Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

SEP 14.2 crashes

  • 1.  SEP 14.2 crashes

    Posted Jun 27, 2018 05:51 PM

    We have started testing SEP 14.2 and on atleast two of our Windows 10 machines we see that the SEP service crashes right after boot.

    We have tried uninstalling all features except AV and the problem still persist.

    If we are quick we are able to open the SEP GUI right after boot before it crashes. It will then be green until it turns red and malfunctioning.
    At this point the SEPmaster service stops and we can't open the GUI.

    Anyone else experiencing this problem?


    The environment is enrolled into the cloud


    Torb


     



  • 2.  RE: SEP 14.2 crashes

    Broadcom Employee
    Posted Jun 27, 2018 06:01 PM

    Hi Torb,

    Will you run Symdiag?  I have not seen this but would like to track this as a possible emerging issue.

    Thanks,

    John Owens

     

     



  • 3.  RE: SEP 14.2 crashes

    Broadcom Employee
    Posted Jun 27, 2018 06:02 PM

    Make sure you select Collect Data for Support in the Symdiag and that All Data is selected.



  • 4.  RE: SEP 14.2 crashes

    Posted Jun 27, 2018 06:04 PM

    What version of 10? Haven't seen it either on ours. Is it a vanilla install/image?



  • 5.  RE: SEP 14.2 crashes

    Posted Jun 27, 2018 06:13 PM

    Windows 10 1803. It's an upgrade from 14 RU1 MP1.

    Case: 15065251

     

     

     

     



  • 6.  RE: SEP 14.2 crashes

    Broadcom Employee
    Posted Jun 27, 2018 06:15 PM

    I will take a look at the data and let you know what I find as well.
     



  • 7.  RE: SEP 14.2 crashes

    Posted Jun 27, 2018 06:22 PM
    This is also on Win10 build 1709. SymDiag is submitted. Unmanaged client works fine. As soon as we import a sylink file the agent crash. But we can see in the console that the agent have communicsted with the server befor it crashes.


  • 8.  RE: SEP 14.2 crashes

    Posted Jun 27, 2018 06:23 PM

    This is also on Win10 build 1709. SymDiag is submitted. Unmanaged client works fine. As soon as we import a sylink file the agent crash. But we can see in the console that the agent have communicated with the server befor it crashes.



  • 9.  RE: SEP 14.2 crashes

    Broadcom Employee
    Posted Jun 27, 2018 09:19 PM

    Please collect a Full Process Dump of ccsvchst.exe crashing:

    Install ProcDump as the postmortem debugger, and instruct it to write full dumps to C:\Dumps:

    To do:

    procdump -ma -i C:\Dumps

    Once the crash happens you can turn off the post mortem debugger with

    procdump -u

     

    6/27/2018 2:55:51 PM    Application    Error    Application Error    OSL-C-EK        1000    "Faulting application name: ccSvcHst.exe, version: 13.3.1.14, time stamp: 0x5a860d35

    Faulting module name: ntdll.dll, version: 10.0.16299.492, time stamp: 0xaeec4354

    Exception code: 0xc0000005

    Fault offset: 0x0003e6a5

    Faulting process id: 0x710

    Faulting application start time: 0x01d40e1620cffa9b

    Faulting application path: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.758.0000.105\Bin\ccSvcHst.exe

    Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

    Report Id: 30a072db-5f48-498f-90a8-cbab4ba01cfc

    Faulting package full name:

    Faulting package-relative application ID:"

     



  • 10.  RE: SEP 14.2 crashes

    Posted Jul 01, 2018 06:43 PM
      |   view attached

    It may be related to a Location Awerness bug. Have been trying to identify the problem. 1. Install unmanaged just AV client = no problem 2. Import Sylink and make managed = crash 3. Remove location awerness = no crash Can anyone else just tro to create a rule similar to attached picture and see if it crashes for you as well? You only need the office location to make it crash.



  • 11.  RE: SEP 14.2 crashes

    Posted Jul 04, 2018 11:47 AM

    Hello Torb,

    I can confirm the problem with Location Awareness.

    I our environment the client crashes if we specify the Location Criteria "DNS Lookup".

    We have the case number 15036657.



  • 12.  RE: SEP 14.2 crashes

    Posted Jul 04, 2018 12:55 PM
    Thank you. This looks like a major bug! If you have a location awarness policy that use DNS lookup, SEP will crash immediately. The annoying thing is that this can’t be fixed by just changing the LA policy in SEPM, since an affected agent will crash before it is able to get a new policy. So you’re left with unprotected agents that can only be fixed by a complete reinstall after changing the LA policy. You can ask support to associate your case with ours: 15065251 IMHO this bug is so bad that they should pull the plug on 14.2 until there is a fix. Torb


  • 13.  RE: SEP 14.2 crashes

    Posted Jul 04, 2018 12:55 PM
    Thank you. This looks like a major bug! If you have a location awarness policy that use DNS lookup, SEP will crash immediately. The annoying thing is that this can’t be fixed by just changing the LA policy in SEPM, since an affected agent will crash before it is able to get a new policy. So you’re left with unprotected agents that can only be fixed by a complete reinstall after changing the LA policy. You can ask support to associate your case with ours: 15065251 IMHO this bug is so bad that they should pull the plug on 14.2 until there is a fix. Torb


  • 14.  RE: SEP 14.2 crashes

    Broadcom Employee
    Posted Jul 08, 2018 07:30 PM

    Hi All,

    Development is looking into this.  Please subscribe here for future updates:

    https://support.symantec.com/en_US/article.TECH250796.html?

    Thanks,

    John