Proactive Threat Protection in a Symantec Endpoint Protection client is disabled in client user interface and "Event ID 74 TruScan has generated an error: code 14: description: CAL Failure" shows in the Windows Application log
Last Updated August 14, 2010
The Symantec Endpoint Protection client user interface displays a red status at the top of the Window stating "Proactive Threat Protection is disabled." Proactive Threat Protection in the product list displays as "Off" and "Waiting for updates."
Symptoms In the Windows Event Viewer application log you see the following entry: Event ID 74 TruScan has generated an error: code 14: description: CAL Failure
In the Symantec Endpoint Protection 11 client user interface, Proactive Threat Protection displays as Off with the Definitions: field displaying the message "Waiting to update definitions".
One may also see a pop-up message when clicking the "Fix" button in the "Proactive Threat Protection is disabled" status bar: "Symantec Endpoint Protection has requested new definitions from the management server.This problem will disappear after the server responds and the update is complete."
Rebooting the machine does not resolve the issue.
Symantec Endpoint Protection 11 client (any version up to and including MR3) with Proactive Threat Protection enabled is installed on a non-server, non-64-bit operating system.
During a TruScan or Proactive Threat Scan, the scan will attempt to authenticate to and then scan all running processes. If the TruScan cannot scan an application due to a difference in required authentication credentials or due to technologies such as file encryption, then a CAL Failure is triggered by TruScan. This condition can correct itself without direct intervention. On the next TruScan that runs, assuming all running applications can be accessed properly by TruScan, the CAL Failure will not occur and the PTP status will change back to On with a green status light.
A new Eraser Engine update was made available on 11/19/08 to address this issue. Please run LiveUpdate and ensure all affected clients receive the Eraser Engine Update. To verify the update has been provided to a Symantec Endpoint Protection client the Eraser Engine version can be verified under Help and Support>Troubleshooting>Versions. The Eraser Engine version containing the update is version 7077890.262147.
Imported Document ID: TECH106159
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe