Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

What is Sysfer Exception in Application Control Rules

Updated: 21 May 2010 | 3 comments
mister paul's picture
mister paul
0 0 Votes
Login to vote

I'm seeing a bunch of entries in the Application Control Log, particularly for one machine, with the following information.  Does anyone have any idea what this might mean?

Domain name: Corporate
Site name: -------
API: Sysfer exception
Action: Allow
Test mode: No
Windows domain: -----
User -----
Server name: -----
Group name: My Company\End User Computers\AV - STD, FW - STD
Computer Name  
Current: ----
When event occurred: ----
 
Event type: Application Control Rules
Event time: 08/12/2009 15:57:08
Severity: Critical
Begin time: 08/12/2009 15:57:05
End time: 08/12/2009 15:57:05
Rule name: Sysfer exception
Alert: No
Send SNMP trap: 0
Caller Process ID: 380
Caller Process Name: C:/Program Files/Microsoft Office/Office/EXCEL.EXE
Target:  
User name: ----
Description: Sysfer exception: .\RegParamEngine.cpp 1199 Failed to read value \??\Volume{5b85f490-6ac8-11dc-80ee-005056a85e3d} from key \Registry\Machine\SYSTEM\MountedDevices

dashes are data I've removed to hide corporate info.

discussion Filed Under:
, , ,

Comments

Rafeeq's picture
13
Aug
2009
1 Vote +1
Login to vote
Rafeeq

Follow this link might help

Application and Device Control Policy does not function to block running applications unless TruScan is installed.

http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/364f586cbc36b84388257405006b1269?OpenDocument

Hope this answers your question, Good Day! 

Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq

Ajit Jha's picture
13
Aug
2009
0 Votes 0
Login to vote
Ajit Jha
Accredited

Whats are the components

Whats are the components installed in the clients machine??
PTP should be there

Regards'

Ajit Jha

Technical Consultant

STS

Balazs 2's picture
21
Oct
2009
0 Votes 0
Login to vote
Balazs 2
Accredited
Certified

Hi, what if TruScan is

Hi,

what if TruScan is installed but turned off (this is a Windows Server)?

I have thousands of sysfer exceptions from lots of Caller Procecces. The error always the same:
Sysfer exception: .\RegParamEngine.cpp 1150 Failed to read value DeviceInstance from key
\Registry\Machine\SYSTEM\CurrentControlSet\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\##?#MPIO#Disk&Ven_IBM&Prod_1815______FAStT&Rev_0914#1&7f6ac24&0

Regards, Balazs

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,867