Endpoint Protection

I am new to this forum so sorry if I post this in the wrong place.

Our agency has recently upgraded several machines (right now, about 6, but more pending) that are being upgraded from SEP 11 to SEP12 by march. It is forcing all computers to reboot after a few days because people here never seem to reboot, however on the Windows 7 x86 computers (updated to around the January 2012 level with patches), all of them BSOD. We are upgrading to SEP 12.1.671.

The BSOD is as follows:

driver_unloaded_without_cancelling_pending_operations

caused by: SYMTDI.sys

The rest of it goes away really quickly. I will try going into safe mode to attach a mini dump but I feel that there is not much more to know because we know what is causing the problem (Norton Internet Security Filter, apparently).

We only have basic software installed on most comptuers,

• Reader/Acrobat
• Office 2010
• ArcGIS on some
• Lotus Notes 8
• etc...

I am not sure how to continue from here as restoring them all from our backups has been cumbersome through backup exec (causing lots of registry issues). I am wondering if anyone has had this issue with SEP12 and if anyone has found a solution. Thanks.

We must use SEP12 here so an alternative is not a solution we can use.

The first thing that I would recommend is to install the latest 12.1 RU1 build and see if BSOD still happens. This build should be available to download from your fileconnect account.

If the BSOD's still happen you will need to configure at least 1 machine for a COMPLETE memory dump and then open a case with support to provide this dump for review. Below is documentation on how to configure this dump.

http://www.symantec.com/docs/TECH104660

Hi, It's me Mgamerz again. I had to make a second account because I just reset my password and one of the mail controllers for my agency has locked me out and nobody knows why so I couldn't log in. I didn't want you to think this issue was resolved or that I am not courteous enough to give a response.

We built a package from RU1 and deployed it on other Windows 7 x86 computers with SEP11 existing on them.

They used Proactive Thread Protection, Network Threat Protection and AntiVirus/AntiSpyware.

However, they still bluescreened. We ourselves do not have a support contract with Symantec, but our help desk does. We got a copy of CleanWipe through them (Why do you make CleanWipe only available through 'support'? It's a real hassle and makes us really think less of Symantec when we have to contact you to fix problems in your own software when your own tools to fix issues could be easily and readily available).

After using CleanWipe it installed fine. Before I used CleanWipe, I tried the Windows Install and Uninstall Troubleshooter to foribly remove SEP11 since there is no easy way to uninstall it (Manually doing 76 steps is not going to cut it): http://support.microsoft.com/kb/2438651/

This was after I booted into Safe Mode, ran msconfig, disabled all Symantec Services and rebooted into normal mode. It booted fine with no BSOD's, but the tool showed that there were two installations of Symantec Endpoint (It did not have version numbers). I am thinking that it does not uninstall and reinstall complete and then breaks. After it breaks, the installer never works because it cannot find the file specified when you run the SEP12 installer. This has been a real nightmare to upgrade all of these machines.

I have two complete memory dumps (from different computers) and might open a support case with Symantec to see if they can figure this out so that others don't have to deal with it.

Sounds like, if yo uhave 2 separate installs, the first one was used with a custom path.  C:\Symantec or what ever instead of C:\program files\etc.  OR vice cersa.

Than forcing the second install to a diffrerent location mucked things up.

After "clean wiping" the machines and re-install RU1, are things working?