Video Screencast Help

Process Id # 0x53C

Created: 23 Mar 2011 • Updated: 23 Mar 2011 | 4 comments

Hi all

Im just courius on finding out what is process id # 0x53C. It appears quite frequently in my security logs on my SBS2008 system, Im wondering if it has something to do with the proactive threat protection. Im running  the Small Buisness edition of the Sym endpoint edition version # 12.0.1001.95 .

Anybody have a clue?

Electro

Comments 4 CommentsJump to latest comment

LeslieMiller's picture

moving to the endpoint protection forum for better visibility

Thomas K's picture

I don't think it is related to your SEP 12 SBE agent. I googled that ID and came up with reports of the same ID showing up from as far back as 2007.

 

Best,

Thomas

Mithun Sanghavi's picture

Hello,

This could be for lot of things.

I dont think, it related to Symantec. Seems to be very generic.

Check these links:

Error Code 0x53C

http://www.wmpub.com/error1340_errorcode0x53c.php

VERITAS Volume Replicator may panic with "Break instruction trap"

http://www.symantec.com/business/support/index?pag...

 

Do you suspect something? Try Below:

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/u...

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Electroteck's picture

The reason why I ask this is because, in my security logs it appears to check all my disk. here is a what the log states.

An Attempt was made to access an object

Subject:

            Security Id: System

           Account Name: Main Server

           Account domain: My Domain

           Logon Id: 0x3e7

Object:

          Object Server:Security

           Object Type:SymbolicLink

           ObjectName:\GLOBAL??\H:

           HandleID:0xae0

Process information:

           Process ID: (In this case its) 0x568

          Process Name: C:\Programfiles(x86)\Symantic\Symantic Endpoint Protection\SMC.exe

Access Request Information:

       Access: SymbolicLink

       Access Mask: 0x1

As I stated these files occure about every 30 Seconds.

One other thing I want to point out is on some of the logs under Access Request Information, I have an entry of

Transaction Id :{00000000-0000-0000-0000-000000000000}

this peticular Id occures within some of the logs. I willing to bet it some type of address but to what?