Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Win7, 64-bit PC w/ SEPM 12.1 RU1: Firewall driver is not loaded

Created: 26 Jun 2012 | 15 comments

I recently upgraded from SEPM 11.x to SEPM 12.1 RU1.  All of my clients have upgraded with no problem except for the 1 64-bit, Win7 PC that I have (I have 1 64-bit and then 25 32-bit).  SEP is installed but I'm getting two messages:

  *  Symantec Endpoint Protection Firewall driver is not loaded
  *  Symantec Endpoint Protection File System Auto Protect is malfunctioning

I found some threads on the forums from fall 2011 and early 2012 and looked at several of the solutions but none seemed to work for me.  Seems this was a common problem when 12.x was first released.  Wondering if there is a solid solution to this problem or if other suggestions might be available.

FYI..the client version that all my other clients are on is:  12.1.1000.157 RU1.

Thanks for your assistance.
Marsha

Comments 15 CommentsJump to latest comment

_DW's picture

What have you already tried?

I don't want to suggest a bunch of solutions that you have already tried on this single client machine.

For example, have you tried:

Remove the  Network Threat Protection (NTP) component, then reboot the machine and install it again.

  1. Windows Control Panel > Add or Remove Programs > Symantec Endpoint Protection > Change > Modify >  Network Threat Protection > Entire feature will be unavailable.
  2. Reboot
  3. Windows Control Panel > Add or Remove Programs > Symantec Endpoint Protection > Change > Modify >  Network Threat Protection > Entire feature will be installed on local hard drive.
  4. Reboot
MarshaE's picture

DW,

I did try your first suggestion above and that did NOT work.  Same problem.

The other things that I have tried based on things I read in the Forum that have not resolved the issue...

  1) uninstalling 12.x and reinstalling 12.x

  2) uninstalling 12.x, reinstalling 11.x, reinstalling 12.x overtop 11.x

  3) tried to REPAIR the 12.x SEP install

  4) went to the Symantec install folder:
       C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\TeeferXP
       Found two .inf files there and I right clicked-install 'ed them

  5)  Lastly, I attempted to try the following but couldn't "get" admin privilages to then do step #3.  Also, wasn't sure if I was really supposed to delete all ~ 30 drivers that were listed in step 2.  So I just stopped.
 

Remove the Teefer driver

  1. Click Start > Search, type cmd, and press Ctrl+Shift+Enter to start a command prompt with Administrator privileges.
  2. Type pnputil -e to list the Symantec drivers in the driver store.
  3. Type pnputil -f -d oem<n>.inf to remove Symantec drivers from driver store, where <n> is a number corresponding to one of the Symantec drivers listed in the previous step.
  4. Type exit to close the command prompt.
  5. In the Windows registry editor, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}.
  6. Delete any keys that have a value of ComponentId that is set to symc_teefer2mp.
  7. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}.
  8. Delete any sub keys that have a name containing SYMC_TEEFER2MP.
  9. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{cac88424-7515-4c03-82e6-71a87abac361}.
  10. Delete any sub keys that have a name containing SYMC_TEEFER2MP.
  11. Close the Windows Registry Editor.
  12. In the Device Manager (devmgmt.msc), go to Network Adapters, and delete all entries with "teefer" in them.
  13. Delete any network adapters to which teefer was attached.
    This causes the adapters to be reinstalled. This step must be done in order for there to be network connectivity after you restart the computer.
  14. Restart the computer into normal mode.
Mithun Sanghavi's picture

Hello,

This issue is reported as resolved in SEP 12.1 RU1 MP1. Migrate to the Latest version of SEP 12.1 RU1 MP1.

However, you could also try Running a Cleanwipe on the machine and reinstall the SEP 12.1 RU1.

How to get the CleanWipe tool (Endpoint Removal)

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

MarshaE's picture

I have opened a case and hope to have the CleanWipe tool shortly.  Hope this takes care of it!!  THANKS!

MarshaE's picture

I just ran the CleanWipe utility on the PC and did NOT have success!  I still receive the same warning message:  "Firewall is not functioning correctly.  Your protection definitions may be damaged or your product installation may be corrupt."

Someone mentioned earlier that there is an update version (12.1 RU1 MP1 ??) that addresses this problem.  Is this an entirely new upgraded to SEPM and then I have to roll it out to each client?  This is such an ordeal even with my small # of clients was hoping to avoid if possible.

What's the harm in leaving this PC as it is w/ the SEPM Firewall not functioning even though the Windows FIrewall is turned on?

Appreciate any advice/suggestions....
 

Jason1222's picture

Depends on your needs.

Are you managing the Windows Firewall through Group Policy or allowing your individual users to set their own firewall rules?

Do you intend to set up firewall rules through the SEPM or use the defaults?

RU1 MP1 is a patch not a whole upgrade.

You can however, install only the client patch on this one machine and see if that fixes your problem before updating the SEPM server itself.

https://www-secure.symantec.com/connect/forums/symantec-endpoint-protection-121-ru1-mp1-client-only-patch

FYI:

The client only patch is available on fileconnect as described in the article above.

MarshaE's picture

Jason,

Thank you for this link.  I will look at that in the morning.

To answer your other questions...which may help me:
I am managing the Windows Firewall through Group Policy (I still have Windows Firewall turned on via the Security Center).  We use the defaults.

MarshaE's picture

I applied the 12.1 RU1 MP1 patch to the x64 client and it did NOT resolve the problem.

I do still have the open case and Symantec rep to call me Fri to see if CleanWipe tool resolved issue (which it did not).  I may ask him for other suggestions.  Otherwise, think I will just live with it.  This particularly PC is in our church library and is really only used 4-6 hours each week.  I've put way too  much time into trying to resolve.

THANKS!

Jay Long's picture

Hi,

Did you get a resolution to this issue? I have an XP machine with exactly the same symptoms. There is no eveidence in the registry of the Teefer driver. Also the teefer.sys file isn't in the expected location. I've tried all the fixes listed in the forums so far. Currently veering towards a rebuild.

Thanks

MarshaE's picture

Jay,

No, I never did get it resolved.  It was on a PC that gets very minimal use (~ 5 hrs/week), so I just decided to leave it alone.  I just didn't have any more time to spend on the issue and I had tried everything suggested.  Sorry...

Marsha

toby's picture

hey,

I have the same issue on a couple of machines. Just a few things that I noticed from my side.

Installing the complete machine with Win7 SP1 x64 and SEP12 RU1 MP1. Out of 30 machines 4 have this behavior.

Also on machines where the problem exists once for me all the workaround didnt work as well and I had to schedule a full re installation of the client computer.

So for me it seems there is something during the installation process that blocks the driver under certain circumstances to be registerd.

Any idea what this could be? The Windows Firewall shouldnt be part of the circumstances from my perspective as I put a netsh command to stop the firewall before the symantec setup.exe will start.

thanks, toby

------------------------------------------------------------------

Best regards!

toby

CISSP / STS / MCP 

John Santana's picture

Yes I got this error too,

in Windows XP SP3 32 bit workstation, does this can be fixed after the single reboot ?

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

SameerU's picture

Hi

Please upgrade to SEP 12.1 RU1 MP1

Regards

John Santana's picture

Already done mate, this is the error message comes from upgrading the 11.0.4 into 12.1 RU1 MP1

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

Syed saied's picture

HI,

Can you provid the screen shot of error.

Thanks In Advance...

Syed Saied

If the suggestion has helped to solve your problem, please mark the post as a solution