all three boxes.


Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
Click to expand...
 
Back
Top