Endpoint Protection

We have upgraded several Windows servers from SEP 11.x to SEP 12.1.3 and have had a handfull of server crash after the upgrade.  I was told by Symantec support after giving them the memory dump that the NIC driver (specifically Broadcom) needs to be upgraded.

Couple of questions...

1)  Why does Symantec care about NIC drivers or have hooks into the NIC?

2)  Why would deploying "basic protection for servers" w/o any other settings cause this?

Is anybody else seeing this as I have another 200 + servers to upgrade. 

So you only installed AV, no NTP? I could see if the fw was installed that it would hook into the stack but not for AV only.

Hi,

Thank you for posting in Symantec community.

Could you please test with SEP 12.1 RU4 beta version? If issue resolved wait till SEP 12.1 RU4 release.

SEP 12.1 RU4 release it may release within next few days only.

Do you have teaming enabled? You should disable those before installing SEP.

http://social.technet.microsoft.com/Forums/windows/en-US/07aa5c1c-de54-453d-a3c7-3ac6d8796276/bsod-during-installation-of-symantec-endpoint-protection-121?forum=w7itproappcompat

I am running basic AV protection for servers and nothing else (no NTP).

I can not run 12.1.4 beta as these are all production servers.  Is there any release notes stating that 12.1.4 has bug fixes for this issue?

We are not running NIC teaming on the servers that have crashed.

Any other thoughts or ideas?  I see previous threads about NIC drivers.... but why would a software AV solution care about hardware drivers on a NIC?

Fix notes have not been released for RU4 yet.

You may want to go back to support with these questions as to why only AV would cause this behaviour.

Depending on the OS it is most likely the SymTDI or SymNETS driver interaction with the NIC. My advice would to be to follow the recommendation given by the support engineer to upgrade your NIC drivers and see if that resolves the issue.

no matter what features you install. SEP FW will verify those stuffs. will get activated when you enable the component.

So, you're saying the fw component is installed even when AV only is selected?

Was the sep version upgraded or a fresh install? I see quite BC with broadcom and it was with earlier version

http://www.symantec.com/business/support/index?page=content&id=TECH132820

it says

• Some customers have been able to resolve the issue by upgrading to Broadcom's BASP version 6.3.24 or later. For more information on Broadcom's BASP software, see http://www.broadcom.com/support/ethernet_nic/netxtreme_server.php
• whats the version of BASP you are on?

I have seen this happen not because of your SEP 12.1 installation, but because of an unsuccessfull uninstallation of SEP 11 where the SEP 11 installation had the NTP feature.

Did you have the NTP feature installed on your old installation? NTP on SEP 11 has outside of Symantec never really been supported. (Meaning we that work with the product knows the teefer driver often kills the NIC on servers)

The only workaround I have seen is to do a modify of the SEP 11 installation to remove NTP before starting the upgrade to 12.1

Torb

If you experience bluescreen you should also be able to see which driver that cause the error in the bluescreen message.

Check out http://support.microsoft.com/kb/256010 on how to make the drivername visible in the bluescreen.

It might be smart to verify which driver that actually breaks the system :)

Hi

Has anyone got the release notes about the fixes in SEP 12.1.4

Regards