To resolve the SEP 14 MP1 causes random hangs on servers and desktops issue, you upgrade Symantec Endpoint Protection (SEP) 14 or 14 MP1 to 14 MP2, only to find that the issue continues to occur. You generate a complete memory dump and open it in the Windows Debugger. After issuing the !locks command, you find there are resource locks for symefasi (our Extended File Attributes driver), SYMEVENT64x86 (our Symantec Event Library driver) and SRTSP64 (our AutoProtect driver). Using !locks -v to dump the threads of the SRTSP64 resource, you find a number of threads that start with srv2 (Microsoft's SMB 2.0 Server driver) and end with several SRTSP64 function calls.
A thread acquires a scan shim lock for read access, while at the same time a definitions update thread asks for write access. When it is attempted to get read access again through a different scan shim function, it causes that access to be blocked due to the pending write lock acquisition, resulting in a hang.
This issue has been resolved in SymScan 18.104.22.168, in SEP 14 RU1.
Subscribing will provide email updates when this Article is updated. Login is required.