Blue screen error referring to Symevent.sys on Windows 7

Article:TECH93491  |  Created: 2009-01-17  |  Updated: 2009-01-17  |  Article URL http://www.symantec.com/docs/TECH93491
Article Type
Technical Solution


Issue



You install a Symantec Endpoint Protection client on a computer running a 32-bit version of Windows 7. Either during the installation, during an operating system migration, or during a Proactive Threat Protection detection, the computer stops responding with a blue screen and refers to Symevent.sys.


Solution



This is a problem between the TruScan keylogger scanning function and Windows 7. To work around the problem, either disable keylogger scanning or remove TruScan completely.

To disable keylogger scanning on managed clients
  1. In the manager, under Clients, select the client group in which the Windows 7 clients reside.
  2. In the right pane, under Policies, edit the Antivirus and Antispyware policy.
    If "Inherit policies and settings from parent group Global" is checked, either edit the policy in the Global group or change the inheritance structure so that the policy does not inherit settings.
  3. Under Truscan Proactive Threat scans, on the Scan Details tab, uncheck Scan for keyloggers, and click the lock symbol to lock the option.
  4. Click OK.

To disable keylogger scanning on unmanaged clients
  1. On the client, in Symantec Endpoint Protection, click Change Setttings.
  2. Under Proactive Threat Protection, click Configure Settings.
  3. Uncheck Scan for keyloggers.
  4. Click OK.

To remove TruScan
  1. On the client computer, in Add or remove programs, double-click Symantec Endpoint Protection, and select Modify.
  2. Expand Proactive Threat Protection, and click the dropdown next to TruScan.
  3. Select "This feature will not be available."
  4. Click Next and complete the wizard.






Legacy ID



2009041710455648


Article URL http://www.symantec.com/docs/TECH93491


Terms of use for this information are found in Legal Notices