Symantec Endpoint Protection Causes Crash

karinerivet
karinerivet used Ask the Experts™
on
We are using Symantec Endpoint Protection version 11 with Windows XP SP2 and SP3 and 3 of our 60 PCs crash every day, minutes after new definition files are downloaded/installed.  On 1 of the PCs I attempted an uninstall/reinstall of Symantec, but the problem persists.  I captured the minidump file from 1 of the PCs and debugged it.  The debugger indicates that there is an issue related to ntkrnlpa.exe.  Using the information provided and the attached minidump file and debugger output can anyone provide any suggestions as to why these 3 PCs are crashing after installing new definitions and how we might resolve it?
Mini070110-01.dmp
Minidump-Debugger-Output.txt
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
I've resolved quite a few Symantec issues like this by uninstalling/reinstalling. (As you have done.) After that, I ran SFC SCANNOW on the systems and had good results. You might give that a try.
SFC SCANNOW
Just insert your OS CD while holding down Shift to prevent autorun.
Release the Shift key after about ten seconds.
Then click Start and in the Run field type SFC /SCANNOW and select OK.
http://www.updatexp.com/scannow-sfc.html
After the scan completes, reboot and test.
Top Expert 2010

Commented:
are they x64 or x32 XP systems ?
It looks like this is what you are experiencing.
System hangs after new virus definitions arrive and the AutoProtect Option "Rescan the Cache when new definitions load" is enabled
Fix ID: 1859398
Symptom: System hangs after new virus definitions arrive and the AutoProtect Option "Rescan the Cache when new definitions load" is enabled
Solution: AutoProtect Rescan synchronization has been fixed
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid_p/2007121216360648 
 
You will need to uncheck re-scan the cache option to avoid this problem. or you will need to update your sep to MR6.

Author

Commented:
The systems are x32 XP.

I found the option to uncheck the re-scan cache.  I checked the help file for an explanation of this option and it stated:

"Rescan the cache when new definitions load: Rescans the file cache when new definitions arrive on the client computer. If you disable this option, the file cache does not persist after the client computer shuts down. When the client computer restarts, Auto-Protect rescans all files."

Does this mean that every time the PC powers on a full scan of all files is going to be performed?  Or, what does it mean?

Author

Commented:
Also, in general, what are the possible ramifications to unchecking this option?
For what i understand
sep will rescan all the files instead of remembering what already had scanned.
And it depends how you have your settings you can tell sep to run a quick scan on start up if or a full start up a quick scan will do the job for start up and schedule your fulls scans once a week.
Test it and see if that solves your problem.

Author

Commented:
Our PCs by policy are configured to perform a full system scan once per week.  I unchecked the option on my test PC, rebooted and saw new visual difference other than confirming that the option was still unchecked.  I subsequently unchecked the option on all three affected PCs and will report back next Wednesday on the result.
how did you test go?


Author

Commented:
I apologize for not responding sooner.  Unchecking the rescan option resovled the issue.  Thank you very much for your assistance.
any time!!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial