Endpoint Protection 14.x clients show component is malfunctioning
Article ID: 175535
Updated On:
Products
Issue/Introduction
Symantec Endpoint Protection (SEP) 14.2 client has malfunctioning components
Cause
This condition can occur on systems where the startup is slow compared to a typical system and the boot phase lasts longer than normal. In situations where devices are taking longer than normal to boot up, ccSvcHst may be prevented from loading the rest of the SEP components normally because the device is still in the booting phase. Certain SEP components won't be loaded in the systems booting phase to preserve system performance.
Resolution
Symantec Endpoint Protection (SEP) 14.2 and later clients may have one or more components listed as malfunctioning on startup. On devices where this issue repeatedly occurs, a registry key can be applied to systems to solve this issue.
On affected devices:
- Add the following registry key (Tamper Protection may need to be disabled)
- 32-bit System: HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\OverrideThreshold
- 64-bit system: HKLM\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\SMC\OverrideThreshold
- Restart the Symantec Management client or the device.
If there are multiple devices this registry key needs to be applied to, a Host Integrity policy can be used to add the key following the steps below.
- Make test groups, for example, “test1”
- Move the malfunctioning client to the test1 group
- Disable inherit policy from the parent group
- Disable tamper protection in this group
- Download the attached .dat file, and open SEPM-policies-host integrity, right-click the blank area, then click the “Import” button to import the .dat file to SEPM
- Right-click the policy, click the “assign” button and assign it to the test1 group
- Check if the client machine has added the key-value, then monitor if the issue still exists
Attachments
Feedback
