We'ver recently upgraded to SEP 12.1.5337.5000.

Since this upgrade we're sometimes having BSOD.

HP did analyze the diagnostic reports. They say there are no hardware problems.

They indicated that the problem may be caused by software modifications that had been made day before first BSOD:

- 3 Windows updates

- SEP upgrade

 

Windows updates have been uninstalled. But we're still having BSOD.

So we've to focus on SEP.

I prefer not to uninstall SEP and let the server run for several days without protection.

 

Can someone help me where to look for a possible cause?

Any help is appreciated.

 

Best regards

 

Tom

Have you try to install fresh SEP client ?

You will collect the Full Memory Dump files and create a Case symantec Support Team.

QuickStart Guide - Create and Manage Support Cases in SymWISE

http://www.symantec.com/docs/HOWTO31132

How to update a support case and upload diagnostic files with MySupport

http://www.symantec.com/docs/TECH71023

OR

Regional Support Telephone Numbers:

United States: https://support.broadcom.com (407-357-7600 from outside the United States)

Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)

United Kingdom: +44 (0) 870 606 6000

Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp

Memory dumps can reveal more info why BSOD has occurred?

Have you installed NTP feature as well?

what are the features have you installed? 

Currently we've only installed AV not the firewall.

This is one of the minidumps:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP (7f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault).  The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
        use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
        use .trap on that value
Else
        .trap on the appropriate frame will show where the trap was taken
        (on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 0000000000000008, EXCEPTION_DOUBLE_FAULT
Arg2: 0000000080050031
Arg3: 00000000000006f8
Arg4: fffff80001a77646

Debugging Details:
------------------

*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys

BUGCHECK_STR:  0x7f_8

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT_SERVER

PROCESS_NAME:  System

CURRENT_IRQL:  2

ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) amd64fre

LAST_CONTROL_TRANSFER:  from fffff80001a59eee to fffff80001a5a150

STACK_TEXT: 
fffffa60`01bdda68 fffff800`01a59eee : 00000000`0000007f 00000000`00000008 00000000`80050031 00000000`000006f8 : nt!KeBugCheckEx
fffffa60`01bdda70 fffff800`01a58738 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x6e
fffffa60`01bddbb0 fffff800`01a77646 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb8
fffffa60`01bf9fa0 fffff800`01a7c5dd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!SepAccessCheck+0xa6
fffffa60`01bfa0d0 fffff800`01a2d88b : fffffa80`0a558c30 fffffa80`06fd07c8 00000000`00000001 00000000`00000000 : nt!SeAccessCheck+0x2dd
fffffa60`01bfa1c0 fffffa60`00a14c6e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!SeAccessCheckFromState+0xf3
fffffa60`01bfa8c0 fffffa60`00a15447 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : NETIO!MatchValues+0x14e
fffffa60`01bfa940 fffffa60`00a154fb : fffffa80`0911ed70 fffffa80`122c42a0 fffffa60`01bfaaf8 fffffa80`0911ed70 : NETIO!FilterMatch+0x77
fffffa60`01bfa980 fffffa60`00a164e5 : fffffa60`01bfaaf8 00000000`00000000 fffffa60`01bfaef0 fffffa60`01bfb330 : NETIO!IndexListClassify+0x4b
fffffa60`01bfa9e0 fffffa60`0126f177 : 00000000`00000030 fffffa60`01bfae70 00000000`00000000 fffffa80`13765030 : NETIO!KfdClassify+0xa35
fffffa60`01bfad40 fffffa60`0126f79e : fffffa60`01bfb850 00000000`00000001 fffffa60`01320180 fffffa80`0a019b10 : tcpip!WfpAleClassify+0x47
fffffa60`01bfad80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tcpip!WfpAlepAuthorizeSend+0x5ce

STACK_COMMAND:  kb

FOLLOWUP_IP:
NETIO!MatchValues+14e
fffffa60`00a14c6e 84c0            test    al,al

SYMBOL_STACK_INDEX:  6

SYMBOL_NAME:  NETIO!MatchValues+14e

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: NETIO

IMAGE_NAME:  NETIO.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  49e02e06

IMAGE_VERSION:  6.0.6002.18005

FAILURE_BUCKET_ID:  X64_0x7f_8_NETIO!MatchValues+14e

BUCKET_ID:  X64_0x7f_8_NETIO!MatchValues+14e

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:x64_0x7f_8_netio!matchvalues+14e

FAILURE_ID_HASH:  {739ab9ff-56e2-f4b7-528a-d80c10a87ed5}

Followup: MachineOwner
---------

rax=fffffa6001bddb70 rbx=0000000000000000 rcx=000000000000007f
rdx=0000000000000008 rsi=fffffa800a558c30 rdi=fffffa6001bfa940
rip=fffff80001a5a150 rsp=fffffa6001bdda68 rbp=fffffa6001bddc30
 r8=0000000080050031  r9=00000000000006f8 r10=fffff80001a77646
r11=fffffa6001bfa230 r12=0000000000000000 r13=fffffa6001bfa230
r14=0000000000000000 r15=0000000000000001
iopl=0         nv up ei ng nz na pe nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00000282
nt!KeBugCheckEx:
fffff800`01a5a150 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:fffffa60`01bdda70=000000000000007f
Child-SP          RetAddr           : Args to Child                                                           : Call Site
fffffa60`01bdda68 fffff800`01a59eee : 00000000`0000007f 00000000`00000008 00000000`80050031 00000000`000006f8 : nt!KeBugCheckEx
fffffa60`01bdda70 fffff800`01a58738 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x6e
fffffa60`01bddbb0 fffff800`01a77646 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDoubleFaultAbort+0xb8 (TrapFrame @ fffffa60`01bddbb0)
fffffa60`01bf9fa0 fffff800`01a7c5dd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!SepAccessCheck+0xa6
fffffa60`01bfa0d0 fffff800`01a2d88b : fffffa80`0a558c30 fffffa80`06fd07c8 00000000`00000001 00000000`00000000 : nt!SeAccessCheck+0x2dd
fffffa60`01bfa1c0 fffffa60`00a14c6e : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!SeAccessCheckFromState+0xf3
fffffa60`01bfa8c0 fffffa60`00a15447 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : NETIO!MatchValues+0x14e
fffffa60`01bfa940 fffffa60`00a154fb : fffffa80`0911ed70 fffffa80`122c42a0 fffffa60`01bfaaf8 fffffa80`0911ed70 : NETIO!FilterMatch+0x77
fffffa60`01bfa980 fffffa60`00a164e5 : fffffa60`01bfaaf8 00000000`00000000 fffffa60`01bfaef0 fffffa60`01bfb330 : NETIO!IndexListClassify+0x4b
fffffa60`01bfa9e0 fffffa60`0126f177 : 00000000`00000030 fffffa60`01bfae70 00000000`00000000 fffffa80`13765030 : NETIO!KfdClassify+0xa35
fffffa60`01bfad40 fffffa60`0126f79e : fffffa60`01bfb850 00000000`00000001 fffffa60`01320180 fffffa80`0a019b10 : tcpip!WfpAleClassify+0x47
fffffa60`01bfad80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tcpip!WfpAlepAuthorizeSend+0x5ce
start             end                 module name
fffff800`01a03000 fffff800`01f19000   nt       ntkrnlmp.exe Mon Jul 08 03:46:10 2013 (51DA19E2)
fffff800`01f19000 fffff800`01f5f000   hal      hal.dll      Sat Apr 11 09:04:56 2009 (49E04118)
fffff960`00060000 fffff960`0031b000   win32k   win32k.sys   unavailable (00000000)
fffff960`00470000 fffff960`0048e000   dxg      dxg.sys      unavailable (00000000)
fffff960`006c0000 fffff960`006ca000   TSDDD    TSDDD.dll    unavailable (00000000)
fffff960`00860000 fffff960`008ca000   ati2dvag ati2dvag.dll unavailable (00000000)
fffff960`00a10000 fffff960`00a72000   ati2cqag ati2cqag.dll unavailable (00000000)
fffff960`00cc0000 fffff960`00d07000   atikvmag atikvmag.dll unavailable (00000000)
fffffa60`00607000 fffffa60`00611000   kdcom    kdcom.dll    Thu Feb 24 17:04:07 2011 (4D668177)
fffffa60`00611000 fffffa60`0064c000   mcupdate_GenuineIntel mcupdate_GenuineIntel.dll Sat Apr 11 09:05:41 2009 (49E04145)
fffffa60`0064c000 fffffa60`00660000   PSHED    PSHED.dll    Sat Apr 11 09:08:17 2009 (49E041E1)
fffffa60`00660000 fffffa60`006bd000   CLFS     CLFS.SYS     Sat Apr 11 06:54:21 2009 (49E0227D)
fffffa60`006bd000 fffffa60`0076f000   CI       CI.dll       Sat Apr 11 09:08:09 2009 (49E041D9)
fffffa60`0078b000 fffffa60`007db000   msrpc    msrpc.sys    Sat Apr 11 07:32:13 2009 (49E02B5D)
fffffa60`00805000 fffffa60`009c8000   NDIS     NDIS.SYS     Sat Apr 11 07:43:15 2009 (49E02DF3)
fffffa60`009c8000 fffffa60`009dc000   volmgr   volmgr.sys   Sat Apr 11 07:34:49 2009 (49E02BF9)
fffffa60`009dc000 fffffa60`009f4000   rassstp  rassstp.sys  Sat Apr 11 07:43:46 2009 (49E02E12)
fffffa60`00a0f000 fffffa60`00a68000   NETIO    NETIO.SYS    Sat Apr 11 07:43:34 2009 (49E02E06)
fffffa60`00a68000 fffffa60`00b2a000   Wdf01000 Wdf01000.sys Sat Jun 22 05:13:05 2013 (51C51641)
fffffa60`00b2a000 fffffa60`00b3a000   WDFLDR   WDFLDR.SYS   Thu Jul 26 04:29:04 2012 (5010AB70)
fffffa60`00b3a000 fffffa60`00b90000   acpi     acpi.sys     Sat Apr 11 07:03:26 2009 (49E0249E)
fffffa60`00b90000 fffffa60`00b99000   WMILIB   WMILIB.SYS   Sat Jan 19 07:33:45 2008 (479199C9)
fffffa60`00b99000 fffffa60`00ba3000   msisadrv msisadrv.sys Sat Jan 19 07:02:50 2008 (4791928A)
fffffa60`00ba3000 fffffa60`00bd3000   pci      pci.sys      Sat Apr 11 07:03:33 2009 (49E024A5)
fffffa60`00bd3000 fffffa60`00be8000   partmgr  partmgr.sys  Tue Mar 20 18:49:17 2012 (4F68C31D)
fffffa60`00be8000 fffffa60`00beb400   compbatt compbatt.sys Sat Jan 19 07:02:42 2008 (47919282)
fffffa60`00bec000 fffffa60`00bf8000   BATTC    BATTC.SYS    Sat Jan 19 07:02:38 2008 (4791927E)
fffffa60`00c01000 fffffa60`00c67000   volmgrx  volmgrx.sys  Sat Apr 11 07:35:14 2009 (49E02C12)
fffffa60`00c67000 fffffa60`00c6e000   pciide   pciide.sys   Sat Apr 11 07:34:28 2009 (49E02BE4)
fffffa60`00c6e000 fffffa60`00c7e000   PCIIDEX  PCIIDEX.SYS  Sat Apr 11 07:34:22 2009 (49E02BDE)
fffffa60`00c7e000 fffffa60`00d06000   bxvbda   bxvbda.sys   Fri Oct 14 23:35:19 2011 (4E98AB17)
fffffa60`00d06000 fffffa60`00d19000   mountmgr mountmgr.sys Sat Jan 19 07:28:01 2008 (47919871)
fffffa60`00d19000 fffffa60`00d21000   atapi    atapi.sys    Sat Apr 11 07:34:19 2009 (49E02BDB)
fffffa60`00d21000 fffffa60`00d45000   ataport  ataport.SYS  Sat Apr 11 07:34:25 2009 (49E02BE1)
fffffa60`00d45000 fffffa60`00d63000   lsi_scsi lsi_scsi.sys Sat Jun 30 02:56:26 2007 (4685AA3A)
fffffa60`00d63000 fffffa60`00dc0000   storport storport.sys Sat Apr 11 07:34:45 2009 (49E02BF5)
fffffa60`00dc0000 fffffa60`00dce000   hpcisss  hpcisss.sys  Fri Mar 09 21:17:45 2007 (45F1C0E9)
fffffa60`00dce000 fffffa60`00dfa000   HpCISSs2 HpCISSs2.sys Mon Oct 15 20:12:27 2012 (507C520B)
fffffa60`00e01000 fffffa60`00e48000   fltmgr   fltmgr.sys   Sat Apr 11 06:54:38 2009 (49E0228E)
fffffa60`00e48000 fffffa60`00fd8000   symefasi symefasi.sys Fri May 23 23:34:30 2014 (537FBEE6)
fffffa60`00fd8000 fffffa60`00ff6000   raspptp  raspptp.sys  Sat Apr 11 07:43:38 2009 (49E02E0A)
fffffa60`01007000 fffffa60`0108e000   ksecdd   ksecdd.sys   Sat Jun 02 00:20:55 2012 (4FC94047)
fffffa60`0108e000 fffffa60`010b7000   mrxsmb   mrxsmb.sys   Fri Apr 29 15:39:33 2011 (4DBABF95)
fffffa60`010df000 fffffa60`010e8000   tunmp    tunmp.sys    Sat Jan 19 07:36:30 2008 (47919A6E)
fffffa60`010e8000 fffffa60`010fb000   intelppm intelppm.sys Sat Jan 19 06:52:45 2008 (4791902D)
fffffa60`010fb000 fffffa60`0114d000   e1e6032e e1e6032e.sys Wed Mar 07 11:05:44 2012 (4F5732F8)
fffffa60`0114d000 fffffa60`0115c000   tpfilter tpfilter.sys Fri Feb 20 17:24:55 2009 (499ED957)
fffffa60`0115c000 fffffa60`0116d000   halfinch halfinch.sys Wed Jan 23 19:55:03 2008 (47978D87)
fffffa60`0116d000 fffffa60`01188000   bxnd60a  bxnd60a.sys  Thu Sep 29 22:46:21 2011 (4E84D91D)
fffffa60`01188000 fffffa60`01194000   usbuhci  usbuhci.sys  Thu May 05 16:17:47 2011 (4DC2B18B)
fffffa60`01194000 fffffa60`011da000   USBPORT  USBPORT.SYS  Sat Jun 29 04:25:21 2013 (51CE4591)
fffffa60`011da000 fffffa60`011eb000   usbehci  usbehci.sys  Thu May 05 16:17:49 2011 (4DC2B18D)
fffffa60`01203000 fffffa60`01377000   tcpip    tcpip.sys    Sat Apr 05 07:38:23 2014 (533F96CF)
fffffa60`01377000 fffffa60`013a3000   fwpkclnt fwpkclnt.sys Sat Apr 11 07:42:44 2009 (49E02DD4)
fffffa60`013a3000 fffffa60`013ca000   hpqilo2  hpqilo2.sys  Fri Feb 18 00:16:32 2011 (4D5DAC50)
fffffa60`013ca000 fffffa60`013f6000   CLASSPNP CLASSPNP.SYS Sat Apr 11 07:34:15 2009 (49E02BD7)
fffffa60`013f6000 fffffa60`01400000   crcdisk  crcdisk.sys  Sat Jan 19 07:30:12 2008 (479198F4)
fffffa60`01406000 fffffa60`01586000   Ntfs     Ntfs.sys     Sat Mar 02 22:17:59 2013 (51326C87)
fffffa60`01586000 fffffa60`015ca000   volsnap  volsnap.sys  Thu Aug 16 16:17:23 2012 (502D00F3)
fffffa60`015ca000 fffffa60`015d2000   spldr    spldr.sys    Mon Jan 12 22:51:29 2009 (496BBB61)
fffffa60`015d2000 fffffa60`015e4000   mup      mup.sys      Sat Apr 11 06:54:47 2009 (49E02297)
fffffa60`015e4000 fffffa60`015f8000   disk     disk.sys     Sat Apr 11 07:34:38 2009 (49E02BEE)
fffffa60`0480d000 fffffa60`04a33000   ati2mtag ati2mtag.sys Thu Jun 25 05:33:44 2009 (4A42F018)
fffffa60`04a33000 fffffa60`04a58000   VIDEOPRT VIDEOPRT.SYS Sat Jan 19 07:32:25 2008 (47919979)
fffffa60`04a58000 fffffa60`04a68000   watchdog watchdog.sys Sat Apr 11 07:09:16 2009 (49E025FC)
fffffa60`04a68000 fffffa60`04a78000   cpqcidrv cpqcidrv.sys Tue Sep 13 19:17:38 2011 (4E6F9032)
fffffa60`04a78000 fffffa60`04a90000   IPMIDrv  IPMIDrv.sys  Sat Apr 11 07:15:16 2009 (49E02764)
fffffa60`04a90000 fffffa60`04aa6000   i8042prt i8042prt.sys Sat Jan 19 07:28:08 2008 (47919878)
fffffa60`04aa6000 fffffa60`04ab4000   kbdclass kbdclass.sys Sat Jan 19 07:28:05 2008 (47919875)
fffffa60`04ab4000 fffffa60`04ac0000   mouclass mouclass.sys Sat Jan 19 07:28:05 2008 (47919875)
fffffa60`04ac0000 fffffa60`04add000   serial   serial.sys   Sat Jan 19 07:28:41 2008 (47919899)
fffffa60`04add000 fffffa60`04ae9000   serenum  serenum.sys  Sat Jan 19 07:28:36 2008 (47919894)
fffffa60`04ae9000 fffffa60`04af6000   fdc      fdc.sys      Sat Jan 19 07:28:45 2008 (4791989D)
fffffa60`04af6000 fffffa60`04b12000   cdrom    cdrom.sys    Sat Apr 11 07:34:39 2009 (49E02BEF)
fffffa60`04b12000 fffffa60`04b37e80   iansw60e iansw60e.sys Wed Feb 29 11:47:06 2012 (4F4E022A)
fffffa60`04b38000 fffffa60`04b71000   msiscsi  msiscsi.sys  Sat Apr 11 07:36:09 2009 (49E02C49)
fffffa60`04b71000 fffffa60`04b7e000   TDI      TDI.SYS      Sat Apr 11 07:44:14 2009 (49E02E2E)
fffffa60`04b7e000 fffffa60`04ba1000   rasl2tp  rasl2tp.sys  Sat Apr 11 07:43:37 2009 (49E02E09)
fffffa60`04ba1000 fffffa60`04bad000   ndistapi ndistapi.sys Sat Jan 19 07:37:22 2008 (47919AA2)
fffffa60`04bad000 fffffa60`04bde000   ndiswan  ndiswan.sys  Sat Apr 11 07:43:39 2009 (49E02E0B)
fffffa60`04bde000 fffffa60`04bee000   raspppoe raspppoe.sys Sat Apr 11 07:43:33 2009 (49E02E05)
fffffa60`04c0d000 fffffa60`04ca7000   rdpdr    rdpdr.sys    Sat Apr 11 07:49:54 2009 (49E02F82)
fffffa60`04ca7000 fffffa60`04cba000   termdd   termdd.sys   Sat Apr 11 07:48:13 2009 (49E02F1D)
fffffa60`04ce0000 fffffa60`04ce1480   swenum   swenum.sys   Thu Nov 02 10:37:33 2006 (4549BC5D)
fffffa60`04ce2000 fffffa60`04d16000   ks       ks.sys       Sat Apr 11 07:33:51 2009 (49E02BBF)
fffffa60`04d16000 fffffa60`04d21000   mssmbios mssmbios.sys Sat Jan 19 07:02:54 2008 (4791928E)
fffffa60`04d21000 fffffa60`04d31000   umbus    umbus.sys    Sat Jan 19 07:34:16 2008 (479199E8)
fffffa60`04d31000 fffffa60`04d79000   usbhub   usbhub.sys   Sat Jun 29 04:25:32 2013 (51CE459C)
fffffa60`04d79000 fffffa60`04d8d000   NDProxy  NDProxy.SYS  Sat Jan 19 07:37:26 2008 (47919AA6)
fffffa60`04d8d000 fffffa60`04d96000   hidusb   hidusb.sys   Sat Apr 11 07:39:32 2009 (49E02D14)
fffffa60`04d96000 fffffa60`04da8000   HIDCLASS HIDCLASS.SYS Sat Apr 11 07:39:32 2009 (49E02D14)
fffffa60`04da8000 fffffa60`04dafb80   HIDPARSE HIDPARSE.SYS Wed Jul 03 04:22:30 2013 (51D38AE6)
fffffa60`04db0000 fffffa60`04db1d80   USBD     USBD.SYS     Sat Jun 29 04:25:14 2013 (51CE458A)
fffffa60`04db2000 fffffa60`04dcc000   mpsdrv   mpsdrv.sys   Sat Jan 19 07:35:28 2008 (47919A30)
fffffa60`04dce000 fffffa60`04dd9000   HidBatt  HidBatt.sys  Sat Jan 19 07:02:45 2008 (47919285)
fffffa60`0780c000 fffffa60`07838000   ccSetx64 ccSetx64.sys Tue Sep 24 05:58:04 2013 (52410DCC)
fffffa60`07838000 fffffa60`07848000   dfs      dfs.sys      Sat Jan 19 06:54:14 2008 (47919086)
fffffa60`07848000 fffffa60`07852000   Fs_Rec   Fs_Rec.SYS   Wed Feb 29 14:52:46 2012 (4F4E2DAE)
fffffa60`07852000 fffffa60`0785b000   Null     Null.SYS     Thu Nov 02 10:37:15 2006 (4549BC4B)
fffffa60`0785b000 fffffa60`07869000   vga      vga.sys      Sat Jan 19 07:32:21 2008 (47919975)
fffffa60`07869000 fffffa60`07872000   RDPCDD   RDPCDD.sys   Sat Jan 19 07:42:04 2008 (47919BBC)
fffffa60`07872000 fffffa60`0787b000   rdpencdd rdpencdd.sys Sat Jan 19 07:42:03 2008 (47919BBB)
fffffa60`0787b000 fffffa60`07886000   Msfs     Msfs.SYS     Sat Jan 19 06:53:55 2008 (47919073)
fffffa60`07886000 fffffa60`07897000   Npfs     Npfs.SYS     Sat Apr 11 06:54:22 2009 (49E0227E)
fffffa60`07897000 fffffa60`078a0000   rasacd   rasacd.sys   Sat Jan 19 07:37:30 2008 (47919AAA)
fffffa60`078a0000 fffffa60`078bd000   tdx      tdx.sys      Sat Apr 11 07:43:00 2009 (49E02DE4)
fffffa60`078bd000 fffffa60`078d8000   smb      smb.sys      Sat Apr 11 07:42:19 2009 (49E02DBB)
fffffa60`078d8000 fffffa60`07943000   afd      afd.sys      Fri May 30 09:10:48 2014 (53882EF8)
fffffa60`07943000 fffffa60`07987000   netbt    netbt.sys    Sat Apr 11 07:42:31 2009 (49E02DC7)
fffffa60`07987000 fffffa60`079a5000   pacer    pacer.sys    Sat Apr 11 07:42:56 2009 (49E02DE0)
fffffa60`079a5000 fffffa60`079b4000   netbios  netbios.sys  Sat Jan 19 07:36:35 2008 (47919A73)
fffffa60`079b4000 fffffa60`079cf000   wanarp   wanarp.sys   Sat Apr 11 07:43:38 2009 (49E02E0A)
fffffa60`079cf000 fffffa60`079da000   scsichng scsichng.sys Fri Aug 24 05:01:40 2007 (46CE4A14)
fffffa60`079da000 fffffa60`079f8000   bowser   bowser.sys   Fri Feb 18 15:16:16 2011 (4D5E7F30)
fffffa60`07a09000 fffffa60`07a56000   rdbss    rdbss.sys    Sat Apr 11 06:55:21 2009 (49E022B9)
fffffa60`07a56000 fffffa60`07a62000   nsiproxy nsiproxy.sys Sat Jan 19 07:36:45 2008 (47919A7D)
fffffa60`07a62000 fffffa60`07a7f000   dfsc     dfsc.sys     Thu Apr 14 17:14:19 2011 (4DA70F4B)
fffffa60`07a7f000 fffffa60`07ac2000   Ironx64  Ironx64.SYS  Wed May 21 00:27:42 2014 (537BD6DE)
fffffa60`07ac2000 fffffa60`07ad7000   SRTSPX64 SRTSPX64.SYS Fri Jun 13 19:27:22 2014 (539B347A)
fffffa60`07b5c000 fffffa60`07bdf000   SYMTDIV  SYMTDIV.SYS  Thu Feb 13 12:22:01 2014 (52FCAAD9)
fffffa60`07bdf000 fffffa60`07bf7000   rspndr   rspndr.sys   Sat Jan 19 07:35:48 2008 (47919A44)
fffffa60`07d81000 fffffa60`07db9000   SYMEVENT64x86 SYMEVENT64x86.SYS Sat Jul 27 04:26:58 2013 (51F32FF2)
fffffa60`07db9000 fffffa60`07de6000   SysPlant SysPlant.sys Sat Sep 13 06:42:54 2014 (5413CB4E)
fffffa60`07de6000 fffffa60`07dfa000   lltdio   lltdio.sys   Sat Jan 19 07:35:48 2008 (47919A44)
fffffa60`0800a000 fffffa60`08084000   eeCtrl64 eeCtrl64.sys Tue Nov 25 21:15:44 2014 (5474E370)
fffffa60`08084000 fffffa60`080aa000   EraserUtilRebootDrv EraserUtilRebootDrv.sys Tue Nov 25 21:15:44 2014 (5474E370)
fffffa60`080aa000 fffffa60`080b8000   crashdmp crashdmp.sys Sat Apr 11 07:34:31 2009 (49E02BE7)
fffffa60`080b8000 fffffa60`080c2000   dump_diskdump dump_diskdump.sys Sat Apr 11 07:34:30 2009 (49E02BE6)
fffffa60`080c2000 fffffa60`080ee000   dump_HpCISSs2 dump_HpCISSs2.sys Mon Oct 15 20:12:27 2012 (507C520B)
fffffa60`080ee000 fffffa60`080fa000   Dxapi    Dxapi.sys    Sat Jan 19 07:08:00 2008 (479193C0)
fffffa60`080fa000 fffffa60`0810d000   monitor  monitor.sys  Sat Jan 19 07:32:34 2008 (47919982)
fffffa60`0810d000 fffffa60`08129000   usbccgp  usbccgp.sys  Sat Jun 29 04:25:27 2013 (51CE4597)
fffffa60`08129000 fffffa60`08134000   kbdhid   kbdhid.sys   Sat Apr 11 07:33:40 2009 (49E02BB4)
fffffa60`08134000 fffffa60`0813f000   mouhid   mouhid.sys   Sat Jan 19 07:28:10 2008 (4791987A)
fffffa60`0813f000 fffffa60`08161000   luafv    luafv.sys    Sat Jan 19 06:59:06 2008 (479191AA)
fffffa60`08161000 fffffa60`081fb000   spsys    spsys.sys    Tue Mar 10 18:16:43 2009 (49B6A07B)
fffffa60`0920a000 fffffa60`09253000   mrxsmb10 mrxsmb10.sys Wed Jul 06 17:49:23 2011 (4E148403)
fffffa60`09253000 fffffa60`09272000   mrxsmb20 mrxsmb20.sys Fri Apr 29 15:39:31 2011 (4DBABF93)
fffffa60`09272000 fffffa60`0927d000   asyncmac asyncmac.sys Sat Jan 19 07:37:27 2008 (47919AA7)
fffffa60`0927d000 fffffa60`092a6000   srvnet   srvnet.sys   Fri Apr 29 15:40:55 2011 (4DBABFE7)
fffffa60`092a6000 fffffa60`092d8000   srv2     srv2.sys     Fri Apr 29 15:41:01 2011 (4DBABFED)
fffffa60`092d8000 fffffa60`0936b000   srv      srv.sys      Fri Feb 18 15:18:12 2011 (4D5E7FA4)
fffffa60`0936b000 fffffa60`093a7000   RDPWD    RDPWD.SYS    Tue May 01 16:29:44 2012 (4F9FF358)
fffffa60`0980d000 fffffa60`098b0000   HTTP     HTTP.sys     Sat Feb 20 22:30:05 2010 (4B80545D)
fffffa60`098b0000 fffffa60`098c0000   VirtFile VirtFile.sys Thu Mar 05 19:30:40 2009 (49B01A50)
fffffa60`098c0000 fffffa60`09976000   peauth   peauth.sys   Mon Oct 23 13:57:00 2006 (453CAE0C)
fffffa60`09976000 fffffa60`09981000   secdrv   secdrv.SYS   Wed Sep 13 15:18:38 2006 (4508052E)
fffffa60`09981000 fffffa60`09991000   tcpipreg tcpipreg.sys Tue Dec 08 18:55:32 2009 (4B1E9314)
fffffa60`09991000 fffffa60`099ad000   cdfs     cdfs.sys     Sat Jan 19 06:53:45 2008 (47919069)
fffffa60`099ad000 fffffa60`099ba000   tdtcp    tdtcp.sys    Sat Jan 19 07:42:03 2008 (47919BBB)
fffffa60`099ba000 fffffa60`099c8000   tssecsrv tssecsrv.sys Sat Jun 15 13:38:39 2013 (51BC523F)
fffffa60`099c8000 fffffa60`099d5000   tunnel   tunnel.sys   Thu Feb 18 12:59:46 2010 (4B7D2BB2)
fffffa60`0ce0e000 fffffa60`0ceea000   SRTSP64  SRTSP64.SYS  Sat Aug 09 00:15:09 2014 (53E54BED)
fffffa60`0d000000 fffffa60`0d20e000   EX64     EX64.SYS     Sat Nov 15 10:14:03 2014 (5467195B)
fffffa60`0d20e000 fffffa60`0d2ad000   IDSvia64 IDSvia64.sys Sat Nov 01 04:14:03 2014 (54544FFB)
fffffa60`0d60b000 fffffa60`0d792000   BHDrvx64 BHDrvx64.sys Wed Sep 10 23:51:01 2014 (5410C7C5)
fffffa60`0d7d8000 fffffa60`0d7fb000   ENG64    ENG64.SYS    Sat Nov 15 10:15:33 2014 (546719B5)

Unloaded modules:
fffffa60`0d7b5000 fffffa60`0d7d8000   ENG64.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00023000
fffffa60`0d000000 fffffa60`0d20e000   EX64.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0020E000
fffffa60`0d792000 fffffa60`0d7b5000   ENG64.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00023000
fffffa60`0d000000 fffffa60`0d20e000   EX64.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0020E000
fffffa60`0d7d8000 fffffa60`0d7fb000   ENG64.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00023000
fffffa60`0d000000 fffffa60`0d20e000   EX64.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0020E000
fffffa60`0d7b5000 fffffa60`0d7d8000   ENG64.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00023000
fffffa60`0d000000 fffffa60`0d20e000   EX64.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0020E000
fffffa60`0d792000 fffffa60`0d7b5000   ENG64.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00023000
fffffa60`0d000000 fffffa60`0d20e000   EX64.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0020E000
fffffa60`0d235000 fffffa60`0d2d4000   IDSvia64.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0009F000
fffffa60`0d212000 fffffa60`0d235000   ENG64.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00023000
fffffa60`0d004000 fffffa60`0d212000   EX64.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0020E000
fffffa60`07c07000 fffffa60`07d81000   BHDrvx64.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0017A000
fffffa60`07ad7000 fffffa60`07b5c000   IDSVia64.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00085000
fffffa60`0d217000 fffffa60`0d23a000   ENG64.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00023000
fffffa60`0d009000 fffffa60`0d217000   EX64.SYS
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0020E000
fffffa60`07ad7000 fffffa60`07b5c000   IDSVia64.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00085000
fffffa60`010d2000 fffffa60`010df000   tunnel.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000D000
fffffa60`04cba000 fffffa60`04ce0000   teefer2.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00026000
fffffa60`04db2000 fffffa60`04dce000   usbccgp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0001C000
fffffa60`04dd9000 fffffa60`04de4000   kbdhid.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000B000
fffffa60`04de4000 fffffa60`04def000   mouhid.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000B000
fffffa60`0108e000 fffffa60`0109c000   crashdmp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000E000
fffffa60`0109c000 fffffa60`010a6000   dump_storpor
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000A000
fffffa60`010a6000 fffffa60`010d2000   dump_HpCISSs
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0002C000
fffffa60`0076f000 fffffa60`0078b000   sacdrv.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0001C000

You canl collect the Full Memory Dump and submit for symantec support.

@James007;

you're first link doesn't work.

I try to open a case...

But maybe some one can help over here with the dump I've provided.

Best regards

 

Tom

 

@James007:

The steps in the second link don't work :(

I can add a case, but when I want to manage it to a file, I get stuck in the registration proces.

I've provided my contact info, but every time I want to manage the existing cases, I get the same registration form. When I submit the info it says that a new case have been made...

Please use this articles

How to create a new case in MySymantec (formerly MySupport)

Article:TECH58873

|

Created: 2009-01-26

|

Updated: 2014-06-17

|

Article URL http://www.symantec.com/docs/TECH58873

I've submitted a case with the symantec help tool.

After trying several times to login with my symAccount I was able to submit it.

Suddenly the loop on the site is also gone ...

Symantec needs to look at the full dump. Were you able to get a case open?

Yes case 08240852

Hello Tom,

 

we are experincing the same issue .. do you have any information regarding your case from Symantec support ??

 

Many Thanks

P.

Hi

As far as I understand from your post, the BSOD relates to NETIO.SYS which is NVidia network access manager program. It may conflict with teefer2.sys driver of SEP. Could you uninstall it and test?

This program cause problem with other softwares as well, take a look at:

https://social.technet.microsoft.com/Forums/windows/en-US/8aabb1a2-49d0-4bc2-92ca-dce7ddf5af73/netiosys-causing-my-windows-to-bsod

 

What OS version?  Are these BSOD occuring on your SEPM server or on a client/server?

We tried 12.1.5337.5000 on Windows 7 and had issues.  R5 seems to work fine on  Windows 8/8.1 and 2012/R2.  Our Windows 7 clients still seem to be stable with R3.  Same goes for our Windows 2008/R2 servers, R3 is stable so we are sticking with it till the next release. Based on our testing, I can only summarize:

R3 good for Win7/2008/R2

R5 good for Win8/8.1/2012/R2

 

 

Symantec tells us that IPS defs released today, 04-March-2015 rev. 12 (20150301.12), should resolve our issue. Hopefully it will resolve yours too. Please test and report back.  We won't know our results 'till tomorrow.

I am going to post this in all the BSOD threads, so apologies for duplication...

Paul

Did they come back with a root cause?

My feedback from Symantec (level 3 severity 1 analysis) is:

symantec drivers are not the cause of the crash.

 

So the server (Windows 2008 Standard) is still crashing a few times a week and the cause is not yet know.

 

HP is doing a level 2 analysis.

We ran 5 loop diagnostic test last night (14 - 15 hours).

HP is looking into the results right now.

HP did a level 1 analysis before I've opened the threath here.

Resultat was negative: no hardware problems.

We'll see what the second analysis will bring.

If it's still negative, we will try to open a case at Microsoft.

They will be a neutral partner.

It has to be hardware or SEP.

 

Best regards

 

Tom

tomdepoorter - does rolling your IPS signatures back to Feb 25 r12 provide a temporary workaround?  see the threads below:

https://www-secure.symantec.com/connect/forums/bsod-and-symefasisys

https://www-secure.symantec.com/connect/forums/anybody-else-experiencing-windows-7-crashes-today

Hey mister Paul

 

Apperantly Symantec did screw up their SEP.

Hopefully not many servers are damaged world wide due to this BSOD.

 

Since we are not using NTP (so no IP) rolling back IPS signatures will not help us?

 

Best regards

 

Tom

why is the thread moderated?

Just checking in to see if Symantecs fix is working for others. So far it looks good for us, but we are proceeding catiously.

The case has not be resolved uptill now.

 

Symantec L3 support confirmed after memory dump analysis that this has nothing to do with SEP.

 

On the other hand the also confirmed today that there has been a second case opened by another client who has the same environment and the same problem.

I'll install the hoftixes and see what will happen.

We have similar issue reported by other Customer. However Other customer was able to fix issue by applying below Microsoft Patches. Request you to please check with Microsoft on same and apply below patches in your environment. 

1. KB2712746 / Fix399293

2. KB2905412 / Fix485506

3. KB973246 / Fix283499

4. KB976373 / Fix260801

Almost a month after installation of above hotfixes

no BSOD appeared.

So this was the solution?

is CCSETX64.SYS a SEP driver or norton driver? one of our servers rebooted and analysis shows as this driver.

Not a SEP Driver\.