File Share Encryption

 View Only

  • 1.  Symantec Encryption Desktop PGP Wininit event ID 11

    Posted Nov 17, 2013 06:09 PM
    ''PGP wininit event id 11 Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.''

    When I try to open files from the encypted drive they take 3 to 5 seconds to load and after a while they open normally.

    From what I have seen on the net, event id 11 are often related to anti virus issues or virusus themselves but I doubt that this is the issue here

    here is the XML tag:

    - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    - <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206F6DEA-D3C5-4D10-BC72-989F03C8B84B}" />
    <EventID>11</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2011-09-02T10:26:01.096066000Z" />
    <EventRecordID>17312</EventRecordID>
    <Correlation />
    <Execution ProcessID="1288" ThreadID="1320" />
    <Channel>System</Channel>
    <Computer>harley</Computer>
    <Security UserID="S-1-5-18" />
    </System>
    - <EventData>
    <Data Name="StringCount">1</Data>
    <Data Name="String">PGPmapih.dll</Data>
    </EventData>
    </Event>
     

    This issue is an incompatible dll that comes from PGP 10.2 and up. It has not been fixed with 10.3.1

    Incompatible DLLs

    Some programs (e.g. snapshot utilities) install DLL files which are automatically loaded when a program is started. Incompatible DLLs can prevent, abort or cause problems with the start of a program. To verify whether such DLLs exist, check the key

    HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows NT > CurrentVersion > Windows

    or, for 32Bit PGP on 64Bit Windows,

    HKEY_LOCAL_MACHINE > SOFTWARE > Wow6432Node > Microsoft > Windows NT > CurrentVersion > Windows

    in the registry. If the variable AppInit_DLLs is followed by an entry in this case (PGPmapih.dll), this DLL will be loaded at each program start. This can be prevented by either deleting the value of the variable (only the value, not the variable!), or setting the value of the variable LoadAppInit_DLLs to 0.

     PGP Wininit17-nov--13 18-03-28.png

    10.3.1 does not fix the issue

    Is Symantec working on a fix?

    Thanks.

     



  • 2.  RE: Symantec Encryption Desktop PGP Wininit event ID 11

    Posted Nov 17, 2013 06:49 PM
    I have no idea why this DLL would need to be loaded with each app start. However since this DLL is only related to the MAPI support of the desktop client, in case you do no use this - you could try to install the desktop client without the MAPI module. See the article linked below for more details. But basically you would need to install the desktop client via a command prompt using the following line: msiexec /i pgpdesktop.msi PGP_INSTALL_MAPI=0 MAPI is basically the protocol Microsoft Outlook uses to talk natively to a Microsoft Exchange server. So if you wanted your e-mails via Outlook against an Exchange server to be proxied and encrypted/decrypted on the fly, you would need this module though. Encryption Desktop (formerly PGP Desktop) installation MSI switches to disable components at installation http://www.symantec.com/docs/HOWTO84112


  • 3.  RE: Symantec Encryption Desktop PGP Wininit event ID 11

    Posted Nov 17, 2013 08:57 PM

    HI Japke,

    I don't know why this dll loads either. All I know is it does and I apply this reg tweak as a bandaid.

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
    "IconServiceLib"="IconCodecService.dll"
    "DdeSendTimeout"=dword:00000000
    "DesktopHeapLogging"=dword:00000001
    "GDIProcessHandleQuota"=dword:00002710
    "ShutdownWarningDialogTimeout"=dword:ffffffff
    "USERNestedWindowLimit"=dword:00000032
    "USERPostMessageLimit"=dword:00002710
    "USERProcessHandleQuota"=dword:00002710
    @="mnmsrvc"
    "DeviceNotSelectedTimeout"="15"
    "Spooler"="yes"
    "TransmissionRetryTimeout"="90"
    "AppInit_DLLs"=""
    "LoadAppInit_DLLs"=dword:00000000

     Do you know of a fix?

     

    Thanks wink



  • 4.  RE: Symantec Encryption Desktop PGP Wininit event ID 11

    Posted Nov 18, 2013 05:25 AM

    It is not really a fix, but you can choose not to install the MAPI part - so also the DLLs related to this will not be installed and will not be registered. You can do this by using the MSI and running the following from a command prompt: msiexec /i pgpdesktop.msi PGP_INSTALL_MAPI=0 But if you need MAPI integrations with the encryption desktop, then there is not really much you can do. You can open an offical case with the support team to ask them for a fix. Either via creating a case on MySymantec ( https://my.symantec.com/webapp/faces/technicalSupport?casetype=cc ) or by calling in ( http://www.symantec.com/support/techsupp_contact_phone.jsp )

    --edit According to the following KB article, the dll needs to be listed there in the registry. Otherwise the encryption desktop client will not proxy MAPI traffic correctly. Symantec Encryption Desktop Doesn't Recognize a new PGP Messaging Service http://www.symantec.com/docs/TECH158167