Endpoint Protection

Hi all,

We are running Symantec Endpoint Protection Version 12.1.4112.4156.  starting on February 6, 2016, when new virus definitions were downloaded to our servers, the VM would basically go unresponsive, except for ping.  Even going to the console would not respond.  The event log stops recording events and the last log in the event log says New Virus Definitions download.  We are now up to 5 servers, on 5 different host machines, two different VMware versions, 5.1 and 5.5 hosts that this has occured.  So far the definition files that have caused this is 160206002, 160207024, 160213001 and 160214020.  I'm curios as to if anyone else is running into this issue? Our only option has been to hard power off the VM's.  I checked our update policy and we are not scanning after new definitions are being applied.  The servers are a mixture of ones that have been running for multiple years, all the way to one that was just built a month ago.  Also, we aren't running the full suite of products, just antivirus on these servers. 

Thanks

Can you try running the symhelp tool on it for further error checking:

Troubleshooting computer issues with the Symantec Help support tool

That version is on the old side, are you able to test on one with 12.1.6 MP3?

Yes, support had us run symhelp on all the machines and we upgraded one of the servers to the latests version 12.1.6 MP3.  We are awaiting feedback from them on the logs.  So far, it's only happen once on each server.  It is odd as these servers range from 2-3 years old, all the way to less than a month old and the first occurence was on February 6th.  Other than Symantec and Windows 2012 r2, there is no other similar factors between the 5 servers.  They are all virtual, however the hardware is mixed and VMware versions are a mixture of 5.1 and 5.5.

We have been fighting the same issue for a few months. It is becoming a bigger issue as we continue to build more systems on 2012 R2. It's happened on 20+ servers at this point - both physical and virtual. We are running SEP Endpoint Protestion version 12.1.4104.4130.

Hi all - we have the SAME issue, running v12.1.4100.4126 on Server 2012 R2 O/S's. Symantec - you'll be receiving a call shortly.

Have you all tried the latest version - v12.1.6 MP4 on a few servers with this issue and see if it resolves this freezing issue?

We got the same issue

Windows 2012 R2/ SEP 12.1.4

Can ping but freezes

we upgrade to 12.1.6 and monitor

FYI

https://support.symantec.com/en_US/article.TECH228086.html

We had the same issue back in February and upgrading to 12.1.6 (12.1.RU6 MP3) resolved the issue.  However, yesterday we ran in to the same issue again.  Have a case open with Symantec and have a call set up for tomorrow to webex with Symantec tech.

Hi,

We are experiencing the same issue as above with the same configuration (SEP and Windows).

Can you provide a response as to the outcome of your call with Symantec on this issue?

Cheers,

Jason

Hi Jason - the latest step we just completed was to remove the Symantec client and reinstall with basic options.  In april Symantec recommended we install Advanced Download Protection, Sonar Protection and Intrusion Protection so we did.  The cause of our issue they believe is with the Intrusion Protection.  We found it was always the below download that caused the hang up. (found in Application & Service Logs -> Symantec).  The tech stated because we have an external firewall there is no need for Sonar and Intrusion adn this patch sometimes was causing the conflict with those drivers.  I hope this is the solution for us.

Content downloaded successfully to the client

Product: SEPC Iron Revocation List 12.1 RU6
Version: MicroDefsB.CurDefs
Language: SymAllLanguages
Moniker: {810D5A61-809F-49c2-BD75-177F0647D2BA}
Sequence: 160830002
Publish Date: Tuesday, August 30, 2016
Revision: 002
Source: Symantec Endpoint Protection Manager
Remote File Path: http://symavsvr:8014/content/{810D5A61-809F-49c2-BD75-177F0647D2BA}/160829023/xdelta160829023_To_160830002.dax
Size: 1680 bytes

Just to keep the post updated, the fix of going down to basic protection did not resolve our issue.  It seems to be really bad on one server (unfortunately it is a production).  Anyone else get a resolution besides removing Symantec all together? 

For know we have disabled auto updates on this server until we hear back from Symantect

thx

Ryan

Upgrading the agents to 12.1.6 fixed this for us. 

The symptoms that are listed here are a known problem.

SEP 12.1.4 will cause problems on Windows 2012 R2 servers.

Freezing is just one of the symptoms.

On servers, the prefered option: Install SEP 12.1.7 with the AntiVirus component only, no other components.

The SEP drivers that are used for the other components are a significant source of problems on server Operating Systems (no matter what Symantec states or how much they support it - having an issue with a few dozen mission critical servers, preventing 40K users from doing their job is not what you put on your wish list while an issue is 'under investigation'...).
This will prevent a lot of issues with drive mappings disappearing, system hangups, etc.

It also pays to keep up to date with SEP version releases.

Look at the release notes what has been fixed. You might find that the problems you are experiencing are listed in those release notes.

But these are just my $ .02

Other people might have other ideas.

We are a software\hardware vendor we are currently installing 12.1.6 Ru6 MP6

We have installed it on a server 2008 R2 running VMware Workstation Pro as it's main purpose. The host machine froze repeatedly while the VM's ran fine with Symantec installed. We finally had to uninstall from the host completely as it was a production machine.

We have also installed it on a server 2012 R2 also locked that machine up. Removing sonar seems to have alieviated the problem but just at the beginning stages of testing on that system.