Endpoint Protection

I have a Dell Optiplex 745 with Windows Vista Business, but yesterday I upgrade my SEP from MR4 MP2   to  MR5 (11.0.5002.333), sice then, it had been crashing (blue screen) every five minutes.

I've installed the MR4 MP2 again, and everything is ok.

Checking the minidup file I found the following:
Debugging Details:
------------------

KERNEL_LOG_EXIT_STATUS:  Exit Status 0

KERNEL_LOG_FAILING_PROCESS:  WerFault.exe

PROCESS_OBJECT: 855b4800

DEBUG_FLR_IMAGE_TIMESTAMP:  0

MODULE_NAME: wininit

FAULTING_MODULE: 00000000

PROCESS_NAME:  svchost.exe

BUGCHECK_STR:  0xF4_svchost.exe

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 81cda610 to 81b15b0d

STACK_TEXT:
886bdc48 81cda610 000000f4 00000003 855b4800 nt!KeBugCheckEx+0x1e
886bdc6c 81c38f77 81c6e650 855b494c 855b4a28 nt!PspCatchCriticalBreak+0x73
886bdc9c 81c38f1e 855b4800 869f1aa8 c0000005 nt!PspTerminateAllThreads+0x2c
886bdcd0 8c15d449 000000b4 c0000005 85654430 nt!NtTerminateProcess+0x1c1
WARNING: Stack unwind information not available. Following frames may be wrong.
886bdd54 81a92c7a 000000b4 c0000005 000fefe0 SYMEVENT+0x14449
886bdd54 00070000 000000b4 c0000005 000fefe0 nt!KiFastCallEntry+0x12a
0000003b 00000000 00000000 00000000 00000000 0x70000

STACK_COMMAND:  kb

FOLLOWUP_NAME:  MachineOwner

IMAGE_NAME:  wininit.exe

FAILURE_BUCKET_ID:  0xF4_svchost.exe_IMAGE_wininit.exe

BUCKET_ID:  0xF4_svchost.exe_IMAGE_wininit.exe

Followup: MachineOwner
---------
Apparently there is a problem between svchost.exe  and  wininit.exe

Does anyone have something similar? Or how to fix it?

Regards

Hello iug
I think so there is a problem with MR5 and vista. It goes bluescreen.
I think so tecnical team working on it.
Thanks
Fatih

 http://service1.symantec.com/support/ent-security.nsf/docid/2009041710455648?Open&seg=ent

 SYMEVENT+0x14449

Try removing PTP.

Still would suggest you to open a case with symantec.

See if this helps:


Title: 'Dell Optiplex 745 machines frequently reboot after installation of Symantec Endpoint Protection'
Document ID: 2009102208562848
> Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2009102208562848?Open&seg=ent

Title: 'Blue screen error in Windows 7 or Windows Vista after installing Symantec Endpoint Protection version 11 RU5 Application and Device Control'
Document ID: 2009100710340548
> Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2009100710340548?Open&seg=ent

I do not know this articles. Thanks Vikram and Prachand.

Hi Prachand... that's exactly the problem I have: If I disable the ADC, everithing works fine, but I need the ADC.
Thank you for the information, we'll be waitting for a Symantec solution.

Is there any fix for the problem? Of course without moving the ADC rules/policies

If there is an update , I will post it here

 Did you try the workarounds form the above article? If so were they successful? This might be helpful to other users who are experiencing the same issues.

Possible Workarounds

• wininit.exe is one of the critical startup processes that can be blocked--try adding it to the excluded list of the ADC rule
  NOTE that wininit.exe is a "caller process" and as such must be excluded at the topmost level of any ADC rule set.
  e.g. you want to allow wininit to launch other processes, not "allow wininit to launch wininit".
• modify the ADC policy to "log only" and examine logs for additional processes that are matched during startup--try excluding those processes.
• ... or remove environment variables from ADC rules (or explicitly spell out paths including those variables)

The blue screen errors may persist despite these work-arounds. In this case, disable Application and Device Control until a satisfactory solution can be found.

Grant-