Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

The following boot-start or system-start driver(s) failed to load: eeCtrl

Created: 13 Aug 2008 • Updated: 21 May 2010 | 4 comments

This just started to happen on reboot.

 

I have seen it on MR2MP1 and MR2MP2

 

Windows server 2003 r2 sp2 x64

 

 Event Type:    Error
Event Source:    Service Control Manager
Event Category:    None
Event ID:    7026
Date:        8/13/2008
Time:        10:26:23 AM
User:        N/A
Computer:    DATABACK1
Description:
The following boot-start or system-start driver(s) failed to load:
eeCtrl

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Comments 4 CommentsJump to latest comment

Jason1222's picture

I am fairly certain this file can be seen in your "services.msc" and the service can be started or stopped by your own doing.

 

 eeCtrl.sys should be located in C:\Program Files\Common Files\Symantec Shared\eengine\eectrl.sys and was probably hardcoded to run from that particular emplacement.

 

Because you are running x64, chances are this file ended somewhere like %drive%:\Program Files (x86)\Common Files\Symantec Shared\eengine\eectrl.sys

 

If a DLL was hardcoded to call it from the C:\Program Files\Common Files\Symantec Shared\eengine\eectrl.sys and it can't find it, it fails.  Check in your Services where the location is trying to call it from and IF the location is wrong (file missing, rights, etc.) try to re-register the file... 

* * * *

Personal experience tells me much is still "not working as intended" in x64.

 

Message Edited by Jason1222 on 08-13-2008 01:48 PM
knightstorm's picture

The files eectrl.sys and eectrl34.sys are not visible under services.msc, and can be found in several places.  It seems to be updated with the virus definiitions (it can be found in C:\Program Files (x86)\Common Files\Symantec Shared\SymcData\sesmvirdef64\20080813.039 as well as in  C:\Program Files (x86)\Common Files\Symantec Shared\SymcData\sesmvirdef32\20080813.039)  the files also occur in several other directories that appear to be involved with package distribution and definition updates.  The boot errors have disappeared for the moment.

Paul Murgatroyd's picture

The file is related to the ERASER control engine, its possible it was either being updated (through the defs) during the logon process, or some upgrade process that needed to complete (file rename, etc) was still running after the reboot.  If it is working now, and not reproducible I wouldn't worry about it - its not affected the clients ability to detect threats - just potentially the ability to perform advanced cleanup.  If it has started now then you will be fine.

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

Optimus Prime's picture

Causes:

1. Due to low kernel space
2. Corruption of SAV drivers
3. Corrupted Definitions.

To Avoid the crash in future:

1. Upgrade the drivers.
2. Adding the "kstackminreg" value.
3. Upgrade the version to latest. Better install SEP

;-)