Endpoint Protection

We are experiencing the problem addressed in the following closed thread: https://www-secure.symantec.com/connect/forums/after-install-sep-client-mr5-i-have-receive-all-machine-events-error-crypt32

But we do NOT use a proxy server.  The solution listed in that thread does not work for us.  There is nothing to prevent our servers reaching the windows update servers, but we still see this message every 11-15 minutes in the windows event logs after installing Symantec Endpoint Protection.  Repeated searches have been fruitless in trying to solve this problem.  Why do Symantec/Microsoft want to continue pointing to proxy server settings when we don't use a proxy server?

This thread is equally pointing to a similar issue.

https://www-secure.symantec.com/connect/forums/crypt32-application-event-errors-after-installing-sept-11-how-do-i-disable-them

Although Root Certificates can be dissabled, if you so choose.

Else, they are not in the "important" or "critical" updates in Windows update.

Rather "Root certificates" are considered "optional".  So, even if you are only installing base updates, without selecting any optional updates, including root certificate updates, you will not receive them.

They can be installed manually via a push, through WSUS servers or through the optional component in windows update.

Which version of SEP are you using?  Which operating system?  Was a previous build of SEP on this machine before?

I have found that sometimes the Windows System account has incorrect values for proxy information, even if a proxy is not in use.  It is not something that SEP has any control over, just usually comes to light because SEP utilizes the System account for things like scheduled LiveUpdate.

I recently encountered a case in which proxy information for the System account was incorrect despite setting it correctly with proxycfg, and I believe the explanation is this:

...the Microsoft Windows HTTP Services (WinHTTP) proxy configuration tool, "ProxyCfg.exe".
...
The proxy settings for WinHTTP are not the proxy settings for Microsoft Internet Explorer. You cannot configure the proxy settings for WinHTTP in the Microsoft Windows Control Panel. Using the WinHTTP proxy configuration utility does not alter the settings you use for Internet Explorer.

This customer was able to correct set the proxy information using BITSAdmin per the example as given in this blog:

If you need to change the proxy settings for the any of the system account like Network Service you can use the “bitsAdmin” command as shown in the following example:
bitsAdmin /Util /SetIEProxy NETWORKSERVICE MANUAL_PROXY [myProxy]:[myPort]
You can find the complete reference for this command at: http://msdn2.microsoft.com/en-US/library/aa362813.aspx

There is more information in the Solution of the following document about why this is occurring as of RU5.

Title: 'Event ID 8 notification about crypt32 seen in Application log after installing Symantec Endpoint Protection 11.0.5 client'
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008101609211848

sandra

Hello Sandra,
We have same problem too,
Every computer create this error even Windows XP or Server 2003,
All these clients have Proxy Isa Server 2006 and taken updates from WSUS,
We don't want to remove Root Certificate in add/remove programs.
and Server 2003 can connect to windows update web  site. There is no deny rule for update sites in ISA,
How can ew fix it?

Best Regards.
Fatih

If verifying the proxy settings for the System account isn't doing the trick, you could try the suggestion in this comment.

sandra