my antivirus and antispyware protection failed to load resulting in a warning. today there was NO warning but by checking system log it indcates a:

change in configuration value....HKLM\SOFTWARE\Symantec\Smantec Endpoint Protection

my concern is is this an indication of a major problem in my protection?

hope someone can help. thanks in advance.

can you post the full path?

if you change something on the manager ; the change would get propagated to clients in terms of change in registry value.

check the complete path; it should be related to u r policy change..

no problem with security.

Hello,

Please Run the Symantec Support Tool and Let us know what Errors do you receive?

sorry..dummy re the full path. where can i check that to give to you. thanks so much for replying. i may be ok but i've never seen a configuration change before in my log.

open sep client

click on logs

check the system log ; this wil show u the configuration change.

mithun, it stated WARNING. some services and drivers are not running

                                          some of the client services are not running.

i'm a home user so not too good with this. i was able with your help to run the support tool. thanks. but obviously my concerns were well founded even tho system tells me i'm ok. your suggestions, please.

jan

config change in system log

HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection

am i sending you this correctly? i've never had a conf. change. i did not do it. thus my concerns.

ran support tool-said some systems and drivers aren't running, some client services aren't running

FYI i use SEP for private use. NO other pc's involved with my SEP. 

Hello,

Please Let us know, does it specify what services and drivers are not running?

If you are unable to find it, please collect the Log by saving the same for support.

Upload the Logs and we will get back to you.

as far as I know It will show information like value changed from 0 to 1; if u change something live update settings from manual to automatic, so any changes in settings will change in registry. Not related with security issue. can ignore that if thats not showing a full path of the key which is changed.

rafeeq

value changed from 1 to 0, then 0 to '13060667041', etc

as I mentioned earlier; there should be complete path so that we can know which settings value changed :)

I'm not sure why full path is not showing up :) 

do u see any such path??

Yes, this is the path I was talking about ( not sure if we need to read top to bottom or bottom to top, let me know the order)

it changed from disabled to enable.this happens when system scans the files and makes the settigns changes accordingly.

Changed value 'HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Storages\Filesystem\RealTimeScan\APEOff' from '1306066764' to '0'

Real time scan is disabled.

Changed value 'HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Storages\Filesystem\RealTimeScan\OnOff' from '0' to '1'

Enabled 

http://aka-community.symantec.com/connect/articles/symantec-endpoint-protection-few-registry-tweaks

its showing how symantec settings changed values during the scan and enabled themselves to perform the scan with all the outlook, internet email protection.

"Could not scan [#] files inside [path][filename] due to extraction errors encountered by the Decomposer Engines" during a scan

http://www.symantec.com/business/support/index?page=content&id=TECH99755&key=54619&actp=LIST

Can you tell us what is the version number of the product you have installed? Click Help>About to show build number.

Thanks,

Thomas

i'm so frustrated.

Attachment(s)

endpoint.zip   2 KB 1 version

11.0

thanks for helping me!

if i leave my pc for awhile with symantec site up is my pc safe-meaning no intrusion? i know it's a secured site but not sure re my pc. 

We need the build number for SEP 11.

Example 11.0.6300 803

Hello,

Momacita, let me get things  absolutely clear and right here for you.

Previous you said: - 

1) Your antivirus and antispyware protection failed to load resulting in a warning. Later, there was NO warning but by checking system log it indcated a change in configuration value....HKLM\SOFTWARE\Symantec\Smantec Endpoint Protection.

2) Later on the Logs uploaded shows as follows:

After looking at these Logs, I would simply request you to Simply not to worry. 

These errors do not indicate a malfunction in the product. The decomposer errors cannot be eliminated from system logs; they may be useful in alerting a customer to corrupt archives or deeply-compressed files that should be excluded from scans. 

This event is typically encountered when any of the following occurs:

• You scan a file whose content resembles a MIME-encoded archive.
• You scan an archived file whose compressed size is less than the decomposer's 10-byte minimum.
• You scan a compressed archive that contains a password-protected file;
  The decomposer engine cannot provide the password required to gain access to the file, so it will be omitted during a scan.
• You scan files that have been locked for access by the operating system and access cannot be released to the scanner because the file is in use.
• You scan files that are recursively compressed to a depth that is more than the scan engine is set to scan. 
  By default, the scan engine is set to scan a maximum depth of three levels (for example, a zip file contained within a zip file contained within another zip file).
• You scan files with LH7 compression, which is not a supported format. 
  These compressed files commonly have a .lzh extension, and they are omitted by the scan.
• You scan files that are in use by another user. 
  This is most commonly seen when you scan user directories and shared folders and that user has the document in question opened for editing.
• You scan files that have file system permissions set to deny access.
• Corruption exists in the virus definitions.
• Archived files have an extension that is not set in a Custom Scan's "selected extensions".

Work on the steps provided below for checking few things on your machine.

1) Click on Start > Run> Type "servicers.msc" (without quotes)

2) Services window would open up. Scroll down to the Service that says "Symantec Endpoint Protection" and "Symantec Management Client"

Make sure these services are in status "Started" and Startup Type is "Automatic", you have nothing to worry.

3) Open the Symantec Endpoint Protection Client, and check it the Virus definitions are Latest and upto date.

4) If, the Definitions are not updated, Visit the Below Website:

http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce

Download and Run the Symantec Intelligent Updater, to Update your SEP Client on your machine.

Hope these Steps are clear!!!

just to be safe i went to intel.updater. the only thing i'm not sure of is this-

your example listed 20110523-034-v5i32.exe FTP

when i went to site the listing WAS

20110524-002-v5i32.exe FTP

is this the one i should download from the list tho it's different from your circled listing?

AS for the other things u suggested your procedures were very clear!...thanks so much..but i couldn't find if definitions were current. however, i do have it set for everyday/LU and checked in my log. so can i assume i'm ok relying on that?

FYI this all happened after microsoft downloaded IE9 and an important update on my pc... right after. i don't know but it makes me suspicious. they also turned on the windows firewall. i knew when checking everything that they had done that with the download. i believe symantec advises windows firewall not be on when using their product. so i turned it back off. am i correct?

sincerely

jan

Hello,

Yes, you are correct. This is because the dates keeps changing every day.

Incase, you are carrying IE 9, I would recommend checking these few articles provided below ( we found few issues customers facing with IE 9.