Greetings Everyone,

Im have upgraded to SEP 12.1.2015.2015 R in the corporate environment.

Now client machines are facing intermittent freeze at boot up splash screen after deploying the new version of SEP.

Managed to drill down to the softwares that are related to this cause, Mcafee Host Data Loss Protection, Mcafee Endpoint Encryption for Files and Folders and SEP.

If I uninstall any of the 1 above, the problem would be resolved.

I have added file and process exceptions to the SEPM for both DLP and EEFF to the clients, removed all polices for the Mcafee Products.

I have already checked with Mcafee and upgrade to their softwares to the latest version but when deployed SEP the problem persists.

I noticed some changes to the boot log when SEP is deployed.

Loaded : \Windows\System32\Drivers\fltmgr.sys

-----------------Empty Line------------

Loaded: \Windows\System32\drivers\mfehidk.sys

-----------------Empty Line------------

I am unclear whether any settings or policies from SEPM will conflict with the applications mentioned.

Thank you for your kind assistance.

Regards,

Yap

Make sure to put those exclusions in place. Did the clients update their policy yet to include the exceptions?

What SEP components are installed?

You may need to call Symantec support so they can troubleshoot further if exceptions are not working.

Hi Brian81,

I have set the exclusions in SEPM and did the policy update on the clients itself.

Components installed are : Virus and Spyware Protection, Proactive Threat and Network Threat Protection.

How do I see the exceptions in the client  to ensure it is updated ?

Regards,

Yap

To see the exclusions that the client creates on 32-bit computers, you can examine the contents of the HKEY_LOCAL_MACHINE\Software\Symantec\Symantec Endpoint Protection\AV\Exclusions

On 64-bit computers, look in HKEY_LOCAL_MACHINE\Software\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Exclusions

Here is the KB article for your reference:

http://www.symantec.com/business/support/index?pag...

To see the exclusions that the client creates on 32-bit computers, you can examine the contents of the HKEY_LOCAL_MACHINE\Software\Symantec\Symantec Endpoint Protection\AV\Exclusions Windows registry. You must not edit this Windows registry directly. On 64-bit computers, look in HKEY_LOCAL_MACHINE\Software\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Exclusions.

The client does not exclude the system temporary folders from scans because doing so can create a significant security vulnerability on a computer.

You can configure any additional exclusions by using centralized exceptions.

See Configuring a Centralized Exceptions Policy.

About the automatic exclusion of files and folders

Hi ManishS,
 

I am using the SEPM Centralized Exceptions to configure.The client machines did in fact have the latest policies which I have added.

Yet the problem still persist intermittently.

Regards,

Yap

Troubleshooting slow boot times in Symantec Endpoint Protection and Symantec AntiVirus

also you can contact symantec support if above artical does not work

How to create a new case in MySymantec (formerly MySupport)

http://www.symantec.com/docs/TECH58873

How to update a support case and upload diagnostic files with MySupport

http://www.symantec.com/docs/TECH71023

OR

Regional Support Telephone Numbers:

United States: https://support.broadcom.com (407-357-7600 from outside the United States)

Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)

United Kingdom: +44 (0) 870 606 6000

Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp