I am currently experiencing the same issue.  The Installer roles back without giving an explanation, and the logs aren't too helpful either.

Windows 7 Ultimate x64 Beta 1 (Build 7000).

Install liveupdate first

Installing Liveupdate first did not help.  I now have Liveupdate installed and running, but I am still not able to install SEP.

I haven't tried with 64bit yet.  I'm loading a VM with it right now, I'll post an update when I'm done. 

Oh wait, you might want to try disabling UAC. 

Already tried disabling UAC.  Next thing I'm going to try is disabling UAC and Defender...

Windows 7 x64 Beta 1 Build 7000

1. Run LUSETUP.EXE from the SEP client folder

2. Click Yes to install LiveUpdate (this might be hidden by another window)

3. <wait while LU installs>

4. Click OK (this too might be hidden by another window)

5. REBOOT THE COMPUTER

6. Logon again

7. Double click setup.exe from the SEP client folder

8. Walk through the install wizard

9. Let it run LiveUpdate (if you chose to, or used Typical)

10. Reboot

Done, works fine on both 32 and 64 bit versions of Windows 7 Beta b7000

My apologies, I was running the MR3 installer by mistake.  MR4 is now up and running on Windows 7 x64 Beta 1!  Thanks for your help.

MR4 installs and runs on Windows 7 Beta 1 X64.  However, it seems to induce a huge number of blue screens.

with it installed, I got consistent BSODs that the BSOD attributed to wpsdrvnt.sys.  With it removed seems to be completely stable.

Hi,

I seem to have the same problems; frequent BSOD's with 32-bit MR4 SEP version. 

x32 Windows 7.7000

any ideas how to improve the situation...

Opanof

3 BSOD in 2 hours,
running SEP11.0.4000MR4 Unmanaged client on Windows 7 (6.1.7000 x86)

any ideas to resolve BSODs?

Can you post any additional information (vm or hardware? error logs?)?  I am running MR4 on Windows 7 x64 on bare hardware and I have not yet experienced a blue screen.  The computer even randomly went into hibernation in the middle of a scan, and the scan resumed without issue the next day...

Not really other than minidump data. At some point the crash reason was symevent.sys driver.

I will try to produce some additional info from the minidump asap...

btw my computer is acer 7520g with Nividia Vista drivers, so it could be them as well

opanof

These are from the minidumps that i could open: 

BSOD 1: Probably caused by : SYMEVENT.SYS ( SYMEVENT+182b0 )

BSOD 2: Probably caused by : SYMEVENT.SYS ( SYMEVENT+18324 )

Do you have Windows Defender disabled?  (It may re-enable itself on reboot.)

It's working fine for me with Defender running, but its worth a try. 

No,

It's (defender) not on...

Anyone other experiencing BSODs with Nvidia chipsets and drivers. Could these be the problem?

Well i guess i have to test this on my other laptops...

opanof

I was having blue screens with symevent on the 32bit version.  I was running mine in a virtual machine so Nvidia drivers weren't a factor.  A lot fo the time, it seemed the blue screen would come after the system went to hybernate, but I never really tested much with it.  I wanted to try the 64bit version of Windows 7 anyways.  I haven't had any blue screens with the 64bit version. 

edit:  Actually now that I think about it, the first blue screen happened when I was actively using the system.  

I've got SEP installed on Win7 32-bit on a Dell Latitude D620.  Install per instructions in forum worked great, and I didn't have any problems until I went to AC power, which automatically enables the onboard NIC (Broadcom NetXtreme 57xx Gigabit Controller).  Almost immediately, I get a BSOD, and it reports the driver at fault is 'teefer2.sys'.  No problems at all when only on wireless, however.

Initial install was on battery power (Broadcom NIC disabled), so I tried reinstalling SEP while on AC power so the driver is installed while the NIC is active, but still having same issue.  Windows Firewall & Defender both were disabled by SEP installer.

'Teefer2 Miniport' driver is dated 7/10/2008, version 11.0.5.141.

Yes I am having the same issue. I have installed the MR1, MR3, MR4 and not managed and I get a memory dump do to the teefer2.sys file. At all time the Latitude D620  was plugged in with NIC enabled. I guess we are waiting for a fix for WM7 or for Symantec. Any ideas?

I only use wireless anyway, so I disabled the NIC in the BIOS for now, until either I have time to piddle with it more or a fix is released.  I reckon checking for the latest Broadcom driver may be a good next step...

I figured out a way to get around the teefer2.sys system dump issue as well as the errors in installing Symantec Managment Review 4 or 3. First install Liveupdate. Then restart the computer. Then install the client using Custom. Don't install the application control and the firewall settings. These cause the system dump. It should install without a problem. Let me know if it didn't work for you.

I left my windows 7 to run over night on wireless (with autologon to my domain account) and it basically rebooted every 1h10minutes =)

This was no difference with MS or newest Atheros vista x86 drivers

Also the driver in question causing the BSODs now is the WPSDRVNT.SYS which is the firewall driver I think.

@jukebox and others with workarounds:

This is good to know  how to overcome this BUT the idea with beta is to test the product(s) and help software companies to get them work as they are supposed to...

This is the reason why I would like to see this working on my computer with x86 version fully enabled =)

br, opanof

the x64 version doesn't have application control, but I did an install without the symantec firewall stuff and I haven't seen a BSOD in over a day of heavy usage.

Thanks, leaving out App Control & Firewall worked!

I too installed MR4 (AV only) on Windows 7 64-bit, and it has been rock solid.  One issue though is that I can't create a scheduled scan.  Clicking on "Create a New Scan" just doesn't do anything at all.  No error, but no scan.  Even tried doing a Run As Administrator just in case (though the account is already an admin).  I have no trouble running a manual scan, but I just can't create a scheduled weekly scan (important from a policy perspective since the client is running as unmanaged, which is already one strike against it).

Anyone else with this issue?

just tried to create a new scan on x64, same problem.

I installed W7 on a Dell Optiplex 755 SFF and everything ran right along. I created a new package in SEP and deployed it yesterday and all was good until I came in this morning and it was off. Upon restarting I got the Windows did not shut down properly bit and today it has locked up several times, but no BSOD!

Anywho, so after reading more I'll try just the AV and redeploy.

For those using the Latitude D620's, we have D630's here at work and Dell adds in the power saving "feature" that disables the NIC on battery. Out of 60 laptops though, half would never re-enable except manually, which lead to creating a "clean" Vista image for each one before deployment with no problems since.

So anywho, I'd wipe the drive and try it w/o any of Dell's addon garbage.

1. Run LUSETUP.EXE from the SEP client folder

2. Click Yes to install LiveUpdate (this might be hidden by another window)

3. <wait while LU installs>

4. Click OK (this too might be hidden by another window)

5. REBOOT THE COMPUTER

6. Logon again

7. Double click setup.exe from the SEP client folder

8. Walk through the install wizard

9. Let it run LiveUpdate (if you chose to, or used Typical)

10. Reboot

Done, works fine on both 32 and 64 bit versions of Windows 7 Beta b7000

 This worked for me to install SEP on Windows 7 on a Dell Latitude D820 and it worked for installing SEP on Windows Server 2008 R2 x64 in a virtual machine. SEP is installed without firewalls. So far no BSOD's yet. Thanks Paul. :-)

Yes i know that installation procedure (obviously) since i have problems running the x32 version of SEP.

So i gave up on this and use x64 versions now...and as said by others no problemos....

Would be nice to have that managed though....

opanof

Hi Opanof,

I was able to get it as a managed client by installing the unmanaged version from the CD and then going into Help and Support > Troubleshooting > and clicking on Import.. under Communication Settings then importing the SysLink.xml file from a managed windows XP install. File located in C:\Program Files\Symantec\Symantec Endpoint Protection\.

Hope that helps

@P222PJP

Thanks...

Works like a charm...

opanof

For those trying to get SEP11 MR4 and Cisco VPN client installed together, here's how I navigated BSOD-land.

Cisco VPN Client 5.0.04.300 was installed and working fine. 

Installed LiveUpdate 3.3, then SEP11 MR4 on Beta 1 (7000) and started getting the following STOP error after 5 minutes of using my Cisco VPN Client:

*** STOP: 0x0000008E (0xC0000005, 0x923F12A5, 0xA9221C40, 0x00000000)

SYMEVENT.SYS - Address 923F12A5 base at 923D9000, Datestamp 478bf054

I then discovered this post, and tried to install MR4 as prescribed. 

After reinstalling/repairing a couple times I then uninstalled, then used Symantec CleanWipe (CMD as Administrator), but I couldn't remove the teefer2.sys driver, and all the NICs in Device Manager had a teefer2 duplicate with yellow exclamation.  Worse, I had no network connectivity and my wireless insisted that it was connected Locally only.  Right-click, Status, Details on the SSID came up with a blank Network Connection Details dialog box (no IP or other information whatsoever).

Finally, I reinstalled LiveUpdate 3.3, rebooted, reinstalled SEP11 MR4 (CMD as Administrator) with Application Control and Threat Protection ENABLED (so I could reinstall the registry settings that installed teefer2, then remove later).  I then reinstalled the Cisco VPN Client (no reboot), then immediately started Windows 7 Setup from the DVD, and chose Upgrade.  After doing an in-place upgrade of Windows 7 Beta1 7000 to 7000 (same build), on reboot I started getting the following BSOD after about 10 to 20 minutes of logon:

MEMORY_MANAGEMENT 

*** STOP: 0x0000001A (0x00041790, 0xC080260C/0xC0802092 [varies], 0x0000FFFF, 0x00000000)

At this point I reran SEP11 MR4 and did a Change, and removed *everything* except the Antivirus.  I also repaired the Cisco VPN Client (5.0.05.0280 beta) and rebooted (I did one thing at a time).  Everything seems to be working fine now...

P.S.  After an upgrade from 6956 to 7000, I installed Cisco VPN Client 5.0.04.300 with no problem and it was working fine.  After trying unsuccessfully to reinstall, I got the ndis.sys error:

DRIVER_IRQL_NOT_LESS_OR_EQUAL

*** STOP: 0x000000D1 (0x000000004, 0x00000002, 0x00000001, 0x8CCB6EA3)

NDIS.SYS - Address 8CCB6EA3 base at 8CC9C000, Datestamp 49431561

The only way I could get around this, was by reinstalling the client, then doing an in-place upgrade.  Deleting the ndis.sys file and rebooting was not working (Windows 7 said a critical system file was missing on reboot and it didn't automatically replace the file...don't know if this BSOD was related to SEP11 MR4 or not). 

if anyone has crashdumps they are willing to share then please let me know via PM

I have had some problems installing on 32bit windows 7 version and have come up with the below

Click the Start button, click All Programs, and then click Accessories.

Right-click Command Prompt, and then click Run as administrator.

In the Administrator: Command Prompt window, type or paste the following text at the prompt:

reg delete HKLM\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions /va /f

Press Enter to delete the above key.

If The operation completed successfully displays, close the Administrator: Command Prompt window to complete this procedure. If "ERROR: Access is denied" displays, repeat this procedure from the top, making sure you clicked Run as administrator in step two.

i had same problem. i followed Paul Murgatroyd. its working fine. thanks Paul.

Note: no need to restart the system after installing Live Update.

Paul Murgatroyd's instructions do work fine, except for random BSODs (usually STOP 0x8E on 32-bit Win7--haven't tried 64-bit yet).

I'm also getting BSOD every now and then.  Have gotten it down to symevent.sys causing it.  Uninstalled SEP now, left Liveupdate and BESR and the problem is gone.  I didn't install the Firewall etc from the beginning.  I've got a dump if Symantec wants it.  Paul I think you asked for it?

pieterbotes wrote:
I'm also getting BSOD every now and then.  Have gotten it down to symevent.sys causing it.  Uninstalled SEP now, left Liveupdate and BESR and the problem is gone.  I didn't install the Firewall etc from the beginning.  I've got a dump if Symantec wants it.  Paul I think you asked for it?

I've gotten SEP 11 MR4 installed, I had to installed Live Update first, then installed the client.  I was able to get it to be a managed client by importing a syslink.xml file.

I'm getting BSOD on Symevent.sys about once an hour.  I'm using Windows 7 Beta 32 bit version.

The BSOD shows PAGE_FAULT_IN_NONPAGED_AREA with STOP at 0x00000050 and references
SYMEVENT.SYS at Address 877972AD.

Anyone have any suggestions on how to fix or what's going on?

I get the exact same symevent.sys BSOD.  I'm running Windows 7 32-bit.

I uninstalled SEP 11 MR4 and downgraded to SAV 10.2.1 and the symevent.sys BSODs go away.

I will try to "upgrade" from this version back to SEP 11 MR4 to see if BSODs come back.

I have followed the instructions that Paul posted but they aren't working for me.  It always gets partially installed then gives me the following message:

Error 1303. The installer has insufficient privileges to access this directory: C:\Windows\winsxs\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-wwcbb27474.  Log on as an administrator or contact your system administrator.

I have tried running it as administrator (even though I installed from admin account) but still didn't work.  I looked for that folder but it doesn't seem to be there (even with hidden and system folders displayed).

The only thing I haven't tried is completely uninstalling the partial install because I'm not sure how to do it.  There isn't anything in the control panel and I don't have any uninstall programs on this computer yet.

Any suggestions?

Karl

Karl,

Is your windows in a domain? if yes then it might be the GPO's. 

Other news from me: Even with partial installation of x32 version it resulted in constant BSOD's every few hours. I switched to Norton 360 Beta and that does not have the same problems...

So prolly it makes sence to wait Mr. Symantec to discuss with Mr. Norton to sort this out for the Corporate products...

br, Opanof

Upgrading from SAV 10.2.1 to SEP 11 MR4 did not make a difference with regards to the BSODs.

After realizing that they seems to occur almost exactly every hour, I started looking into scan frequency settings in the client.

I noticed the the default scan frequency of the TruScan Proactive Threat Scanner was set to 1 hour.  So I tried an experiment and changed the frequency to every 5 minutes.  After 5 minutes, the computer crashed and burned with the same BSOD.

I am disabling the Proactive Threat Protection to see if the BSOD's go away.  My guess is that they will.

Hopefully someone from Symantec is monitoring this forum and will take this into consideration.

Also very interested in if someone from Symantec is monitoring this forum as I don't really want to install anything else than the SEP11.4.  Really need this to get resolved.  Please let us know if disabling the PTP works.

After fresh install of Windows 7 beta, I re-installed SEP 11 MR4 (installing LiveUpdate first with re-boot in between) with only Anti-virus and Anti-spyware option, NO Proactive Threat Protection.  This way I did not have the nagging red color and messages that I need to "FIX" SEP becuase PTP was turned off.

Low and behold, No more BSODs.

Also, note, I never installed the Network Protection component as we are in a protected network environment and don't firewall workstations.  We may review the possibility of installing Network Protection sometime in the future.

Thanks for the feedback.  Will be testing this also.

Same issue here.  I found nothing.  I removed LiveUpdate 3.3 and actually tried the McAfee 8.7 and it installed without any issues.

sorry, same issue as allenkt...Error 1303. The installer has insufficient privileges to access this directory: C:\Windows\winsxs\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-wwcbb27474.  Log on as an administrator or contact your system administrator.

I've been running SEP11.4 now for about 3 days on my Windows 7 32bit and everything looked ok.  Did however had some interesting issues with Explorer crashing every now and then.  Eventually decided to uninstall SEP to check if this is the cause and it turns out to be precisely that.  Not had any Explorer crashes so far.

I only had SEP installed with the Antivirus and Antispam and nothing else.  Also the crashed in Explorer happened when I'm working on the same file from two different places by the looks of it.  Saving a file in Word and then also having an Explorer windows open in that folder where I'm saving caused some interesting "not responding" messages and then eventually I would restart the computer.

Not sure if that makes any sense but I still couldn't figure out how to fix it either.

NJM wrote:
sorry, same issue as allenkt...Error 1303. The installer has insufficient privileges to access this directory: C:\Windows\winsxs\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-wwcbb27474.  Log on as an administrator or contact your system administrator.

Have you tried copying the setup files to the local drive and installing from there?

yes, I have executed the install from the local C: drive on the Win7 computer.  Any other suggestions?

How about doing a "Right-click -> RunAsAdministrator" on the setup.exe file from the local drive?

Also, did you already get LiveUpdate installed?  (Run LUSetup.exe and re-boot.)

If that doesn't work, I would wipe and reload Win7 beta and try again.

yes, i did get LU 3.3 installed successfully, rebooted, and attempted sep11mr4 install.  strange really as that was all i had done on the win7 computer.

I guess you're on a domain, yes?  Group Policy preventing this?

I would try putting the SEP 11 MR4 setup files on a removable media (like thumb drive or cd-rom).

Re-install Windows 7 beta and then before doing anything else, copy files from media to local drive, install LiveUpdate, re-boot and install SEP 11.

I did the installs with "RunAsAdministrator" option for both LU & SEP 11.

win7 is not on ad domain.  i'll give it a try and post my results.

ok, i got sep 11 mr4 installed on a vanilla win7 beta vm.  I did not install vmware tools prior to the install and they may have caused my install issues previously.  i did install LU first, reboot, then install Sep.  i chose the run as administrator option for both exe installations.

Today Installed SEP 11.0.4010.19 x64 on Windows 7 x64 (6.1.7000) unmanaged client, works perfect!

My updates...

I updated Nvidia drivers from MS updates (Yes, i knew the risk) and as a result BSOD in reboot. Had to disable Symantec altogether....investigating whether to get it up running again...

Opanof

Windows 7 7000 x64 on Acer 7520G Laptop

I did a deployment package that did not create a single exe. 

Turn off WIndows Firewall for each PC - I probably could have configured a specific port series - but I shut down the whole thing.

Then I did a deploy and had to add each PC by IP address.

adutchman, you're dead on about the Proactive Threat Protection. My laptop was rebooting pretty much bang on every 6 hours as the PTP kicked in. I even sat to watch it tick over to 6 hours and it rebooted on cue. Disabling PTP worked, no more SYMEVENT bluescreens. Running SEP11 MR4 MP1 by the way.

I've also had explorer hangs/crashes which other people have said disappeared upon removal of SEP11.

As an aside I tried this patch from MS for TDI which had been the cause of many other AV issues. Makes no difference in this case. http://support.microsoft.com/kb/967891.

This is probably a question for Paul Murgatroyd, any idea when this issue will be resolved? Win7 is in beta ok I get that, just interested.

If it helps, here is a crashdump I captured. Looks like a few others I've seen on this issue... although I have no idea what it means ;)

1: kd> !analyze -v
ERROR: FindPlugIns 8007007b
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 8ba8129e, The address that the exception occurred at
Arg3: 8e91bc44, Trap Frame
Arg4: 00000000

Debugging Details:
------------------

Page 4a9c0 not present in the dump file. Type ".hh dbgerr004" for details
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for SYMEVENT.SYS -
PEB is paged out (Peb.Ldr = 7ffdc00c).  Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffdc00c).  Type ".hh dbgerr001" for details

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
SYMEVENT!SYMEvent_IrpHandlerInstall+563e
8ba8129e a7              cmps    dword ptr [esi],dword ptr es:[edi]

TRAP_FRAME:  8e91bc44 -- (.trap 0xffffffff8e91bc44)
ErrCode = 00000000
eax=00000000 ebx=aa381d10 ecx=aa381d10 edx=8ba6ab20 esi=aa381d30 edi=00000000
eip=8ba8129e esp=8e91bcb8 ebp=8e91bd08 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
SYMEVENT!SYMEvent_IrpHandlerInstall+0x563e:
8ba8129e a7              cmps    dword ptr [esi],dword ptr es:[edi] ds:0023:aa381d30=8ba82fd8 es:0023:00000000=????????
Resetting default scope

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0x8E

PROCESS_NAME:  explorer.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 828e8429 to 82905f78

STACK_TEXT: 
8e91b7b4 828e8429 0000008e c0000005 8ba8129e nt!KeBugCheckEx+0x1e
8e91bbd4 82870256 8e91bbf0 00000000 8e91bc44 nt!KiDispatchException+0x1ac
8e91bc3c 8287020a 8e91bd08 8ba8129e badb0d00 nt!CommonDispatchException+0x4a
8e91bc58 828bc88a 91b5f4a6 1f570eeb c0000001 nt!Kei386EoiHelper+0x192
8e91bd18 8286f66a 00000000 00000000 0622f1d4 nt!ExReleaseResourceAndLeavePriorityRegion+0x5
8e91bd18 0000003c 00000000 00000000 0622f1d4 nt!KiFastCallEntry+0x12a
WARNING: Frame IP not in any known module. Following frames may be wrong.
00000023 00000000 00000000 00000000 00000000 0x3c

STACK_COMMAND:  kb

FOLLOWUP_IP:
SYMEVENT!SYMEvent_IrpHandlerInstall+563e
8ba8129e a7              cmps    dword ptr [esi],dword ptr es:[edi]

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  SYMEVENT!SYMEvent_IrpHandlerInstall+563e

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: SYMEVENT

IMAGE_NAME:  SYMEVENT.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  478bf054

FAILURE_BUCKET_ID:  0x8E_SYMEVENT!SYMEvent_IrpHandlerInstall+563e

BUCKET_ID:  0x8E_SYMEVENT!SYMEvent_IrpHandlerInstall+563e

Followup: MachineOwner
---------

1: kd> lmvm SYMEVENT
start    end        module name
8ba69000 8ba8e000   SYMEVENT   (export symbols)       SYMEVENT.SYS
    Loaded symbol image file: SYMEVENT.SYS
    Image path: \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
    Image name: SYMEVENT.SYS
    Timestamp:        Tue Jan 15 09:29:24 2008 (478BF054)
    CheckSum:         000298F5
    ImageSize:        00025000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
 

Even though this is not on a Windows 7 machine, I thought I'd add my BugCheck to the mix. This only happens for us on a reboot or shutdown. In our case, killing the SCardSvr.exe process prior to a reboot allowed a normal reboot...but who is going to manually kill a process before every reboot?

Paul, I would love to hear any suggestions you have to offer.

Thanks,

-Mike

P.S. Installing SP3 also seems to resolve the issue. Hard to do on 4000 machines though. :-(

Symbol search path is: SRV*C:\WINDOWS\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.080814-1233
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700
Debug session time: Wed Mar 11 16:45:21.000 2009 (GMT-6)
System Uptime: 0 days 0:05:24.708
Loading Kernel Symbols
...............................................................
................................................................
................................................................
...............
Loading User Symbols
PEB is paged out (Peb.Ldr = 7ffd800c).  Type ".hh dbgerr001" for details
Loading unloaded module list
..........
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 50, {ffffffd8, 1, 805d0d8e, 0}

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for SYMEVENT.SYS -
PEB is paged out (Peb.Ldr = 7ffd800c).  Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffd800c).  Type ".hh dbgerr001" for details
Probably caused by : SYMEVENT.SYS ( SYMEVENT!SYMEvent_IrpHandlerInstall+1569 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except,
it must be protected by a Probe.  Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: ffffffd8, memory referenced.
Arg2: 00000001, value 0 = read operation, 1 = write operation.
Arg3: 805d0d8e, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 00000000, (reserved)

Debugging Details:
------------------

PEB is paged out (Peb.Ldr = 7ffd800c).  Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffd800c).  Type ".hh dbgerr001" for details

WRITE_ADDRESS:  ffffffd8

FAULTING_IP:
nt!PspExitThread+416
805d0d8e 8945d8          mov     dword ptr [ebp-28h],eax

MM_INTERNAL_CODE:  0

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0x50

PROCESS_NAME:  scardsvr.exe

TRAP_FRAME:  aec15ba0 -- (.trap 0xffffffffaec15ba0)
ErrCode = 00000002
eax=7ffdd000 ebx=00000000 ecx=80629903 edx=00000000 esi=88dbcc10 edi=88dc9c00
eip=805d0d8e esp=aec15c14 ebp=00000000 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
nt!PspExitThread+0x416:
805d0d8e 8945d8          mov     dword ptr [ebp-28h],eax ss:0010:ffffffd8=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from 8051f676 to 804f9e0b

STACK_TEXT: 
aec15b20 8051f676 00000050 ffffffd8 00000001 nt!KeBugCheckEx+0x1b
aec15b88 805437e8 00000001 ffffffd8 00000000 nt!MmAccessFault+0x9a8
aec15b88 805d0d8e 00000001 ffffffd8 00000000 nt!KiTrap0E+0xd0
aec15c90 805d115c 00000000 00000000 88dbcc10 nt!PspExitThread+0x416
aec15cb0 805d149c 88dbcc10 00000000 c0000001 nt!PspTerminateThreadByPointer+0x52
aec15cd0 b13c31c9 00000000 00000000 89901580 nt!NtTerminateThread+0x70
WARNING: Stack unwind information not available. Following frames may be wrong.
aec15d54 8054088c 00000000 00000000 0069ffb4 SYMEVENT!SYMEvent_IrpHandlerInstall+0x1569
aec15d54 7ffdd000 00000000 00000000 0069ffb4 nt!KiFastCallEntry+0xfc
aec15dc4 00000000 7c90eb94 0000001b 00000246 0x7ffdd000


STACK_COMMAND:  kb

FOLLOWUP_IP:
SYMEVENT!SYMEvent_IrpHandlerInstall+1569
b13c31c9 e98e030000      jmp     SYMEVENT!SYMEvent_IrpHandlerInstall+0x18fc (b13c355c)

SYMBOL_STACK_INDEX:  6

SYMBOL_NAME:  SYMEVENT!SYMEvent_IrpHandlerInstall+1569

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: SYMEVENT

IMAGE_NAME:  SYMEVENT.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  478bf054

FAILURE_BUCKET_ID:  0x50_SYMEVENT!SYMEvent_IrpHandlerInstall+1569

BUCKET_ID:  0x50_SYMEVENT!SYMEvent_IrpHandlerInstall+1569

Followup: MachineOwner

Paul,

Thanks for the instructions.  At the university I attend the system is running SEP 10 throughout, as the OS of choice is Windows XP - however, several new machines purchased for use in the system and attached to the AD are coming with Vista, and not all machines go through IT like they should.  Getting SEP to work on them was a bit of a PITA as the custom deployment executable was written for XP, so it seems, but we've fixed that.

The issue now is that a couple of people have upgraded Vista machines to Windows 7, and using your instructions above I was able to get SEP 11 MR4 installed - however, one machine that has been upgraded again to a newer build, 7048 (x86-64), is continuing to show the autoprotect disabled icon in the system tray, even though auto-protect seems to be enabled.  Additionally, right clicking the icon only gives the option to open SEP, nothing about enabling or disabling Auto-protect.

Is this standard behavior for Windows 7 64bit builds?

I'm running Windows 7 beta (build 7000)32 bit  and SEP v11.0.4014.26. My PC is also BSOD'ing frequently. I have now tried to disable Proactive Threat Protection to see if this helps.

My PC is a HP Pavilion DV4-1210eo with a Nvidia Graphics Card.

Does anyone know if there will be an update from Symantec on this issue soon ?

Thanx...
 

Guys, i tried all of solution as stated above without any success. I can install SEP MR4 but the system dump periodically about every 1h15min because of SYMEvent.

Conclusion: don't spend your valuable time for this as Symantec is not ready for thi. Mr. SYM probably think windows 7 will be released on September so the no reason for him to rush, but he didn't know that Windows 7 is doing a good job with these beta build.

I switched to Kaspersky - KIS 2009. He is doing good in Windows 7, i tested KIS for both windows 7 build 7000 and 7068.

I loved SYM for years from Norton Commander for DOS but it seems SYM loosing his effort eventually.

I hear that Windows 7 will be at release candidate stage in two weeks and generally available so I am surprised that the leading company in AV still has these significant problems and that requires its users to use long work arounds to stop the product crashing the O/S. Its strange as other AV providers seem to have their products working.

I tried most of the common suggestions and none of it works for me. Windows 7 ultimate relatively new build.

Can Symantec confirm when they think this may be fixed as we need to start testing this so we have an answer to the amount of work required to deploy windows 7 across our organisation.

I am happy to wait as the symantec product is a solid solution (except for this case) but we need an ETA.

I have been running SAV 11 MR4 for about 3 weeks and have not had any BSOD's. After having one every 1 or so before, it is nice to have it working finally!

I have it running on 3 computers with different specs on each to test. One is on a domain, the other two are in a workgroup.

After unistalling ALL SAV/Live update products, I ran CCleaner to get all the Reg files. I then basically followed the directions listed here:

• Open the SEP folder
• Run LUSETUP.exe
• REBOOT
• Open the SEP folder
• Run Setup.exe
• Choose to install ONLY Antivirus and Email scanner (if needed).
• I choose unmanaged on all, then ran the Sylink.bat file on the domain machine
• It updated and then required a reboot.

Now, no BSOD's on any of the computers, 2 workgroups are running and updating fine on their own, and the domain machine shows up in the management consol and updates from the server.

Hope something in here helps you.....It was a long frustrating time getting it to work, but it does work.

Good luck!

I have followed most of what has been recommended above i.e. uninstalled previous editions run LU setup and rebooted ran setup and rebooted chose not to have firewall and application protection but I am still having issues.

The original problem was BSOD's on my Windows 7 PC with Office 2007 which only ocurred when connecting the network cable. If I was ever successful at connecting the network cable with the AV software installed this would be the first I would be logging onto the domain as I had just added the machine account to the domain

So today after following the recommendations here I ran with AV (without the network cable) without issues (as before)

However powerpoint would freeze (one in 3 times when trying to save) and windows could not recover so powerpoint remained frozen on screen i.e. even end task didn't work and nor did logging off!

The only way out so I could continue with powerpoint was to reboot !!

I uninstalled the Symantec software and my problems went away

This is a very poor experience and I have spent a lot of time on this any help would be appreciated
 

Is this with MR4 or MR4 MP1a?

There are a number of fixes that have helped performance on Windows 7 in MR4 MP1a.

I myself am currently running Windows 7 RC build with SEP 11 MR4 MP2 beta build 56 and its working great - all features installed and working fine.  I am told there are a couple of problems with TruScan on W7 still at this point which will be fixed for MR5, when we will offically support W7.  However, TruScan is working great for me at the moment.

Please bear in mind that Windows 7 is still a pre-release product and there are bound to be problems and issues as vendors tweak and sort out their products.  Just because we havent released anything yet doesn't mean we aren't working hard on making SEP work on W7.

I'm asking if we can get something out in time for the official RC on the 5th.

I'd like to provide you some feedback. 1st I am quite impressed by the good and responsive support Symantec put into these forums, they obviously understand the value to the relationship of doing so.

Now onto my problem.

I mentioned that I  was receiving BSOD's on MR4 Windows 7 (version 7000)
I was attaching my PC to the network to register it as a domain member and was getting BSOD's

So today I removed the AV installation, added the computer to the domain and and connected it to the network. Logged on and completed the registration of my PC on the domain by doing so. I then received our group policies.

Then I installed LU and rebooted and ran into an error I have seen with Symantec AV software in vista
I used my domain account (member of local admins on my PC)

Problem 1
"Invalid drive h:\" I seem to recall seeing this in windows 7 and it was when you performed a run as administrator H: appeared as a drive in my dos window as a "disconnected" drive because I was offline to the network. The fix if I remember correctly was to delete the drive in dos and set it up through Net use H:\ etc etc it then appeared as a "connected drive" am I wrong can someone correct me?

Problem 2
Anyway I figured rather than test my memory as to what the fix might have been a long time ago I decided to log in locally on my PC with the local admin account after unisntalling the AV installs

When I tried the installation of setup.exe again (choosing run as administrator) I then ran into the file privileges issue reported by many here (see below)

Now I may be wrong because it was getting late but I could not find that file on my PC (I enabled show hidden and system files). Infact the filename was so long the window didn't have room to show the .log extension but the file name prior to the extension is exactly the same as repeated earlier in the thread so I just copied it here.

Someone on here mentioned it may be that GPO's are doing this but I set full permissions to the C:\ for the administrator group to avoid any permissions issues and it still reports the same error.

So once again I am stuck, so how about fixing one of these two issues folks?

Error 1303. The installer has insufficient privileges to access this directory: C:\Windows\winsxs\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-wwcbb27474. Log on as an administrator or contact your system administrator

Are you using MR4 or MR4 MP1a?

The following is listed in the versions.txt file
SEP Client Version 11.0.4014.26
SEPM Version 11.0.4014.26

Some more information for you. One of the posters here suggested a GPO mights be causing the issue and they should try installing from a USB stick rather than from local disk.

I tried that with my local admin account and it installed fine (not connected to the corporate network yet)
I worked for about an hour and then my machine blue screened.

I have now once again uninstalled it and have been working fine for 3 hours.

I disabled the collowing as part of the installation -  email, application and firewall

If this is not the latest version of the AV software please point me to the version you recommend.

thats the latest version for now.

Can you try this out for the blue screens?

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009041710455648

Thanks for the link. This recommends disabling more of the features; namely Truscan and Keylogger. Along with Application protection and firewall (as recommended earlier in this thread) it doesn't leave as much protection but what the heck!

So with only Antivirus and Antispyware running I seem to be finally stable (without a network connection).

When I get into the office on Monday and connect up I'll let you know how I get on.

Microsoft has released the Windows 7 Release Candidate. So this muight have addressed the issue.

More details...

http://technet.microsoft.com/en-au/evalcenter/dd353205.aspx?ITPID=carepgm

It will be available at least through June 30, 2009.

 all you should need to do is disable the keylogger detection, everything else should work fine.

I have tried all the steps above to no avail an am stuck now because it uninstalled my SAV 10.2, which now I cannot reinstall (unsupported OS).

Very frustrating.

I have MR4 MP1a working fine here on Win7 Ultimate RC 32bit.  Did you "upgrade" or fresh install?

All:

I appreciate the information in this thread since I am trying to install SEP MR4 MP1a onto 64-bit W7 Build 7100.

I ran the LUSETUP.EXE from the SEPWin64 folder and rebooted.

Then I ran SEPUP.EXE from the SEPWin64/x64 folder.  Following recommendations here I only installed the Antivirus and Antispyware component.  I did not have any option to select Internet Email protection, only Outlook or Notes protection.  I do not use Outlook or Notes for this particular installation since it is not connected to a domain and will POP3 email.

After reboot, SEP is running, but again I have no information that Internet Email via POP3 is being protected.  When I select Options, Auto-Protect I do not have a tab for Internet Email settings.

Does anyone have Internet Email (e.g. POP3) protection running using SEP under Windows 7 32-bit OR 64-bit ?

Is Internet Email auto-protect even part of the SEPWin64 installation ?

Should I have installed from the "SEP" folder instead of the SEPWin64 folder even though I am running on x64 Windows 7 RC ?

Thanks for any thoughts or information!

Hi!
I've got two different clean installs of Win7 RC (Build 7100) - one 64bit which I had no problems installing SEP11 MR4 MP1 on, just standard install - and one 32bit which is really troublesome. What happens here is that the process LuCOMServer_3_3.Exe (now named LUCOM~1.Exe in Taskmgr) hangs with appx 100% CPU during the installation. I've left it for an hour, but nothing happens...

Then I did like suggested here, running LUSetup first, rebooting, and then normal install. I had to do a little 'trick' to make it install properly, rename the LuCOMServer_3_3.exe file while killing the process, and then renaming it back right away. The LU service then installed just fine, and service was OK after reboot. When I ran normal Setup after this, it ran for a minute, and then the same thing happened - the LuCOMServer_3_3 hung on 100% CPU (only this time it showed the correct filename on the process).

The version above is the latest I can find available on our FileConnect site - where can I get a newer one, I really don't like to run without any AV solution for long :-)

Was running through different installation scenarios today on my 64-bit W7 RC 7100 machine as a followup to my post from 2 days ago.

I am installing unmanaged client from the CD, Microsoft Office 2007 is already installed.

SEPWin64/x64 is the only directory on CD1 that allows me to do any sort of installation.  Running in the SEP folder terminates with a dialog recommending that I install Win64 version instead.  Setup Properties -> Details read 11.4014.26 for the MR4 MP1a package I am using.

When I run the installer in the SEPWin64/x64 directory, I do not have a selection for Internet Email or POP3/SMTP or anything similar under the "Antivirus Email Protection" category when running a Custom Setup.

When I try running "setup /v"addlocal=Core,SAVMain,Pop3Smtp,PTPMain" from the CMD line, I get an error dialog that reads "Error 2711.  The specified Feature name ("Pop3Smtp") not found in Feature table."

This sounds like my x64 installation package does not include the Pop3Smtp protection tool, which sounds odd to me.  When I've used this to install Windows XP computers, I can install the Pop3Smtp protection with no problems.

Thoughts please ?

thats because the mail scanning tools are 32bit only at the moment, they are not present in the 64bit client

What files do I need to download for win 7 rc? I only want the client - SEP MR4 MP2 - not the management console etc

Where do I get them?

I have the Win7 RC 64-bit and SEP 11.0.40414.26 installed as an Unmanaged Client.  Then  I got brave and tryed to import the SyLink.xml file to become a managed client.   I got the BSOD, but was able to recover using safe mode and disabled the services Symantec Management Client and Symantec Network Access Control.  Then rebooted to normal.

I went back into the Control Panel and selected the Symantec EP and selected Repair.  That fixed SEP and and I am up and running fine with the exception that I cannot connect to our wireless network.  I keep getting prompted for a password.

Hello,

I am running Win7 RC x64 and have installed SEP 11.0.4202.75_MR4_MP2 in Unmanaged client mode with no problems.  Install was smooth.  I did receive a LiveUpdate message saying that another instance of LU was already running, but after a clean reboot LU ran flawlessly. 

-Steven

Will an update for the trial version of SEP be available for RU5?

windows keeps giving errors about blocking a a driver using MR4 MP2. Didnt have this issue with the RC.