Endpoint Protection Small Business Edition

 View Only

  • 1.  Process Id # 0x53C

    Posted Mar 23, 2011 06:53 PM

    Hi all

    Im just courius on finding out what is process id # 0x53C. It appears quite frequently in my security logs on my SBS2008 system, Im wondering if it has something to do with the proactive threat protection. Im running  the Small Buisness edition of the Sym endpoint edition version # 12.0.1001.95 .

    Anybody have a clue?

    Electro



  • 2.  RE: Process Id # 0x53C

    Posted Mar 23, 2011 08:44 PM

    moving to the endpoint protection forum for better visibility



  • 3.  RE: Process Id # 0x53C

    Posted Mar 24, 2011 09:32 AM

    I don't think it is related to your SEP 12 SBE agent. I googled that ID and came up with reports of the same ID showing up from as far back as 2007.

     

    Best,

    Thomas



  • 4.  RE: Process Id # 0x53C

    Trusted Advisor
    Posted Mar 24, 2011 11:26 AM

    Hello,

    This could be for lot of things.

    I dont think, it related to Symantec. Seems to be very generic.

    Check these links:

    Error Code 0x53C

    http://www.wmpub.com/error1340_errorcode0x53c.php

    VERITAS Volume Replicator may panic with "Break instruction trap"

    http://www.symantec.com/business/support/index?page=content&id=TECH22225&actp=search&viewlocale=en_US&searchid=1300979297767

     

    Do you suspect something? Try Below:

    Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

    https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec



  • 5.  RE: Process Id # 0x53C

    Posted Mar 24, 2011 01:33 PM

    The reason why I ask this is because, in my security logs it appears to check all my disk. here is a what the log states.

    An Attempt was made to access an object

    Subject:

                Security Id: System

               Account Name: Main Server

               Account domain: My Domain

               Logon Id: 0x3e7

    Object:

              Object Server:Security

               Object Type:SymbolicLink

               ObjectName:\GLOBAL??\H:

               HandleID:0xae0

    Process information:

               Process ID: (In this case its) 0x568

              Process Name: C:\Programfiles(x86)\Symantic\Symantic Endpoint Protection\SMC.exe

    Access Request Information:

           Access: SymbolicLink

           Access Mask: 0x1

    As I stated these files occure about every 30 Seconds.

    One other thing I want to point out is on some of the logs under Access Request Information, I have an entry of

    Transaction Id :{00000000-0000-0000-0000-000000000000}

    this peticular Id occures within some of the logs. I willing to bet it some type of address but to what?