Endpoint Protection

View Only

Back to discussions

Expand all | Collapse all

SEP 14.3/14.3 MP1 crash at launch

1. SEP 14.3/14.3 MP1 crash at launch

1 Recommend
ICT UNDP
Posted Aug 14, 2020 02:03 AM

Reply Reply Privately
I've just upgraded from SEP 14.2 RU2 MP1 refresh (14.2.5587.2100) to 14.3 MP1 (14.3.1148.0100) on Windows 10 v1909 Build 18363.959, and yet experiencing the same crashing issue as before with SEP 14.3 (v14.3.558.1000) on Windows 10 v1909 build 18363.778.

It seems some Symantec services stopped on its own and continuously crashes on its own.

Windows Log shows ccSvcHst.exe crashed when calling ucrtbase.dll.

Faulting application name: ccSvcHst.exe, version: 17.2.5.4, time stamp: 0x5ee91bd8
Faulting module name: ucrtbase.dll, version: 10.0.18362.815, time stamp: 0xbea5fce0
Exception code: 0xc0000409
Fault offset: 0x0009e6eb
Faulting process id: 0x2798
Faulting application start time: 0x01d671afe8f42068
Faulting application path: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.1148.0100.105\Bin\ccSvcHst.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: 1cb01a0c-d42e-41e1-a3b4-26ea44e29954
Faulting package full name:
Faulting package-relative application ID:

And ucrtbase.dll 10.0.18362.815 seems to be fine.

https://www.virustotal.com/gui/file/7ee229626b22799faa28cd7c22d4ff2ad0603c17e5f5ee9086fa7cf6483331fb/details

I've tried to uninstalled with CleanWipe, run "SFC -scannow' and "dism /online /cleanup-image /restorehealth", but still encountered the issue.

Any suggestion would be appreciated.
Many thanks.
2. RE: SEP 14.3/14.3 MP1 crash at launch

0 Recommend
Broadcom Employee

John Owens
Posted Aug 14, 2020 10:16 AM

Reply Reply Privately
I would suggest gathering a Full Process Dump of when ccsvchst.exe crashes and opening a case for review. There is a similar issue targeted for a fix in 14.3 RU1.

Steps to get Process Dump:

1. Download Procdump: https://docs.microsoft.com/en-us/sysinternals/downloads/procdump

2. Open a command prompt to procdump location and run the following command.

procdump -ma -i C:\Dumps

3. Reproduce the issue. Go to C:\Dumps and compress the .dmp files.

4. Run procdump -u

Run a Symdiag on the system as well.

How to collect full support logs for Support with the SymDiag utility

Upload both of these to your case and await review.

Original Message
3. RE: SEP 14.3/14.3 MP1 crash at launch

0 Recommend
ICT UNDP
Posted Aug 14, 2020 01:23 PM
| view attached

Reply Reply Privately
Attached the dump and a Symdiag report.

Attachment(s)

ccSvcHst.exe_200814_123759.zip 92.94 MB 1 version

Original Message
4. RE: SEP 14.3/14.3 MP1 crash at launch

0 Recommend
Broadcom Employee

John Owens
Posted Aug 14, 2020 01:24 PM

Reply Reply Privately
Hi There,
You will want to open a case with support to have these reviewed.
Thanks,

------------------------------
John Owens
Principal Product Support
Symantec
United States
------------------------------

Original Message
5. RE: SEP 14.3/14.3 MP1 crash at launch

0 Recommend
ICT UNDP
Posted Aug 14, 2020 01:49 PM

Reply Reply Privately
Thanks @John Owens. Case submitted 32162904.

Original Message
6. RE: SEP 14.3/14.3 MP1 crash at launch

0 Recommend
Broadcom Employee

John Owens
Posted Aug 14, 2020 02:07 PM

Reply Reply Privately
Can you open a command prompt and run the following command and provide screenshot of results?

reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList" /v "Public"

------------------------------
John Owens
Principal Product Support
Symantec
United States
------------------------------

Original Message
7. RE: SEP 14.3/14.3 MP1 crash at launch

0 Recommend
ICT UNDP
Posted Aug 14, 2020 02:16 PM

Reply Reply Privately
Original Message
8. RE: SEP 14.3/14.3 MP1 crash at launch

0 Recommend
Broadcom Employee

John Owens
Posted Aug 14, 2020 02:37 PM

Reply Reply Privately
Can you try the following as a workaround:

change the registry value REG_SZ to REG_EXPAND_SZ

------------------------------
John Owens
Principal Product Support
Symantec
United States
------------------------------

Original Message
9. RE: SEP 14.3/14.3 MP1 crash at launch

0 Recommend
ICT UNDP
Posted Aug 14, 2020 07:01 PM

Reply Reply Privately
It works! Thanks a lot. Now I can launch SEP window without crashing it.

However since all versions of SEP prior 14.3 works fine with REG_SZ, I need to dig back to see if I can find out when Windows 10 changed it to REG_EXPAND_SZ.

Original Message
10. RE: SEP 14.3/14.3 MP1 crash at launch

0 Recommend
Broadcom Employee

John Owens
Posted Aug 14, 2020 07:09 PM

Reply Reply Privately
This should be addressed in next 14.3 RU1 release as well. You are very welcome!

Original Message
11. RE: SEP 14.3/14.3 MP1 crash at launch

0 Recommend
Sherri Austin
Posted Aug 19, 2020 06:52 PM

Reply Reply Privately
John,

Is there an estimated release date for next 14.3 RU1 update? I just upgraded our SEPMs to 14.3 MP1 and would like to start upgrading clients. If the next release isnt too far off, I may hold off as we have 50K + clients.

Original Message
12. RE: SEP 14.3/14.3 MP1 crash at launch

0 Recommend
Broadcom Employee

John Owens
Posted Aug 19, 2020 07:11 PM

Reply Reply Privately
Eta is Q4. Novemberish.

Original Message
13. RE: SEP 14.3/14.3 MP1 crash at launch

0 Recommend
Broadcom Employee

John Owens
Posted Aug 14, 2020 07:43 PM

Reply Reply Privately
Windows Profile Relocator may be changing these if you are using that.

Original Message
14. RE: SEP 14.3/14.3 MP1 crash at launch

0 Recommend
hdey_pmcs
Posted Aug 28, 2020 06:53 AM

Reply Reply Privately
Hi John, what if these settings are already like in the screenshot? Has windows profile relocation something to do with that? I have a customer with Dell Optiplex that has around 30 clients already on 14.3 MP1 with services not starting.. we already uninstalled all non-microsoft applications and did client installations from SES as well with the same result. Fixing the drivers in Windows 10 with dell update did not help either.

------------------------------
PMCS GmbH & Co. KG
------------------------------

Original Message
15. RE: SEP 14.3/14.3 MP1 crash at launch

0 Recommend
Broadcom Employee

John Owens
Posted Aug 28, 2020 10:02 AM

Reply Reply Privately
Hi there,

Then it is probably not related to this specific issue. I would open a support ticket with full process dump and symdiag to have reviewed.

Original Message
16. RE: SEP 14.3/14.3 MP1 crash at launch

0 Recommend
ICT UNDP
Posted Aug 14, 2020 06:31 PM

Reply Reply Privately
Symdiag report

Original Message

Endpoint Protection

SEP 14.3/14.3 MP1 crash at launch

ICT UNDPAug 14, 2020 02:03 AM

John OwensAug 14, 2020 10:16 AM

ICT UNDPAug 14, 2020 01:23 PM

John OwensAug 14, 2020 01:24 PM

ICT UNDPAug 14, 2020 01:49 PM

John OwensAug 14, 2020 02:07 PM

ICT UNDPAug 14, 2020 02:16 PM

John OwensAug 14, 2020 02:37 PM

ICT UNDPAug 14, 2020 07:01 PM

John OwensAug 14, 2020 07:09 PM

Sherri AustinAug 19, 2020 06:52 PM

John OwensAug 19, 2020 07:11 PM

John OwensAug 14, 2020 07:43 PM

hdey_pmcsAug 28, 2020 06:53 AM

John OwensAug 28, 2020 10:02 AM

ICT UNDPAug 14, 2020 06:31 PM

1. SEP 14.3/14.3 MP1 crash at launch

2. RE: SEP 14.3/14.3 MP1 crash at launch

3. RE: SEP 14.3/14.3 MP1 crash at launch

4. RE: SEP 14.3/14.3 MP1 crash at launch

5. RE: SEP 14.3/14.3 MP1 crash at launch

6. RE: SEP 14.3/14.3 MP1 crash at launch

7. RE: SEP 14.3/14.3 MP1 crash at launch

8. RE: SEP 14.3/14.3 MP1 crash at launch

9. RE: SEP 14.3/14.3 MP1 crash at launch

10. RE: SEP 14.3/14.3 MP1 crash at launch

11. RE: SEP 14.3/14.3 MP1 crash at launch

12. RE: SEP 14.3/14.3 MP1 crash at launch

13. RE: SEP 14.3/14.3 MP1 crash at launch

14. RE: SEP 14.3/14.3 MP1 crash at launch

15. RE: SEP 14.3/14.3 MP1 crash at launch

16. RE: SEP 14.3/14.3 MP1 crash at launch