Services.exe process crashes using Endpoint Protection
Last Updated December 05, 2018
Shortly after a Windows 7 machine boots up, the error "Windows has encountered a critical problem and will restart automatically in one minute. Please save your work now." pops up and the machine reboots in a minute. This happens every time the machine boots up using Symantec Endpoint Protection (SEP).
Windows 7 32-bit with Service Pack 1.
SEP version 12.1 RU1 client with Application and Device Control (ADC) feature installed and enabled.
Citrix offline plug-in version 6.0.2 or 6.5 installed.
An error similar to the following is logged in the Application log of the Windows Event Viewer:
SEP Application and Device Control coupling with Citrix offline plug-in causes services.exe to crash.
When ADC is enabled, sysfer.dll is injected into services.exe process. There is an issue with sysfer.dll. When the Citrix offline plug-in (CtxSbxHook.DLL) is also loaded into the services.exe process, the issue is triggered and services.exe crashes as the result. Since services.exe is a critical Windows process, Windows is automatically restarted.