Endpoint Protection

Hi, I got an issue with Symantec Endpoint (version 11.0.5002.333 Client-Server network edition):

I'm trying to installer a Software called OCSNG wich is a well known network inventory software (link to download and anlysis: http://launchpad.net/ocsinventory-windows-agent/2.0/2.0/+download/OCSNG-Windows-Agent-2.0.zip).

I've noticed that the setup installer is failing only on the station where SEP client is installed, that's why i'm sure the matter is coming from SEP protection. Actually i see in the log file of the setup installer, that it's failing here:

SetACL allowing System and Administrators full permissions on <C:\Documents and Settings\All Users\Application Data\OCS Inventory NG\Agent\Download>...Result: -1073741819
SetACL allowing Users / Power Users read only permissions on <C:\Documents and Settings\All Users\Application Data\OCS Inventory NG\Agent\Download>...Result: -1073741819

It is windows ntstatus code (in hex): C0000005 which means STATUS_ACCESS_VIOLATION. I think the culpit is SEP resident driver which is scanning in realtime and opening handle to the used file or folder and then the installer tries to open the same (already opened by SEP) handle into no shared access, thus resulting the ACCESS_VIOLATION code.

I've tried to uninstall SEP on a failing station and after full uninstallation of SEP, setup is working flawlessly.

My request is, can you just analyze the Setup Installer file and then find the issue with SEP and then maybe patch it to solve the embarassing problem (for me, as network administrator).

Thanks for reading,

Regards

Hi,

the troubleshooting asked by you cannot be done via a post in the forum.

Please, open a ticket with Symantec Support Service to provide the steps to reproduce the issue.

Without analysis, it is too early to state that it is SEP to need a patch.

First of all, I would suggest you to install lastest release of SEP 11.0 RU6 MP3 (11.0.6300) on impacted machine and see if the issue is still there. Symantec is continuously improving compatibility with 3rd party products, thus the issue you mentioned may already be fixed.

Please follow migration procedure (http://www.symantec.com/business/support/index?page=content&id=TECH155655 *) or install RU6 MP3 unmanaged client.

* If your SEPM is in version RU5 (11.0.5002.333) as I guess it is, you will have to migrate first to RU6/RU6a (11.0.600x: http://www.symantec.com/business/support/index?page=content&id=TECH131653&locale=en_US) before upgrading to RU6 MP3, in order to follow supported migration path.

I installed the software on a VMWare test box (XP SP3, SEP 11.6300 with PTP and NTP). No problems or errors.

As John Q said, you should upgrade to the current SEP release to exclude incompatibleness with older versions.

Ok, i'll try to update my SEP client version (and maybe SEP server), i dont know why it's not the latest version because we use network managed clients. I'll dig more into this when back to work on monday. By the way, is there a complete changelog of SEP version avalaible?

Thanks.

You can find release notes with all changes here:

http://www.symantec.com/business/support/index?page=content&id=TECH103087&locale=en_US

Is there only 1.4GB DVD file into https://fileconnect.symantec.com , there is no update only file?

that's the official way to download new releases