Solved

Symantec Endpoint Protection Manager - Rtvscan.exe causes profile unload unsuccessful

Posted on 2010-08-20
10
3,012 Views
Last Modified: 2013-12-09
Hello,

We are latest version of Symantec Endpoint Protection Manager (v11.0.6) on Terminal Server 2003 R2 x64 Standard Edition. Due to problems with profile unload, we installed UPH Hive Clean tool (x64 bit) downloaded from TechNet.

The server is very slow and Rtvscan.exe is taking more than 10% CPU usage. In the Event viewer i found several warnings and errors. The below log is an information type:

The following handles in user profile hive FLUP\User52 (S-1-5-21-1962641835-73086011-4158921976-1127) have been remapped because they were preventing the profile from unloading successfully:
 
Rtvscan.exe (504)
  HKCU\Software\Symantec\Symantec Endpoint Protection\AV\Custom Tasks (0x9e8)

How can I resolve this? Thanks!
0
Comment
Question by:SrinathS
  • 5
  • 3
10 Comments
 

Author Comment

by:SrinathS
ID: 33490025
I just updated Symantec EndPoint Protection Manager to latest version v11.0 RU6 MP1. I'm monitoring the event log. I will update this question accordingly.
0
 

Author Comment

by:SrinathS
ID: 33493494
Upgraded to latest version, still encountering the same error in Event log. The server becomes slow and unresponsive due this process. Symantec.
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 33495345
How did you originally install SEP on this server? It definitely needs to be installed as a shared server app (like all TS apps using the TS-specific installation steps) so that it will not run a separate process in each user's session. Also, you need to be sure NOT to install Proactive Threat Protection, as this function of SEP isn't supported on any server operating system.  Here are a couple of relevant articles, if you think this might be your problem:
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/21894dd84e8bbf97c125738c00656f6f?OpenDocument
http://www.symantec.com/connect/sites/default/files/SEP%20on%20Terminal%20Servers.pdf
0
 
LVL 20

Expert Comment

by:jimmymcp02
ID: 33500671
0
Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

 

Author Comment

by:SrinathS
ID: 33501557
@hypercat,

Our previous support person install this application 1 year back. I followed the installation instructions correctly.

@jimmymcp02,

Yes, I already updated from RU6A to MP1. Still the same problem. Symantec Rtvscan.exe is conflicting with UPHclean.exe process. I added the UPHclean.exe to the exception list, still the same problem!
0
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 500 total points
ID: 33523286
Have you looked at this article:
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/e003dc4eb56faea7ca2575f9000a75ab?OpenDocument
You may be able to resolve this issue by excluding the RTVScan process as described.  I've not run into this myself, but I would give it a try.
0
 

Author Comment

by:SrinathS
ID: 33524221
@hypercat,

I added the process rtvscan.exe to the UPHClean process exclusion list by following the Symantec instructions. I log-off and log-in multiple times. I found these warning and information alerts in the Event Log:

Event ID: 1527
Windows saved user TEST-DOMAIN\Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Followed by Information Event ID: 1516
Windows unloaded user TEST-DOMAIN\Administrator registry when it received a notification that no other applications or services were using the profile.
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 33524346
Those two events are normal with a process like RTVScan especially when logging on with an Administrator account. Try logging on as a regular user and see if the error message still appears in the logs.
0
 

Author Comment

by:SrinathS
ID: 33524435
I login as regular user and it displays the above informational message followed by warning message. But as per the message description, I can safely ignore the warning message.

Followed by Information Event ID: 1516
Windows unloaded user TEST-DOMAIN\Administrator registry when it received a notification that no other applications or services were using the profile.

The log-in and log-off speed is increased! Thanks for your help!
0

Featured Post

Want to promote your upcoming event?

Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

Join & Write a Comment

By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
Know what services you can and cannot, should and should not combine on your server.
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now