Endpoint Protection

 View Only

  • 1.  I have the problem when install Symantec Endpoint client Ver.11.0

    Posted Oct 08, 2009 01:15 AM
    When I install Symantec Endpoint client Ver.11.0 to windows xp pro with sp2. first install it look OK but service "Symantec Sittings manager" status is starting. other Symantec service could not load to windows service. after I restart windows Symantec client could not work and service "Symantec Sittings manager" status is still starting. I try to install from the package again but there is the error message say: FreeExtractor Error: An error prevents this program from continuing: Access is denied.
    so please help me solve this problem


  • 2.  RE: I have the problem when install Symantec Endpoint client Ver.11.0

    Posted Oct 08, 2009 01:23 AM
     "Symantec Sittings manager" you mean i think "Symantec Settings manager", Am I right?
    Can you check any error message is present in SEP_inst.log file which will be present in temp folder.




  • 3.  RE: I have the problem when install Symantec Endpoint client Ver.11.0

    Posted Oct 08, 2009 01:25 AM
    Which version of SEP ur using latest one is RU5..
    If you pc is infected with virus, try to run Norton virus removal tool in safe mode....
    package may be corrupt try with other package... 


  • 4.  RE: I have the problem when install Symantec Endpoint client Ver.11.0

    Posted Oct 08, 2009 01:30 AM
    Hi,

    Can you please chek if the following registry key exists:

    Search for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe\"Debugger" = "svchost.exe"

    You need to delete this key and reboot the machine.

    Also, plesae take a loot at the sep_inst.log and look for "return value 3". PLease post 8 lines before and after the occurence of this error in the logs.

    sep_inst.log can be accessed by start->run->tyoe %temp% ->ok

    Best,
    Aniket


  • 5.  RE: I have the problem when install Symantec Endpoint client Ver.11.0

    Posted Oct 08, 2009 03:14 AM

    the registry key:  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe\"Debugger" = "svchost.exe"  does not exist
    but service: symantec settings manager is still in the windows service but not startup (type Auto)

    for the sep_inst.log there are 2   "return value 3".  as follow

    Error 1310.Error writing to file: C:\WINDOWS\system32\Drivers\symndis.sys.  System error 5.  Verify that you have access to that directory.
    MSI (s) (D4:E4) [13:14:23:015]: Product: Symantec Endpoint Protection -- Error 1310.Error writing to file: C:\WINDOWS\system32\Drivers\symndis.sys.  System error 5.  Verify that you have access to that directory.

    MSI (s) (D4:E4) [13:14:23:015]: Note: 1: 2318 2: C:\WINDOWS\system32\Drivers\symndis.sys
    MSI (s) (D4:E4) [13:14:23:015]: Note: 1: 1310 2: 5 3: C:\WINDOWS\system32\Drivers\symndis.sys
    MSI (c) (C8:38) [13:14:22:546]: Font created.  Charset: Req=0, Ret=0, Font: Req=, Ret=Arial

    Error 1310.Error writing to file: C:\WINDOWS\system32\Drivers\symndis.sys.  System error 5.  Verify that you have access to that directory.
    MSI (s) (D4:E4) [13:14:26:031]: Product: Symantec Endpoint Protection -- Error 1310.Error writing to file: C:\WINDOWS\system32\Drivers\symndis.sys.  System error 5.  Verify that you have access to that directory.

    MSI (c) (C8:38) [13:14:23:015]: Font created.  Charset: Req=0, Ret=0, Font: Req=, Ret=Arial

    Error 1310.Error writing to file: C:\WINDOWS\system32\Drivers\symndis.sys.  System error 5.  Verify that you have access to that directory.
    MSI (c) (C8:38) [13:14:26:031]: Font created.  Charset: Req=0, Ret=0, Font: Req=, Ret=Arial

    Are you sure you want to cancel?
    MSI (s) (D4:E4) [13:14:27:078]: User policy value 'DisableRollback' is 0
    MSI (s) (D4:E4) [13:14:27:078]: Machine policy value 'DisableRollback' is 0
    Action ended 13:14:27: InstallFinalize. Return value 3.
    MSI (s) (D4:E4) [13:14:27:109]: Executing op: Header(Signature=1397708873,Version=301,Timestamp=994535586,LangId=1033,Platform=0,ScriptType=2,ScriptMajorVersion=21,ScriptMinorVersion=4,ScriptAttributes=1)
    MSI (s) (D4:E4) [13:14:27:109]: Executing op: DialogInfo(Type=0,Argument=1033)
    MSI (s) (D4:E4) [13:14:27:109]: Executing op: DialogInfo(Type=1,Argument=Symantec Endpoint Protection)
    MSI (s) (D4:E4) [13:14:27:109]: Executing op: RollbackInfo(,RollbackAction=Rollback,RollbackDescription=Rolling back action:,RollbackTemplate=[1],CleanupAction=RollbackCleanup,CleanupDescription=Removing backup files,CleanupTemplate=File: [1])
    MSI (s) (D4:E4) [13:14:27:109]: Executing op: ActionStart(Name=InstallFiles,Description=Copying new files,Template=File: [1],  Directory: [9],  Size: [6])
    MSI (s) (D4:E4) [13:14:27:109]: Executing op: SetTargetFolder(Folder=C:\WINDOWS\system32\Drivers\)
    MSI (s) (D4:E4) [13:14:27:109]: Executing op: ProductInfo(ProductKey={3BAB4914-9CC1-4CC2-A3DA-56EF62DFD373},ProductName=Symantec Endpoint Protection,PackageName=Symantec AntiVirus.msi,Language=1033,Version=184553376,Assignment=1,ObsoleteArg=0,ProductIcon=ARPPRODUCTICON.exe,,PackageCode={D8747744-9A14-48CE-93F3-B626F10E24FE},,,InstanceType=0,LUASetting=0,RemoteURTInstalls=0)
    MSI (s) (D4:E4) [13:14:27:109]: Executing op: FileRemove(,FileName=C:\WINDOWS\system32\Drivers\symndis.sys,,)
    MSI (s) (D4:E4) [13:14:27:125]: Executing op: FileRemove(,FileName=C:\WINDOWS\system32\Drivers\symids.sys,,)
    MSI (s) (D4:E4) [13:14:27:125]: Executing op: SetTargetFolder(Folder=C:\Program Files\Common Files\Symantec Shared\)
    MSI (s) (D4:E4) [13:14:27:125]: Executing op: FileRemove(,FileName=C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe,,)
    MSI (s) (D4:E4) [13:14:27:140]: Executing op: SetTargetFolder(Folder=C:\WINDOWS\system32\Drivers\)
    MSI (s) (D4:E4) [13:14:27:140]: Executing op: FileRemove(,FileName=C:\WINDOWS\system32\Drivers\symredrv.sys,,)

    =================================================================================================================

    MSI (s) (D4:E4) [13:14:44:671]: Executing op: ActionStart(Name=checkMSXMLVersion.0723A1DC_DEB6_4A50_874F_3A2D2C99A1C1,,)
    MSI (s) (D4:E4) [13:14:44:671]: Executing op: ActionStart(Name=RB_cleanupFolder.0723A1DC_DEB6_4A50_874F_3A2D2C99A1C1,,)
    MSI (s) (D4:E4) [13:14:44:671]: Executing op: CustomActionRollback(Action=RB_cleanupFolder.0723A1DC_DEB6_4A50_874F_3A2D2C99A1C1,ActionType=1345,Source=BinaryData,Target=cleanupFolder,)
    MSI (s) (D4:60) [13:14:44:671]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI93.tmp, Entrypoint: cleanupFolder
    InstSymProtect::cleanupFolder() -> called
    DeleteFolderIfNoFileExists: Driver file is not present.
    DeleteFolder: FAILED to delete directory C:\Program Files\Common Files\Symantec Shared\SPBBC
    DeleteFolderIfNoFileExists: SHDeleteFolder FAILED
    InstSymProtect::cleanupFolder() -> DeleteFolderIfNoFileExists FAILED
    MSI (s) (D4:E4) [13:14:45:265]: Executing op: End(Checksum=0,ProgressTotalHDWord=0,ProgressTotalLDWord=0)
    MSI (s) (D4:E4) [13:14:45:265]: Error in rollback skipped. Return: 5
    cleanupFolder:  exiting
    MSI (s) (D4:E4) [13:14:45:281]: Calling SRSetRestorePoint API. dwRestorePtType: 13, dwEventType: 103, llSequenceNumber: 34, szDescription: "".
    MSI (s) (D4:E4) [13:14:45:328]: The call to SRSetRestorePoint API succeeded. Returned status: 0.
    MSI (s) (D4:E4) [13:14:45:328]: Unlocking Server
    MSI (s) (D4:E4) [13:14:45:328]: PROPERTY CHANGE: Deleting UpdateStarted property. Its current value is '1'.
    Action ended 13:14:45: INSTALL. Return value 3.
    Property(S): DiskPrompt = [1]
    Property(S): UpgradeCode = {24BF7A02-B60A-494B-843A-793BBC77DED4}
    Property(S): CostingComplete = 1
    Property(S): VersionNT = 501
    Property(S): TARGETDIR = C:\
    Property(S): ALLUSERSPROFILE = C:\
    Property(S): SYSTEM32TEMP = C:\DOCUME~1\WANNAN~1\LOCALS~1\Temp\Symantec\System32\
    Property(S): ANSITEMP = C:\DOCUME~1\WANNAN~1\LOCALS~1\Temp\Symantec\System32\Ansi\
    Property(S): WINSYS32TEMP = C:\DOCUME~1\WANNAN~1\LOCALS~1\Temp\Symantec\Windows\System32\
    Property(S): ANSIWINSYS32TEMP = C:\DOCUME~1\WANNAN~1\LOCALS~1\Temp\Symantec\Windows\System32\Ansi\
    Property(S): AdminToolsFolder = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\
    Property(S): AppDataFolder = C:\Documents and Settings\Wanna N\Application Data\
    Property(S): SYMANTEC = C:\Documents and Settings\All Users\Application Data\Symantec\
    Property(S): CACHED_INSTALLS = C:\Documents and Settings\All Users\Application Data\Symantec\Cached Installs\
    Property(S): CMCDIR = C:\Program Files\Symantec\Symantec Endpoint Protection\
    Property(S): SEPTEMP = C:\DOCUME~1\WANNAN~1\LOCALS~1\Temp\Symantec\program files\Symantec\SEP\
    Property(S): CMCDIRTEMP = C:\DOCUME~1\WANNAN~1\LOCALS~1\Temp\Symantec\program files\Symantec\SEP\CMCDIR\





     



  • 6.  RE: I have the problem when install Symantec Endpoint client Ver.11.0

    Posted Oct 08, 2009 03:29 AM
    Do you have any group policy for services...?
    Which user you are using for installation... Is it a Admin user....?


  • 7.  RE: I have the problem when install Symantec Endpoint client Ver.11.0

    Posted Oct 08, 2009 03:40 AM
    Seems like this computer is infected thats why it has replaced image excecution and alos permissions of the folder.

    Error 1310.Error writing to file: C:\WINDOWS\system32\Drivers\symndis.sys.  System error 5.  Verify that you have access to that directory


    you can run the NSS.exe which is symantec's online scan to remove virus and then install the software. more info about NSS here.

    http://www.symantec.com/connect/forums/download-site-nssexe