Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Secars Started! problem

Created: 19 Nov 2012 | 11 comments

Hi everyone,

I am having a huge problem and this event log entry seems to be the only thing that can be causing it.

1 to 3 times a day since 2 weeks ago, I've been having issues here with the company being kicked off of our 2003 server.  The only thing that seems to make any sense at all is this Secars started! message in the Event Log.  We have been using Symantec Endpoint Protection since before I was employed here (over 3 years) and everything has been fine.  But since 2 Thursdays ago, which is when we started having these server issues, this secars started! message also began showing up in the event lgo, and whenever that message comes up in the Event Log is the precise times that everyone is losing connection to the server and after 10-15 mins of my server being completely frozen (with the exception of being able to move the mouse) I can finally get it to shut down properly and restart.

This message like I said has never shown up before and I have no idea what Service is starting that is causing my server to stop responding, everything in Control Panel -> Services looks fine.

Please help, I don't know what I can do to make this stop happening.

Thank you,

Kevin.

Comments 11 CommentsJump to latest comment

.Brian's picture

What version of SEP are you running?

What server OS? x86 or x64?

What components of SEP do you currently have installed. Since this is a server, I would make sure only AV is installed to start.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Rafeeq's picture

Secars service is related to Symantec endpoint protection manager.

check this service start up option. Once service is started all the clients try to take updates. I think thats why it stops responding.

Doof_Pukem's picture

I am running 11.0.5002.333 of Symantec Endpoint Protection.  My server is x86.  The anti-virus is what I have running on the server.

Rafeeq:

Like I said above, this only started happening on November 8th and I have no previous event log history regarding that service starting.  I never had this problem if I go to Clients, right click on the group, then go to Run command on group and Update Content.  I don't understand why it would start acting like this now, but with this server being my Domain Controller this is getting really bad, this afternoon when I restarted I had the server on for maybe 2 minutes and it kicked everyone off again and I had to shut it off which locked everything up again.

Could this be some kind of Adware or a Virus?  Because in over 3.5 years of using Symantec, my server has never acted like this.

Kevin.

Doof_Pukem's picture

Is there a way I can just disable this service from running altogether?

 

Kevin.

Doof_Pukem's picture

So no one can respond?

Can I disable this Secars service from running all together?  This is getting really frustrating.

If I can, I need to know how.

Thanks,

Kevin.

.Brian's picture

You're best off putting in a call to support. There is no secars service list in the services list.

There is probably some behind the scenes work needed to be done by the back line engineering team.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Ian_C.'s picture

Two things you might want to think about while waiting for Support:

  1. Did you do any policy changes and can you reverse them?
  2. Can you roll back your definitions for all the components that you have installed?

 

Please mark the post that best solves your problem as the answer to this thread.
Doof_Pukem's picture

Hey Brian and Ian,

Thanks for the suggestions.  But I think I might have accidentally may have found what I wanted about disabling the Secars service.

At about 2 pm CST today I had another issue that resulted in me restarting my server again so this time when it booted back up I was looking around and I then remembered that SEPM had IIS integration.  So when I went in IIS to look I found in the Web Service Extensions folder a Secars service and "prohibited" it from running.  I hope this helps, it's been a stressful couple of weeks here...

I'll update in a few days to see if this solves my server problem.

Kevin.

Doof_Pukem's picture

Hi,

So it appears that with me disabling that service from IIS, it caused SEPM to lose connection to all of the clients.  I did a repair install of SEPM and restarted IIS on the server and all seemed fine until today.  The secars service showed up in the event log, but the server seemed to go back to normal within 2 mins this time, where as before it would be completely locked up for roughly 20 mins.

Should I maybe try doing a re-install of Symantec Endpoint altogether?

I was looking to see if I can update my version to the latest release of 11, but everytime I try inputting the serial number to see if I can download a newer version it just says invalid serial number and doesn't let me do anything else.

So any advice would be appreciated.

Thanks,

Kevin.

Ian_C.'s picture

I was looking to see if I can update my version to the latest release of 11, but everytime I try inputting the serial number to see if I can download a newer version it just says invalid serial number

Sorry, can't help you with your serial number. You'll have to speak to your account manager or Symantec Support. As to the latest version of SEP 11, that is RU7 MP3.

Please mark the post that best solves your problem as the answer to this thread.
Doof_Pukem's picture

Sorry I forgot to mention, when SEPM lost connection to the clients I re-enabled the Secars service in IIS, then I did a repair install of Symantec and restarted the IIS service.

Kevin.