Endpoint Protection

<v:shapetype id="_x0000_t75" stroked="f" filled="f" path="m@4@5l@4@11@9@11@9@5xe" o:preferrelative="t" o:spt="75" coordsize="21600,21600"></v:shapetype>

To resolve this problem, the Administrators Group must have write access to the %windir%\system32\drivers folder. To give the Administrators Group write access, follow these steps:

1. Start your computer by using an administrator account.
2. To open a command prompt, click Start, click Run, type CMD.EXE, and then click OK.
3. Type cacls.exe "%windir%\system32\drivers" /G BUILTIN\Administrators:F, and then press ENTER.
4. When you read the prompt Are you sure (Y/N)?, press Y.
5. Type cacls.exe "%windir%\system32\drivers" /G System:F, and then press ENTER.
6. When you read the prompt Are you sure (Y/N)?, press Y.
7. Type cacls.exe "%ALLUSERSPROFILE%\Documents" /G BUILTIN\Users:R, and then press ENTER.
8. When you read the prompt Are you sure (Y/N)?, press Y.

Ref:http://support.microsoft.com/kb/813649

 

What is the version of Symantec?

if the permissions are correct on that directory i would check your SEPM server for a Application and Device policy that could be restricting access to the driver directory... I did that in testing because of some malware writing to that directory... since then the rule has been modified to monitor for access attempts rather than blocking write.  :)

 Thats right ..if you have enabled application control for Protect client files and registry keys
it has a default rule of 
Create, delete, or write attempt:   Block (Log)
for Symndis.sys and all the other symantec drivers

Hi Vikram, thanks for the workaround.. i'll try that as soon as i get back on the user having this prob.

@jeffwichman: there's no policy applied yet for application and device control. this issue arise only once..