Endpoint Protection Small Business Edition

COH_Mon has been starting every hour and then windows thows crypt32 Event ID 8 and 11 errors. Here are the events!

Event Type:    Information
Event Source:    Service Control Manager
Event Category:    None
Event ID:    7035
Date:        3/4/2010
Time:        2:43:43 PM
User:        SYSTEM
Computer:    100301
Description:
The COH_Mon service was successfully sent a start control.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Data:

and...

Event Type:    Error
Event Source:    crypt32
Event Category:    None
Event ID:    8
Date:        3/4/2010
Time:        2:43:45 PM
User:        N/A
Computer:    100301
Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
 

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Data:

and...

Event Type:    Error
Event Source:    crypt32
Event Category:    None
Event ID:    11
Date:        3/4/2010
Time:        2:43:45 PM
User:        N/A
Computer:    100301
Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Data:



Does truescan try to verify certificates for running processes? How can I troubleshoot this problem. When we uninstall SEP we dont get the crypt32 errors. I saw that I can decrease the frequency of the Proactive Threat Scans which I believe is what COH_Mon is used for, but I am using SEP Small Business Ed. and there does not seem to be anywhere to change the scans. I did find where I can disable them but this causes the end user to get a big red error indicating they are not protected. So here I am asking what do you suggest? How do I get COH_Mon to stop running or at least run without the errors and slowdown\freezing the PC? If I have to remove SEP and go back to Mcafee I can but I would rather not.

Any help is welcome!

Matthew

You are correct about SEP 12, this feature cannot be modified. I would open a case ASAP, and get Symantec to investigate the root cause of the errors.

http://www.symantec.com/business/support/contact_techsupp_static.jsp

https://mysupport.symantec.com/