We help IT Professionals succeed at work.

Symantec anti-virus causing blue screen on boot

matt1982
matt1982 asked
on
Medium Priority
1,670 Views
Last Modified: 2013-12-09
We have Symantec Anti-Virus Corp 10.1 installed on our systems along with Deepfreeze 6.  We have the virus definitions redirected to a D: partition which is not affected by deepfreeze so that Symantec software can stay up to date when the computers are restarted.

The main systems we are having issues with are HP D530's.  Every so often (likely when the definitions are updated) when the computers are rebooted, they will show the XP logo and then flash a blue screen realy quick and reboot.  some will keep doing this and some will come out of it after a while.  I have found that booting to recovery console and run an fdisk /mbr it will resolve the problem most times.  After doing this however, when looking in device manager under non plug and play devices the savrt device has an "1" on it.

The blue screen that is appearing references the file savrt.sys every time.  It also has the message "DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS" and the stop code is 0x000000CE.

We have many other types and makes and models of computers and we've only seen it affect the HP's so far.  I believe there are some 5700's being affected as well.

Any thoughts or ideas on what to try would be great.  If I left out any info that may be important let me know.

Thanks in advance.
Comment
Watch Question

CERTIFIED EXPERT

Commented:
I am running a similar setup, except I do not separate the definitions to a thawed partition and all works well.  the defs update fine as my policy is to update the policy every 2 minutes, no lag time noticed.  I would guess it is an issue with the updating.  I suggest yoiu try it the way I have set it up to see if it will work for you.
CERTIFIED EXPERT

Commented:
what version of sav are you using 10.1.????

thanks

Author

Commented:
sav is version 10.1.4.4000
CERTIFIED EXPERT

Commented:
Im lost on this one...you if you can replicate the exact steps to get it to bluescreen then you can point out which software is causing the bluescreen... you can push an update to a pc and and find out exactly how to reproduce then you can turn off deepfreeze and test again if no crashes then deepfreeze might be the culprit. Then you can turn off deep freeze and test again if it does crash then the culprit is deep freeze. if it does crash then we have a problem with sav.

try and post back
CERTIFIED EXPERT
Commented:
I believe that since these machine are deep frozen that the updates that are being provided are updating a file on your frozen drive and that is causing issues as it gets reset on a restart.  I would move the complete install of SAV to the frozen C: drive and then set it to update from the server every 2 minutes, minimal traffic, and the definitions will be upto date.  I use Deep Freeze version 5 and 6 and have never had a blue screen.

Author

Commented:
It is possible the reason you might never have experienced the problem because it only seems to affect certain models of HP computers, mainly the HP d530's.  Anyone have any idea on what files it may be changing on the C: drive that would cause this problem?  It appears the problem only occurs after a virus definition update.   The issue will always seem to appear on Thursday morning, and possibly other days too but Thursday is the only day I've noticed so far.  I doesn't appear to be updating the savrt.sys file from what I can tell.

Thanks for the suggestions and I will try them if I get the chance.
CERTIFIED EXPERT

Commented:
I have over 60 HP D530 SFF PCs.

Author

Commented:
Ok that's good to know...I'll definitely look at trying what you mentioned then.  Thanks

Author

Commented:
What Kutyi mentioned did solve the issues of rebooting but it is not the way we really want things done.  Ideally we would like to find out why Symantec only seems to have an issue with these types of computers and if there is a way to keep our original configuration and have these HP's still work.  Our next step will have to be to contact Syamntec and then possibly HP.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.