Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Endpoint Protection freezing with Laptops

Created: 19 Jun 2012 | 33 comments

Hello All,

I am having a huge problem, and hopefully someone can share some insight.

We are using Symantec Endpoint Protection v 12.  We have Dell Latitude E6420 Laptops and Dell Optiplex 990 Desktops.  Both have Intel core i7 processors, 4 gb ram, Win7 32 bit.  Obviously, the laptops have the mobile processor.

The problem is, when I install SEP on the laptops, their behavior changes.  I will be unable to shut down the laptop, remove software, or perform active or full scans.  When i try to do any of those, Windows freezes indefinitely.  The system also becomes slower (at logon especially)

I have narrowed this issue down to the Antivirus portion of the SEP install.  If I uninstall that part, and leave Proactive Threat Protection and Network Threat Protection installed, the system operates normally.  Speed is increased, I can shutdown again, and I can install/remove software.

This does not happen at all on our desktops, which are built the same as our laptops.

I first noticed this issue when we were using SEP 11.7, and thought upgrading to 12 would fix it.  The problem still persists.

I have looked at every log file I can, and even submitted files to Symantec with no solution.  People don't believe me until they watch me uninstall the Antivirus portion and everything starts working again.  Unfortunately, we can't deploy the equipment without antivirus protection!

My thoughts are this is an Auto-protect or Kernel issue, but I don't know.  Anybody's insight would be wonderful, as I have been working with this for months with no solution!

Thanks,

Patrick

Comments 33 CommentsJump to latest comment

AravindKM's picture

Can you try by creating an exception for page file?

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

PG_Catalyst's picture

Forgive my ignorance, but can you explain how to do that?

I don't have access to the server side of this, but I have been advised to do all of the troubleshooting!

AravindKM's picture

In client GUI go to change settings-->centralized exceptions--->configure settings--->add-->security risk exceptions-->file and you can add this file.

Note:This is possible if it is not disabled by SEPM policy.

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

PG_Catalyst's picture

I tried adding the exception.  No Change.

Again, the problem goes away if just the Anti-virus portion is uninstalled.  I just need to find out the reason why that is. 

We also use Sophos Safeguard Easy Encryption.  Would that have an effect?  Both companies state that they are compatible.

AravindKM's picture

Can you keep only SEP and remove Sophos Safeguard Easy Encryption and try once...

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

PG_Catalyst's picture

I did do that already.  I decrypted and removed Safeguard easy.  And the problem still persisted.  If I uninstalled the Antivirus portion of SEP, the problem disappears.

.Brian's picture

Have you tried completely removing SEP and re-installing a fresh version of 12.1?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

sandra.g's picture

So are there event log messages recorded, or error messages in the SEP logs?

Given the main difference between laptops and desktops are hardware related, are all third-party drivers updated, particularly something like a fingerprint reader?

The page for that model of laptop says: "Help prevent system viruses and contain data leaks with port control options." I have no idea what these options are, but could they be conflicting with Auto-Protect?

Good luck,

sandra

Symantec, Senior Information Developer
Enterprise Security, Mobility, and Management - Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best helps you!

PG_Catalyst's picture

I built the image of the laptop from scratch with all of the correct and up to date drivers and the issue still happened.

I have checked all of the Windows Logs, and all of the logs I know to check in the client GUI.  I even tried running process monitor.  When I try to monitor what happens, the log can never get saved because the entire system locks up.

I don't know what the port control options are..

cus000's picture

Did Support ask you for any dump, Support tool or VPdebug files/logs?

What they already troubleshoot with you?

AravindKM's picture

Is there any big files like database files are present in your system?

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

Beppe's picture

Hi,

if the system is freezing, get an on-demand complete memory dump when it happens and send it to Tech Support.

Regards,

Giuseppe

PG_Catalyst's picture

I have tried to get memory dumps, but those attempts have failed.  I am so frustrated by this because I can't get an answer from Symantec, Dell, or Microsoft.  I have still pinpointed the issue to Symantec, because as soon as I install it, the laptop freezes after 1 or 2 reboots.  Can anyone think of an idea why this is only happening to laptops?

cus000's picture

No idea since no logs aquired so far.... those Support should have some idea

So no dump exist after reboot/freeze?

PG_Catalyst's picture

There are no logs, dump files, etc.  This issue has also started happening on a completely different model laptop (Dell Latitude D630).  One of our network engineers witnessed that when the Antivirus portion is uninstalled, the laptop performs normally. 

Below are the actions that cause the laptop to freeze when the Antivirus portion is installed:

Accessing Disk Management

Attempting to Install/Uninstall/Repair any program

Running Windows Updates (freezes on Creating Restore Point)

Running a Scan in SEP (active or full)

Shutting Down (stays stuck on Shutting Down screen with the spinning orb indefinetly)

When looking at event viewer after I hard reboot, nothing is recorded at the time of the freeze.  It appears something within the Antivirus portion is stopping communication between Windows Explorer and the Hard Drive.

Controller drivers are the most up to date on all systems.  Why this is only happening to Laptops is something I can't figure out

Jason1222's picture

This is only happening on your laptops?

You said a clean install, meaning you already removed the "Dell" stuff that came with the system by default.  (That's a good thing).

* * * * *

I would like you to try something for me, on a newly built system...

Open a command prompt (elevated if UAC is installed) and type the following:

powercfg -H off

This is basically going to turn off the hibernation feature of the laptop (clearing 4GB of space as it will remove the hiber.sys file from the root of the C: drive).

Reboot the system and see if the behavior is corrected.

PG_Catalyst's picture

Yes, this is only happening to laptops. 

We are using a volume license copy of Windows 7 Professional, then installing the necessary drivers as outlined from Dell (they suggest installing in a specific order).

I have already turned off Hibernation, and the problem persists.

cus000's picture

1)Somehow if you still have old image of Win XP, you may try to install it to the Laptop and see what happens after SEP being installed..

(i would imagine require manual driver seach)

2) Upgrade the BIOS and all hardware drivers manually (graphic card, sata/ata controller etc)

Just an idea

Justin Dybedahl's picture

Not trying to hijack this post, but I'm having a similar issue with the SEP firewall driver and our Latitude D620's, E6410's, and E6420's.  The entire system locks up when making a dial-up connection when the firewall component is installed on the system with or without a firewall policy.  Were you ever able to resolve the issue you were having?  I was thinking maybe it could lead me in the right direction.

Thanks.

sandra.g's picture

A long shot, but what about this? An older version of Wave System's Embassy Security Suite was causing all sorts of problems with Latitude laptops and SEP. It may not completely apply, but you may want to have a look anyway.

http://www.symantec.com/docs/TECH104310

sandra

Symantec, Senior Information Developer
Enterprise Security, Mobility, and Management - Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best helps you!

LaserTag's picture

I have encountered the same issues with Wave System's Embassy Security Suite.  Once uninstalled the problems with firewall driver not loading went away.  I also had freezing and other issues when trying to do various Windows Admin functions. 

.Brian's picture

What happens if you remove the application and device control component?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Justin Dybedahl's picture

For me it doesn't matter.  The only thing that works is if I remove the firewall component.

.Brian's picture

What about just withdrawing the firewall policy instead of removing the component? You can still use the IPS policy.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

griam01's picture

I am having a very similar issue, on my desktops (that are replaced with laptop hard drives).  The drives that we are using are Seagate Self Encrypting Drives (SED) either 250gb or 320gb.  All of the issues, seem to occur with the 320gb drives.  Right now I have 4 users that have the issue.  When it occurs, a hard shutdown resolves the issue temporarily for about a week or so.  I thought it was related to our hardware encryption that we use (Wave), but I have disabled it on a users machine and let them run unencrypted and the issue re-occured.  The hard drive light remains constant on, but none of the processes are showing any time of utilzation.  Anyone have any ideas?

.Brian's picture

What SEP version is this happening on?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

John Santana's picture

Mine is version 12.1.1101.401 which is SEP v12.1 RU1 MP1 

is yours the latest version ?

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

John Santana's picture

So what is the solution here ?

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

ihuter's picture

This is a shame. I have the same issue with our laptops (Toshiba Qosmio x775) freezing with SEP 12.1.674. I'm going to roll back version 11 since there's no official word from Symantec. I wonder what kind of Quality Control and testing they perform if any. Productivity goes down to toilet if you have to reboot your laptop every hours and I don't even take in consideration time me and my coworkers spend dealing with this crap. Thank you for reading my rants.

Justin Dybedahl's picture

For those of you that have the same issue I do (SEP locking the machine when making a dial-up connection), open a case and reference case 419-345-348.  I have been working with support for the past month and they have finally been able to replicate the issue.  They are still working on a fix but maybe if some others call in, it would make this more of a priority.

John Santana's picture

So how's everyone after SEP 12.1.2 has been released ?

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

Justin Dybedahl's picture

Still having the same issue.  I received a call back from the backline engineer assigned to my case and was told it was Microsoft's issue.  They are supposedly working on it with Microsoft and will let me know when it's resolved.  I'm still mad though that it took this long to get them to reproduce the issue and have someone finally looking into it.  I've had this case open for 3 MONTHS.  3 MONTHS, this is not acceptable in my opinion.   I had to call Tech Support 5 times and get my account manager involved on a numerous occasions to get any sort of action on this.  This is kind of a BIG deal since the majority of my users use dial-up to support our customer systems which we are under contract to service.  I'm stuck on 11.x until Symantec gets this resolved.