Endpoint Protection

 View Only

  • 1.  some clients hang and some clients cannot be restarted

    Posted Jan 19, 2012 03:28 AM

    Hi

    We have about 2000 clients in our network.

    Some clients hang and when the user opens Mycomputer  it doesn't show drives and it must be restarted with reset key of the Computer case.

    Some of them cannot be restarted because some processes cannot be ended.

    Name of these processes :

    wndclass_cwindrivesnotifyerhelperwindow

    NBHLGui.exe

    InCD log

    NBKeyScan.exe

    We are using Symantec Endpoint Protection 12RU1.

    Clients are Windows XP  service pack 3.

    number of these clients are growing.

    I checked autoruns but there is nothing in autoruns.

    I checked SEP support tool log but it doesn't show any errors about load point analysis.

    I withdrawed application and Device Control but this problem persists.

    Can you please help me to solve this problem?



  • 2.  RE: some clients hang and some clients cannot be restarted

    Broadcom Employee
    Posted Jan 19, 2012 03:44 AM

    Please full scan the machine with the Rapid Release definitions - possibly using Symantec Endpoint Recovery Tool (SERT): http://www.symantec.com/docs/TECH131732

    If it is not possible to use this tool, run full scan in safe mode.

    Please as well submit the suspected files (NBTLGui.exe, NBKeyScan.exe) to Security Response for the analysis:

    https://submit.symantec.com/websubmit/retail.cgi

    Ensure as well that the Security Best Practices are applied:

    http://www.symantec.com/theme.jsp?themeid=stopping_malware



  • 3.  RE: some clients hang and some clients cannot be restarted

    Posted Jan 19, 2012 10:13 AM

    please attach the %temp%\SEP_INST.LOG file here,
    This will help alot to guide you.

     

    Under %temp%\SEP_INST.LOG do you see any error of "Return Value 3"(Without quotes)



  • 4.  RE: some clients hang and some clients cannot be restarted

    Posted Jan 20, 2012 04:45 PM

    Hi W-D

    I've checked Autoruns and SEP support tool log and load point analysis but i could not find any suspicious file.

    and thanks for your goog links We have WSUS and most of the Secutity requirements are met in our network.

    but these links was very nice i studied them special thanks.

    I have checked these processes and these processes are for Nero.

    Any other idea?



  • 5.  RE: some clients hang and some clients cannot be restarted

    Posted Jan 20, 2012 04:58 PM

    Hi phimanshuj@gmail.com

     

    Can you tell me what is it for?

    thanks.



  • 6.  RE: some clients hang and some clients cannot be restarted

    Posted Jan 21, 2012 02:33 AM

    hello,

     

    What are these processes are these valid.

     

    NBHLGui.exe

    InCD log

    NBKeyScan.exe 

     

    ALos, u mentioned u cannot restart the machine coz SEP is the major cause. 

    Disabled sep from the services or uninstall sep and check if u are able to reboot or shut down the machine

    DO we any erorrs in event viewer. 



  • 7.  RE: some clients hang and some clients cannot be restarted

    Posted Jan 22, 2012 10:12 AM

    Hi

    these processes are for Nero

    Tomorrow i will unistall SEP and i will post the answer

    Thnaks