Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

The following boot-start or system-start driver(s) failed to load: eeCtrl

Updated: 21 May 2010 | 4 comments
knightstorm's picture
knightstorm
0 0 Votes
Login to vote

This just started to happen on reboot.

 

I have seen it on MR2MP1 and MR2MP2

 

Windows server 2003 r2 sp2 x64

 

 Event Type:    Error
Event Source:    Service Control Manager
Event Category:    None
Event ID:    7026
Date:        8/13/2008
Time:        10:26:23 AM
User:        N/A
Computer:    DATABACK1
Description:
The following boot-start or system-start driver(s) failed to load:
eeCtrl

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

discussion Filed Under:
,

Comments

Jason1222's picture
13
Aug
2008
0 Votes 0
Login to vote
Jason1222

I am fairly certain this file can be seen in your "services.msc" and the service can be started or stopped by your own doing.

 

 eeCtrl.sys should be located in C:\Program Files\Common Files\Symantec Shared\eengine\eectrl.sys and was probably hardcoded to run from that particular emplacement.

 

Because you are running x64, chances are this file ended somewhere like %drive%:\Program Files (x86)\Common Files\Symantec Shared\eengine\eectrl.sys

 

If a DLL was hardcoded to call it from the C:\Program Files\Common Files\Symantec Shared\eengine\eectrl.sys and it can't find it, it fails.  Check in your Services where the location is trying to call it from and IF the location is wrong (file missing, rights, etc.) try to re-register the file... 

* * * *

Personal experience tells me much is still "not working as intended" in x64.

 

Message Edited by Jason1222 on 08-13-2008 01:48 PM
knightstorm's picture
14
Aug
2008
0 Votes 0
Login to vote
knightstorm

The files eectrl.sys and eectrl34.sys are not visible under services.msc, and can be found in several places.  It seems to be updated with the virus definiitions (it can be found in C:\Program Files (x86)\Common Files\Symantec Shared\SymcData\sesmvirdef64\20080813.039 as well as in  C:\Program Files (x86)\Common Files\Symantec Shared\SymcData\sesmvirdef32\20080813.039)  the files also occur in several other directories that appear to be involved with package distribution and definition updates.  The boot errors have disappeared for the moment.

Paul Murgatroyd's picture
14
Aug
2008
0 Votes 0
Login to vote
Paul Murgatroyd
Symantec Employee
Accredited
Certified

The file is related to the ERASER control engine, its possible it was either being updated (through the defs) during the logon process, or some upgrade process that needed to complete (file rename, etc) was still running after the reboot.  If it is working now, and not reproducible I wouldn't worry about it - its not affected the clients ability to detect threats - just potentially the ability to perform advanced cleanup.  If it has started now then you will be fine.

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

Optimus Prime's picture
17
Oct
2009
0 Votes 0
Login to vote
Optimus Prime
Accredited

Check this out.

Causes:

1. Due to low kernel space
2. Corruption of SAV drivers
3. Corrupted Definitions.

To Avoid the crash in future:

1. Upgrade the drivers.
2. Adding the "kstackminreg" value.
3. Upgrade the version to latest. Better install SEP

;-)

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,921