Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEP Client has green status but logs show auto-protect failed to load. SEP Manager also shows auto-protect not running status.

Created: 03 Feb 2014 | 15 comments

Hi there

I have just sucessfully upgraded our SEP Manager from version 11.0.7300 to 11.0.7400.  I exported the new client install package and began upgrading the clients.  However, after upgrading the client, I found that the SEP client would have a green status, but the client managment system logs would show auto-protect failed to load.

When I check the SEP Manager, the client has checked in and updated, however it also shows auto-protect not running status for that client.

The workstations that are still running SEP client version 11.0.7300 are looking good.

I am experiencing this issue on 8 out of the 9 workstations I have upgraded thus far.  For some reason it works 100% on one of the workstations (XP).

Intelligent updater will also not work. 

I have installed it on a Windows XP and Server 2003 OS so far (all 32bit)

I have elliminated all firewalls as a test

I have tried the following:

Check the DCOM settings

Manually removed corrupt definitions

Used Clean Wipe to remove all traces and reinstalled (SEP and LU clients).

disabled tamper protection

Cleared all the logs and re-added the client to the SEP Manager.

Downloaded the virus definitions directly from the internet instead of via the Managment server.

Used symantec help utility which gives me a "The installed version of endpoint protection client is not recognised" error

I have also elliminated the possibility of it being a local or domain policy interfering 

I have scouered the web for solutions and but nothing has worked for me. I must be missing somthing.  I have run out of idea's

Any help will be appreciated.

Thank you

 

 

Operating Systems:

Comments 15 CommentsJump to latest comment

.Brian's picture

Have you tried repairing the client?

Enable SEP client debugging to see if we can narrow it down

How to enable Automatic Symantec Endpoint Protection (SEP) 12.1 Client Debugging, including WPP logs.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

James007's picture

Try to clear corrupted virus definitions one or two system 

How to clear out corrupted definitions for a Symantec Endpoint Protection client manually

 

Article:TECH103176  |  Created: 2007-01-31  |  Updated: 2012-03-29  |  Article URL http://www.symantec.com/docs/TECH103176

See this thread

auto-protect failed to load

http://www.symantec.com/connect/forums/sep-11-client-auto-protect-failed-load

Rafeeq's picture

Delete the client from the console.

Log in to the Symantec Endpoint Protection Manager.

2. Click Admin and select Servers.

3. Select the localhost under Servers.

4. Under Tasks, Select Edit Database Properties.

5. In the General tab under Database Maintenance Tasks.

6. Select the checkboxes next to Truncate the database transaction logs and Rebuild Indexes.

7. Click OK to apply the changes.

on the client 

start -run - smc -stop

start - run - smc -start

update policy, check the logs on the manager now..

PCTSYM's picture

Hi there

Thanks for all the replies.

I have manually removed the virus definitions just in case they were corrupt.  However the the problem is still there (The Symhelp tools says my definitions are not corrupt).  I have also tried repairing the installation as well, but the problm remained.

I tried a new deployment package in case the install was corrupt as well as deploying it directly from the manager to the client, but it has not changed anything

Rafeeq I did try and do what you suggested, however when I click on "Edit Database Properties", all I am able to do is name the database and give it a description (small box).  I dont get any other options (using the internal database)

I did turn on debugging for a while to see if I could uncover somthing but did not see to much.  However the article you directed me to looks a lot more thourough, so I would like to try the debug route again.

Thanks again

Rafeeq's picture

Those are with 12.1 Version. Not available in 11.7.. I missed that one.

Did you rebuild your WMI after SEP was installed?

Any error message in the event viewer? something like this

SRTSP is generating the following error: "Error loading Symantec real time Anti-Virus driver"

 
pete_4u2002's picture

does running sylhelp shows the definitions are clean?

can you create another package and test it?

suggest to open a support ticket.

PCTSYM's picture

Yes SymHelp says the definitions are fine. I have attached a screenshot of the results (Common issues scan)

I have tried creating a new package, deploying directly from the SEP Manager and installing the unmanaged client and making it managed. 

On thing that does happen is that when I do a clean client installation using 11.0.7400.1398, it always says the auto-protect is malfunctioning.  Then I repair the installation, which then leads to the symtoms I  mentioned in this forum.

This does not happen if I simply upgrade the existing client (not a clean install)

If i manually remaove the virus definitions according to the steps in the symantec article TECH103176, the auto-protect also malfunctions and I need to repair it again.

It looks like I will need to downgrade the clients to 11.0.7300, until I can figure this out.

Thanks again eveyone.

 

 

SymHelp.PNG
PCTSYM's picture

Hi there

Here is an extract from the Symantec Endpoint Protection debug log that could offer an explanation.

Does this look familiar to anyone by any chance

15:20:56.363311[_160][_1060]|IsFilesystemAutoprotectEnabled: Getting AP state.
15:20:56.382123[_160][_1060]|Error getting initial state of AP: 0x80004005
15:20:56.385503[_160][_1060]|IsFilesystemAutoprotectEnabled: Enabled state: 0
 
There are a few more errors but this one reffers to Auto-Protect
 
Thank you.
.Brian's picture

out of curiosity, what version of cleanwipe did you run? the latest is 12.1.4

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

PCTSYM's picture

The version I used was 12.1.4013.4013.

I selected Client Software and Windows LiveUpdate.

Its odd how 11.0.7300 works correctly, but as soon as I upgrade to version 11.0.7400 I experience this problem.  Wonder what changes are causing this.

Kind regards

 

.Brian's picture

I would suggest a support case

How to create a new case in MySymantec

http://www.symantec.com/docs/TECH58873

Phone numbers to contact Tech Support:

Regional Support Telephone Numbers:

    United States: 800-342-0652 (407-357-7600 from outside the United States)
    Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
    United Kingdom: +44 (0) 870 606 6000

Additional contact numbers: http://www.symantec.com/support/contact_techsupp_s...

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

PCTSYM's picture

Hi Guys.

Just a quick report back on this issue.

I did open a support case, as _Brian suggested.  However they were unable resolve the issue and recommended I upgrade to 12.1.

So I have rolled back the clients that had already been upgraded to 11.0.7400 until such time that we upgrade to version 12.1.

They are running now running correctly with version 11.0.7300.

Kind regards

David