I have had MR3 working fine on W7, not tried MR4 yet.. what build of W7 are you using?

I'm using the Checked x86 build 7000 from Technet. I willrebuild my virtual machine and try the MR 3 again to see whether I can get it to work.

Ok, I'm trying to do an install of MR3 (11.0.3001) from the CD as an unmanaged install.

The install fails with an error 1603. Looking through the logs I see

LUCA: InstallLiveUpdate enter.
LUCA: C:\Users\ANDREW~1.MAT\AppData\Local\Temp\ERXTPXOS\LiveUpdate\lucheck.exe
LUCA: InstallLiveUpdate exit.
CustomAction InstallLiveUpdate.FF07F38E_78C2_412E_B858_64488E808644 returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
Action ended 14:02:26: InstallFinalize. Return value 3.

I ran LUCheck manaually and got

09/01/2009, 14:26:22 GMT -> Running LuCheck on an unsupported platform. Lucheck quits.
09/01/2009, 14:26:22 GMT -> Ended LiveUpdate Integration Log

I tried installing LiveUpdate manually and I get the same LUCheck error in the logs.

yes, thats the only bit that doesnt work.

You have to install LU manually using LUSETUP.exe, then reboot and install SEP... then it should work.

No joy even after installing live update manually and rebooting. I get the same error.

I have switched to a physical install of Windows 7 because I think that the crashes I saw on my windows 7 VM were WMWare related rather than SEP related.

LU is definitely installed and the luresult says that the install succeeeded.

Installed
0
LiveUpdate has been successfully installed on your machine.

The final return code after remapping is 0
Install result reported from LuInsDll.dll
Install Version 3.3.0.69

I will try the MR4.

Right,

I managed to get the MR4 version of SEP 11 installed on windows 7 on a Pansonic Toughbook Laptop. The install was stable but a little bit sluggish. Then it bugchecked after 30 minutes of uptime with an 0x8e (0xc0000005) bugcheck code.

!analyze -v of the crash dump shows the following

FAULTING_MODULE: 82845000 nt

DEBUG_FLR_IMAGE_TIMESTAMP:  478bf054

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
SYMEVENT!SYMEvent_IrpHandlerInstall+5645
964212a5 ab              stos    dword ptr es:[edi]

TRAP_FRAME:  916ccc40 -- (.trap 0xffffffff916ccc40)
ErrCode = 00000002
eax=00000000 ebx=ad2f0458 ecx=ad2f045a edx=9640ab20 esi=ad2f0478 edi=00000000
eip=964212a5 esp=916cccb4 ebp=916ccd08 iopl=0         nv up ei ng nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010286
SYMEVENT!SYMEvent_IrpHandlerInstall+0x5645:
964212a5 ab              stos    dword ptr es:[edi]   es:0023:00000000=????????
Resetting default scope

DEFAULT_BUCKET_ID:  WRONG_SYMBOLS

BUGCHECK_STR:  0x8E

LAST_CONTROL_TRANSFER:  from 82915429 to 82932f78

STACK_TEXT: 
WARNING: Stack unwind information not available. Following frames may be wrong.
916cc7b4 82915429 0000008e c0000005 964212a5 nt!KeBugCheckEx+0x1e
916ccbd0 8289d256 916ccbec 00000000 916ccc40 nt!RtlImageNtHeader+0x12a3
916ccc4c 828dcb4b 84f1ea60 00000000 828e988a nt!Kei386EoiHelper+0x1de
916ccd18 8289c66a 00000000 00000000 028bf5a4 nt!ExReleaseResourceLite+0xf
916ccd1c 00000000 00000000 028bf5a4 028bf594 nt!ZwYieldExecution+0xb4e


STACK_COMMAND:  kb

FOLLOWUP_IP:
SYMEVENT!SYMEvent_IrpHandlerInstall+5645
964212a5 ab              stos    dword ptr es:[edi]

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  SYMEVENT!SYMEvent_IrpHandlerInstall+5645

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: SYMEVENT

IMAGE_NAME:  SYMEVENT.SYS

BUCKET_ID:  WRONG_SYMBOLS

Followup: MachineOwner
---------

I will experiment further with the MR3 version on Monday to see whether I get the same effects.

I'm using the current release of Windows 7 and MR4 and can't get it to install either.   I'm sure they'll have a fix for it but I'm glad I'm not the only one who noticed the issue.

I have also tried to install MR4 on Windows 7 x64 - as soon as the installation completes (having installed live update seperatley), I get a BSOD from NWIFI.SYS, stop error is 0x3b

With some digging in safe mode it seems to happen wen the Management Client service starts.

Anyone have any ideas about this?

Just trying my first W7 beta trial.... Running on VMWare

Install of W7 itself went fine.

First thing to check is AV - Read that LU needed to be installed first. Did so, W7 wouldn't boot again.

Did Startup Repair x 2

Finally started working.

Ran LU setup again - this time LU installed.

Rebooted then ran managed install - which appeared to work.

Re-booted and now BSOD before W7 finished loading... every single re-boot.

Tried a startup repair - no joy.

Reverted to a snapshot from before SEP install.

Re-installed SEP as an unmanaged client.

Works just fine.

Are there any known policies that will kill W7?

Ta

Nick

and just for completeness, I converted the un-managed client into a managed one with our standard set of policies. Instant BSOD on re-boot.

Your experience tallies with mine. I installed the client un-managed then turned into a managed client by dropping the sylink.xml file.

SEP behaved until it became a managed client. I had three BSOD's in an hour on Friday afternoon and ended up removing it from my Windows 7 test install.

So finally anyone install SEP11.0.400MR4 on Windows 7 (х86) or Windows 2008 R2 x64?I try many various methods (UAC enabled/disabled, stopped Defender, compatibly mode…)both x64 and x86 but no luck, both of them tested on 6.1.7000 and SEP11.0.4000MR4. Has anybody make it work on Windows 6.1.7000 ??? Thanks,Arman Obosyan

I successfully installed MR4 on Windows 7, 64-bit.  I had to install Live Update first, then SEP as an unmanaged client, but it appears to be working normally so far.

I got the 64 bit installation to work as well. I had to install liveupdate first, reboot, then install an unmanaged AV/AS only client.  I then rebooted and dropped a sylink.  The one thing I could not do was install the firewall portion of the product with 64bit.  AV/AS worked fine, but if I tried to install the firewall, upon reboot network threat would not show up and teefer2 lists as not being installed correctly. I may try installing NTP as an add-on now that AV/AS is installed.  This is also a VM so there could be issues with the actual virtual NIC itself.  

I'm also noticing that commands run from the SEPM do not register with the Windows 7 x64 client.  (Reboot, Scan, etc.)  Communication is fine, logs are being uploaded to the SEPM.  (Current defs, etc.)  I seem to remember the commands working on the 32bit Windows 7 version, although I was getting blue screens from symevent on 32bit.  All in all, the basic functionality works which is fine for now.  Windows 7 is beta software so there's no way I would expect SEP to have complete compatibility.

Oh! Thanks!, finally installed, first install LU then SEP, all works!

But during install I got this message, also try various methods, but always get error

Only After moving instalition from drive W:\%LONGPATH% to drive C:\Tmp, install succeed.

Thanks!

if you have crashdumps from running SEP and W7 and are willing to share them with us, please get in touch with me via PM to arrange for an upload

thanks

As with some of the previous posts, i ran the live Update installer and then the client install (x86). It is running fine for about an hour and 10 minutes and then symevent.sys causes the system to dump.

One of the last posts suggests to not install the application control and the firewall controls... When we do not install these options, what are the ramifications of not installing these? Obviously there will not be any firewall rules, but what does the application control do?

Tim

Today Installed SEP 11.0.4010.19 x64 on Windows 7 x64 (6.1.7000) unmanaged client, works perfect!

Just out of curiousity, did you install all features, or just the Antivirus / Antispyware portion?

My testing in a Win7 VM wasn't encouraging.

By default, MR4 failed to install.

I took the advice of others here and loaded LiveUpdate first.

But I had to disable/deactivate the installation of the firewall component for setup of the unmanaged client to succeed.

After succeeding, I notice that I cannot define a new scan. The blue Create A New Scan link does not invoke the Create New Scan window.

I applied the 4010.19 patch but that had no effect.

Can someone please try to reproduce this issue?  If confirmed, I'll look at deploying the Norton 360 beta although I'd prefer not to have to branch off to a new AV client for our eval.

I install all components expect Firewall,

my system is Windows 7 x64 (6.1.7000)

Clean Install SEP 11.0.4010 x64

Arman,

I have Win7 x64 too.

Did you test the create a new custom scan function? Did it work for you?

Wozzit,

The new scan issue has been reported by several here on other threads (including me), so you are not alone.  

wozzit,

Active Scan and Full Scan works

but Create a New Scan NOT

I have a few users using Windows 7 x86 (7000, 7022, and 7032) and installing any version of SEP causes the system to blue screen periodically.  It also causes reboots at what appear to be a frequent interval.  We have tried MR2, MR3, MR4, and now MR4 MP1 with no success.  This is annoying, to say the least, when you are trying to develop/test drivers for your product(s). 

This has not happened with x64 builds, so it appears that x64 is not applicable to this issue.

Here is my installation process:

1.)  Install LiveUpdate manually from server share
2.)  Reboot machine
3.)  Install managed client from server share
4.)  Reboot machine

I am running Windows 7 X86 build 7000 and have SEP MR4 MP1 installed as an unmanaged client.  I experenced a BSOD about an hour after installing.  It seems to be faulting the Symevent.sys.

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault).  The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
        use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
        use .trap on that value
Else
        .trap on the appropriate frame will show where the trap was taken
        (on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000d, EXCEPTION_GP_FAULT
Arg2: 00000000
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------

BUGCHECK_STR:  0x7f_d

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

PROCESS_NAME:  SndVol.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 9eebe23e to 8289d103

STACK_TEXT: 
87a42c44 9eebe23e badb0d00 9eea7b20 85d15030 nt!KiSystemFatalException+0xf
WARNING: Stack unwind information not available. Following frames may be wrong.
87a42cb4 00000000 0f81003c 00000000 00000000 SYMEVENT+0x1823e

STACK_COMMAND:  kb

FOLLOWUP_IP:
SYMEVENT+1823e
9eebe23e ??              ???

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  SYMEVENT+1823e

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: SYMEVENT

IMAGE_NAME:  SYMEVENT.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  478bf054

FAILURE_BUCKET_ID:  0x7f_d_SYMEVENT+1823e

BUCKET_ID:  0x7f_d_SYMEVENT+1823e

Followup: MachineOwner
---------

1: kd> lmvm SYMEVENT
start    end        module name
9eea6000 9eecb000   SYMEVENT T (no symbols)          
    Loaded symbol image file: SYMEVENT.SYS
    Image path: \??\D:\Windows\system32\Drivers\SYMEVENT.SYS
    Image name: SYMEVENT.SYS
    Timestamp:        Mon Jan 14 17:29:24 2008 (478BF054)
    CheckSum:         000298F5
    ImageSize:        00025000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
1: kd> lmvm SYMEVENT
start    end        module name
9eea6000 9eecb000   SYMEVENT T (no symbols)          
    Loaded symbol image file: SYMEVENT.SYS
    Image path: \??\D:\Windows\system32\Drivers\SYMEVENT.SYS
    Image name: SYMEVENT.SYS
    Timestamp:        Mon Jan 14 17:29:24 2008 (478BF054)
    CheckSum:         000298F5
    ImageSize:        00025000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

I was able to get 11.0.4010.19 working on Windows 7 x64 successfully with the following steps:

Copy Install Directory to C:\

Install LiveUpdate, Reboot

Install Unmanaged Core + AV + E-Mail Scanners only

When I tried a full unmanaged install, I didn't see anything on the surface until I launched smcgui-> the firewall component was missing, but network threat protection was available and seemingly working.  Checking the eventvwr.msc was another story:

Faulting application name: ProtectionUtilSurrogate.exe, version: 11.0.4010.14, time stamp: 0x49869c2f
Faulting module name: ole32.dll, version: 6.1.7000.0, time stamp: 0x49433ec5
Exception code: 0xc0000005
Fault offset: 0x0001526c
Faulting process id: 0x13e8
Faulting application start time: 0x01c996ff47328038
Faulting application path: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
Faulting module path: C:\Windows\syswow64\ole32.dll
Report Id: a9d956ce-02f2-11de-983b-005056c00008

Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0

Problem signature:
P1: ProtectionUtilSurrogate.exe
P2: 11.0.4010.14
P3: 49869c2f
P4: ole32.dll
P5: 6.1.7000.0
P6: 49433ec5
P7: c0000005
P8: 0001526c
P9:
P10:

Attached files:

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ProtectionUtilSu_25b1f6cd3a888bbb681094f6cf20d8c03e13_148fecbe

Analysis symbol:
Rechecking for solution: 0
Report Id: a9d956ce-02f2-11de-983b-005056c00008
Report Status: 4

This is better than the 11.0.4000 installer which I couldn't get to install in any fashion.  I'm concerned about the path length creating install failures when  installing from the Downloads or Desktop user folders and by extension the user's %temp% folder.  Not only are those common locations for users to store and launch software/data, but it's exactly where Microsoft suggests users do these activities.

If you guys want the crashdump file, let me know where/how to send it.

Travis

Firstly, in my opinion SEP is a corporate software, so there is no much need to do scans manually. Everything should be managed from the central control.

I have just tried to install SEP again. Once before it failed with 6xxx build of Windows 7 and MR2 MP1. It looked like installing, but SEP wasnt starting.

Today i have Windows 7 7000 build x86. And i also have exported setup.exe from SEPM (managed, no policies, one exe, computer mode), MR4 MP1 version. Installing wasnt slow (keeping in mind that this is an old box with 512 MB RAM only) and after a reboot SEP started, all components were working (at least it was showing green icons :) ) and it has automatically landed into one of my groups (SEP is somehow identifying clients by their hardware or maybe MAC address, so this dual booted system got to the same group as the second OS (XP)). Also a Weekly Scheduled Scan started, only then the system became a bit more sluggish. I have approved some Windows Updates while it was still scanning. No bsods or slow downs, updates were installed, i didnt waited for the scan to complete and shut it down. Works for me :)

I've noticed three bugs, believe I read that other people have seen this as well:

1)  When you click on "Scan for threats" -> "Create a New Scan" -> nothing occurs.

2)  When you click on "Scan for threats" -> "Run Full Scan" -> the scan begins, however the Windows 7 Action center immediately notifies you Symantec Antivirus reports it is out of date and needs an update & Symantec Antispam is out of date and needs and update.  

3)  If you do the above, and in the Action Center you choose 'update', Windows will BSOD within 1-3 minutes.

I noticed that the problem only occurs if wireless LAN device driver is enabled. If the driver is disabled SEP just works fine without any problems (in managed mode at least),

Hi Everyone,

The new version of SEP MR5 (11.0.5002.333) is now available, contact Symantec to download the software by fileconnect, the new version is working very well, in my case, i had to uninstall the 11.0.4014.26 version to install the new one.

Regards...