I have an open case with Symantec and they asked me to contact Microsoft since the memory dump points to NETIO.SYS and not some Symantec module. Lack of the correct ACL settings on the default data path prevent the incoming client data from flowing to the custom folder. Component versions in Symantec Endpoint Protection 12.1.6 Component Version Antivirus Engine 20126.96.36.199 Auto-Protect 188.8.131.52 BASH Defs 184.108.40.206 BASH Framework 220.127.116.11 CC 18.104.22.168 CIDS Defs 22.214.171.124 CIDS Framework 126.96.36.199 ConMan 188.8.131.52 D2D Last night I tried to install Symantec before I captured my target device however the results were the same. Source
Promoted by Recorded Future Are you wondering if you actually need threat intelligence? Try these resources. SEP 11 RU5 SEPM cannot use wildcard (*) for Trusted Internet Domain exception Fix ID: 3731643 Symptom: Unlike previous versions, you cannot use the wildcard extensions like *.symantec.com for the Trusted SEPM does not display the local time in exported logs Fix ID: 3630868 Symptom: When you export the Computer Status Logs report, most of the columns with date and time values page
Unexpected scheduled scan on the client after a return to Standard Time Fix ID: 3655795 Symptom: An unexpected scheduled scan appears after a return to Standard Time from Daylight Savings Time Solution: Added code to update the CIDS opstate cache when the CIDS opstate cache is not initialized. The KStackMinFree registry value The KStackMinFree registry value specifies a minimum amount of kernel stack that must be free for File System Realtime Protection or Auto-Protect to request file IO from If the operating system runs out of kernel space, then the computer displays a blue screen error message.
Solution: Fixed the logic in the high-performance file download routines for Symantec Endpoint Protection Manager’s httpd.exe implementation. AutoUpgrade does not respect reduced-size install setting Fix ID: 3721853 Symptom: AutoUpgrade performs upgrade of reduced-size client to full-size client, regardless of the option set in Client Install Settings. Solution: Fixed a performance issue which caused the blue screen. Join & Ask a Question Need Help in Real-Time?
Some firewall domain name block rules are also invalid in some situations. Symefa.sys Blue Screen No Yes Products Products Home Threat Protection Advanced Threat Protection Endpoint Protection Endpoint Protection Cloud IT Management Suite Email Security.cloud Data Center Security Blue Coat Products Information Protection Data Loss Prevention Macs experiencing high CPU usage for SymDaemon Fix ID: 3605884 Symptom: High CPU usage in SymDaemon causes the whole system to slow down. https://support.symantec.com/en_US/article.TECH230558.html Other possible values are defined in the following chart.
On a German OS, Quick Reports "Current Month" Time Range calculation incorrect for most 31 day months Fix ID: 3622865 Symptom: On a German language OS, the Quick Reports "Current Month" All my clients/VMs I have upgraded work fine, but this server doesn't want to work. Will generate a dump file later today when the backups have finished. Web access from guest OSes are blocked by SEP firewall Fix ID: 3651374 Symptom: After installing 12.1 RU4MP1 or 12.1 RU5 on Hyper-V host computer, web access from the guest OSes
Disable in windows the "restart on error" function, afterwards you can read the BSOD error message. http://digitalsurgeon.net/blue-screen/symantec-endpoint-protection-causing-blue-screen-windows-7.html All my other physical servers (DCs/Exchange etc) are also HP Proliant G6 servers (a mix of DL360 & DL380) while my management server is a DL160 G6. The answer is yes. SEPM web console stalls at "Initializing...
After the Application and Device Control rule triggers on the clients, the Symantec Endpoint Protection Manager logs contain the target MD5, but not the caller MD5. SEPM stops replicating with an error when a file named "Program" is located at the root of the SEPM install drive Fix ID: 3641315 Symptom: When an executable path contain spaces The SEP firewall enables itself after every restart, even if the firewall policy disables it Fix ID: 3581873 Symptom: You disable the Symantec Endpoint Protection client firewall with the firewall policy http://digitalsurgeon.net/blue-screen/symantec-endpoint-protection-12-1-blue-screen-windows-7.html Much faster is the use of Nirsoft BSOD viewer that give you answer on problems.
If the KStackMinFree value is present in the registry, then File System Realtime Protection or Auto-Protect calculates the amount of available stack space before doing any file IO. Typo in message to snooze a scheduled scan on Mac Fix ID: 3727803 Symptom: A typo appears in the message to snooze scheduled scan. SEP affects backup storage unmounts Fix ID: 3371867 Symptom: Symantec Endpoint Protection interferes with storage unmounts after a backup is done.
I have logged an issue with Symantec support anyway now so am letting them troubleshoot it for me. I am pretty sure I have firewall and network intrusion disabled, however it seems that could be a possibility. The firewall state table clears unexpectedly. SEPM scan reports do not show all computers Fix ID: 3614996 Symptom: Clients that have previously been deleted from Symantec Endpoint Protection Manager, have checked back in, but have not been
Email Address (Optional) Your feedback has been submitted successfully! PVS 7.7. Solution: Changed the API in use to prevent memory leaks when no user is logged in. Check This Out Contact the 3rd party vendor for a solution in cases such as these.
Solution: Removed an older, obsolete server name from the Symantec Endpoint Protection client installation configuration file, which was causing the issue. How long does it take to "verify" my account before this forum allows me to post links or images? Once I removed it from the system, I was able to install the SEP client 12.1.2100.2093 without any further issues. ADC blocking MTP device causes Device Manager to hang Fix ID: 3692877 Symptom: Application and Device Control is not working properly when attempting to block a Media Transfer Protocol (MTP) device.
It will boot up and soon as I try to sign into the computer it just spins. The user does not have any issues with any other programs and never gets a BSoD except when trying to install the SEP Client software. Solution: Changed code to unlock the section of the registry before the Sysplant driver tries to modify it, and restores the lock immediately after Sysplant is done. Thanks to everyone who tried to help.
Virus Definitions Distribution report bars do not display correctly Fix ID: 3680562 Symptom: Virus Definitions Distribution report bars do not display correctly. SEPM log shows the wrong engine version for SEP 12.1.5 clients Fix ID: 3659916 Symptom: A dump log created by Symantec Endpoint Protection Manager, agt_system.tmp, does not show the right engine Meanwhile, other sortable columns were not sorted. Solution: Added a check to review domain policies during an installation or an upgrade, and alerts users to add our accounts to their domain policies.
Solution: Text "may temporarely" changed to "might temporarily".