Endpoint Protection

 View Only

  • 1.  Endpoint randomly rebooted server

    Posted Apr 05, 2012 03:56 AM
      |   view attached

    After installing SEP 11.0.6300.803 on Windows Server 2008 64bit and declining a restart, SEP restarted the server by itself about 15 hours later. In the middle of the day, thus users losing data.

    From Event viewer:

    The process Smc.exe has initiated the restart of computer KANNEL on behalf of user NT AUTHORITY\SYSTEM for the following reason: Other (Unplanned)

    Reason Code: 0x0

    Shutdown Type: restart

    Comment:

    And also this appeared in the Application log a few times before the restart:

    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. 

    DETAIL -

     2 user registry handles leaked from \Registry\User\S-1-5-21-1220945662-113007714-1957994488-1676:

    Process 14832 (\Device\HarddiskVolume1\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe) has opened key \REGISTRY\USER\S-1-5-21-1220945662-113007714-1957994488-1676\Software\Symantec\Symantec Endpoint Protection\AV\Custom Tasks

    Process 1032 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1220945662-113007714-1957994488-1676\Printers\DevModePerUser

    Before the restart, the setting "Changes requiring Auto-Protect reload" was on "Stop and reload Auto-Protect". After the restart, I set it on "Wait until the computer is restarted". Could this have something to do with the restart?



  • 2.  RE: Endpoint randomly rebooted server

    Posted Apr 05, 2012 04:13 AM

    Just curious, any sign of blue screen appear? or it was a normal reboot?

     

    i saw 'leaked' word there....



  • 3.  RE: Endpoint randomly rebooted server

    Posted Apr 05, 2012 05:39 AM

    It was a normal reboot.



  • 4.  RE: Endpoint randomly rebooted server

    Posted Apr 11, 2012 06:59 AM

    So I guess I'm not going to get a clear answer why the server rebooted.



  • 5.  RE: Endpoint randomly rebooted server

    Posted Apr 11, 2012 11:12 PM

    Hi Priitv,

    I can suggest something by Symantec way....

     

    1) Create support case to Symantec with highest priority

    2) Get SEP Support tool log

    3) Enable full SEP "VPDebug"  and wait until the reboot happens again.

     

    4) Submit both logs and get help from technical support



  • 6.  RE: Endpoint randomly rebooted server

    Posted Apr 11, 2012 11:23 PM

    Hi,

    You will be reinstall antivirus .

    If you don't received any solution log a call in symantec support..

    Please Contact Symantec Customer Care on this issue..

    http://www.symantec.com/support/assistance_care.jsp

    OR 

    Technical Support

    http://www.symantec.com/business/support/contact_techsupp_static.jsp

     

    Phone numbers to contact Tech Support:-

    Regional Support Telephone Numbers:
    United States: https://support.broadcom.com (407-357-7600 from outside the United States)
    Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
    United Kingdom: +44 (0) 870 606 6000

    India: Toll-Free 000 800 4401 456 directly

    IDD call: +61 2 8220 7111