BSOD with SEP MR5


  1. Posts : 6
    windows 7
       #1

    BSOD with SEP MR5


    Hi All,

    I am Sys Admin.. Now problem is that after installing SEP MR5 in any domain system am getting BSOD error. in some system it occurs as soon as i install the SEP MR5 in some even after 2-3 days. After removing the SEP antivirus from Safe Mode everything is ok. but I cant go without antivirus also we have enterprise license with Symantec already escalated the matter to Symantec and Microsoft but there is no solution till now. pls help as need to migrate over 500 systems and Business creating so much pressure..waiting for survival guys..
      My Computer


  2. Posts : 11,840
    64-bit Windows 8.1 Pro
       #2

    Can you please upload the .dmp file from c:/windows/minidump for analysis??
      My Computer


  3. Posts : 6
    windows 7
    Thread Starter
       #3

    Pls find the minidump, a snapshot and the sysdata file
      My Computer


  4. Posts : 28,845
    Win 8 Release candidate 8400
       #4

    survivor said:
    Pls find the minidump, a snapshot and the sysdata file



    Hi and welcome


    This crash was probably caused by the termination of a critical windows 7 file. Winnit.exe.

    I would run a system file check to do that
    type cmd in search>right click and run as admin>sfc /scannow

    Let us know the results as you may have to run it more than once

    Ken J+


    Code:
    Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\Users\K\Desktop\121009-49483-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    Symbol search path is: SRV*d:\symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7600 MP (2 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 7600.16385.x86fre.win7_rtm.090713-1255
    Machine Name:
    Kernel base = 0x82818000 PsLoadedModuleList = 0x82960810
    Debug session time: Thu Dec 10 08:55:30.612 2009 (GMT-5)
    System Uptime: 0 days 1:44:49.227
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    .........................
    Loading User Symbols
    Loading unloaded module list
    .....
    1: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    CRITICAL_OBJECT_TERMINATION (f4)
    A process or thread crucial to system operation has unexpectedly exited or been
    terminated.
    Several processes and threads are necessary for the operation of the
    system; when they are terminated (for any reason), the system can no
    longer function.
    Arguments:
    Arg1: 00000003, Process
    Arg2: 859e5530, Terminating object
    Arg3: 859e569c, Process image file name
    Arg4: 82a40d50, Explanatory message (ascii)
    
    Debugging Details:
    ------------------
    
    *** WARNING: Unable to verify timestamp for SYMEVENT.SYS
    *** ERROR: Module load completed but symbols could not be loaded for SYMEVENT.SYS
    
    PROCESS_OBJECT: 859e5530
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  0
    
    MODULE_NAME: wininit
    
    FAULTING_MODULE: 00000000 
    
    PROCESS_NAME:  WerFault.exe
    
    BUGCHECK_STR:  0xF4_WerFault.exe
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
    
    CURRENT_IRQL:  0
    
    LAST_CONTROL_TRANSFER:  from 82af407b to 828f4d10
    
    STACK_TEXT:  
    adc0bc18 82af407b 000000f4 00000003 859e5530 nt!KeBugCheckEx+0x1e
    adc0bc3c 82a77e44 82a40d50 859e569c 859e57a0 nt!PspCatchCriticalBreak+0x71
    adc0bc6c 82a79cdf 859e5530 842cf938 000000ff nt!PspTerminateAllThreads+0x2d
    adc0bca0 8bfbe449 00000084 000000ff 851dd420 nt!NtTerminateProcess+0x1a2
    WARNING: Stack unwind information not available. Following frames may be wrong.
    adc0bd24 8285b42a 00000084 000000ff 000be394 SYMEVENT+0x14449
    adc0bd24 000bf118 00000084 000000ff 000be394 nt!KiFastCallEntry+0x12a
    0000003b 00000000 00000000 00000000 00000000 0xbf118
    
    
    STACK_COMMAND:  kb
    
    FOLLOWUP_NAME:  MachineOwner
    
    IMAGE_NAME:  wininit.exe
    
    FAILURE_BUCKET_ID:  0xF4_WerFault.exe_IMAGE_wininit.exe
    
    BUCKET_ID:  0xF4_WerFault.exe_IMAGE_wininit.exe
    
    Followup: MachineOwner
    ---------
      My Computer


  5. Posts : 6
    windows 7
    Thread Starter
       #5

    Hi...ZigZag.. I am unable to run the command on that system bcoz its giving bsod in every 2-3 minutes. I am sure this is becoz of SEP MR5 as earlier in a system it resolved after uninstalling the SEP MR5. pls suggest
      My Computer


  6. Posts : 6
    windows 7
    Thread Starter
       #6

    pls help .......
      My Computer


  7. Posts : 4,772
    Windows 7 Ultimate - 64-bit | Windows 8 Pro - 64-bit
       #7

    survivor said:
    Hi...ZigZag.. I am unable to run the command on that system bcoz its giving bsod in every 2-3 minutes. I am sure this is becoz of SEP MR5 as earlier in a system it resolved after uninstalling the SEP MR5. pls suggest
    I guess you might need to login to Safe Mode then from there run SFC /SCANNOW

    I also found a Symantec KB which you might wanna look

    Blue screen error in Windows 7 or Windows Vista after installing Symantec Endpoint Protection version 11 RU5 Application and Device Control
      My Computer


  8. Posts : 519
    Windows 7 Ultimate (64)
       #8

    ...with Symantec already escalated the matter to Symantec and Microsoft but there is no solution till now.
    Assuming this problem is not machine specific, running sfc/scannow to troubleshoot the problem is irrational when you're rolling out 500+ systems.

    Unfortunately, you have few options other than wait for Symantec or MS to resolve the issue. As you have license from Symantec for this quantity, they have a huge responsibility to resolve the issue for you. Regardless of how frustrating this must be, it's unlikely you will find a solution elsewhere. Good luck...
    Last edited by win7clutz; 26 Dec 2009 at 02:43. Reason: Typo
      My Computer


  9. Posts : 5,705
    Win7 x64 + x86
       #9

    Tell Symantec that you will go elsewhere for your protection needs if they aren't able to resolve this for you. (TrendMicro has a nice product).
      My Computer


 

Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 08:05.
Find Us