You install a Symantec Endpoint Protection client on a computer running a 32-bit version of Windows 7. Either during the installation, during an operating system migration, or during a Proactive Threat Protection detection, the computer stops responding with a blue screen and refers to Symevent.sys.
This is a problem between the TruScan keylogger scanning function and Windows 7. To work around the problem, either disable keylogger scanning or remove TruScan completely.
To disable keylogger scanning on managed clients
In the manager, under Clients, select the client group in which the Windows 7 clients reside.
In the right pane, under Policies, edit the Antivirus and Antispyware policy. If "Inherit policies and settings from parent group Global" is checked, either edit the policy in the Global group or change the inheritance structure so that the policy does not inherit settings.
Under Truscan Proactive Threat scans, on the Scan Details tab, uncheck Scan for keyloggers, and click the lock symbol to lock the option.
To disable keylogger scanning on unmanaged clients
On the client, in Symantec Endpoint Protection, click Change Setttings.
Under Proactive Threat Protection, click Configure Settings.
Uncheck Scan for keyloggers.
To remove TruScan
On the client computer, in Add or remove programs, double-click Symantec Endpoint Protection, and select Modify.
Expand Proactive Threat Protection, and click the dropdown next to TruScan.
Select "This feature will not be available."
Click Next and complete the wizard.
Imported Document ID: TECH93491
Subscribing will provide email updates when this Article is updated. Login is required.