DPC_WATCHDOG_VIOLATION (133) Stop error message on a Windows Server 2012-based computer with Endpoint Protection installed
search cancel

DPC_WATCHDOG_VIOLATION (133) Stop error message on a Windows Server 2012-based computer with Endpoint Protection installed

book

Article ID: 164258

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Windows OS crashes (BSOD) with a DPC_WATCHDOG_VIOLATION (133) Stop error message.

DPC_WATCHDOG_VIOLATION (133) Stop error message

Probably caused by : SYMNETS.SYS / IDSvia64.sys

The DPC watchdog detected a prolonged run time at an IRQL of DISPATCH_LEVEL

Environment

Windows Server 2012-based computer with SEP (Symantec Endpoint Protection) networking components installed.

Cause

These crashes can occur when a driver hits the Deferred Procedure Call (DPC) timeout.  With Symantec Endpoint Protection's (SEP) network drivers, this can occur when there are a large number of concurrent/active connections. The SEP network drivers have a connection table that tracks active network connections and when this table grows large, the drivers take longer to query information about these connections, thus reaching the DPC timeout. 

Resolution

This issue is fixed in Symantec Endpoint Protection (SEP) 14.3 MP1. For information on how to obtain the latest build of Symantec Endpoint Protection, see Download the latest version of Symantec software here.

Workarounds:

While the above fix should address the issue for most use cases, a DPC timeout can still be reached on extremely busy servers.  For these systems, you can use SEP without the related networking components:

  • In SEP 12.1.x, use strictly Virus/Spyware Protection only. Remove Advanced Download Protection, Outlook/Notes Scanner, and Proactive and Network Threat Protection.
     
  • In SEP 14.0 and newer, the connection-tracking component of SYMNETS has been decoupled from the rest of SEP, and the Firewall is the only component that needs to be removed to relieve these symptoms. Other components need not be removed (Intrusion Prevention, Proactive Threat Protection, Advanced Download Protection, and mail scanners may remain installed).

Other

There is a related Microsoft article and hotfix: You receive a "DPC_WATCHDOG_VIOLATION (133)" Stop error message on a Windows Server 2012-based computer

Note that the hotfix above will install on Server 2012 but not on 2012 R2 ("The update is not applicable to your computer"). But the net result of the hotfix is to add the following registry values, which can be done manually on 2012 R2:

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\
    DpcWatchdogPeriod=REG_DWORD 0003a980 (hexidecimal)
    DpcTimeout=REG_DWORD 00000000

The intent of these registry values is to increase the DPC Timeout that causes the crash message. With these values in place, reboot the affected machine. Crashes may no longer occur, but sluggish performance may be noted during periods of high network activity.

Additional Information

ESCRT-3642