search cancel

Symantec Endpoint Protection error: PTS (or TruScan) has generated an error: code 11: description: Whitelist Failure

book

Article ID: 151401

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

PTS has generated an error: code 11: description: Whitelist Failure

Symptoms
By default, the error appears one hour after the Symantec Endpoint Protection service is started. If the Heuristics and Proactive threat detection scan frequency is changed from the
default frequency then the error will occur when the initial Proactive Threat scan (PTS) starts. In some cases, Proactive Threat Protection (PTP) shows as disabled and Awaiting Updates.

 

Cause

The Whitelist Failure error occurs when PTP is installed and the definitions have not properly propagated to the PTP definition location on the client computer.

Resolution

Validate the presence of the PTP definitions
1. Navigate to C:\Documents and Settings\All Users\Application Data\Symantec\SyKnAppS\
2. If this folder contains 3 empty folders and 2 files (patch25.dll and SyKnAppS.dll), then the client has not retrieved and applied the PTP definitions.
3. Verify that the client can contact its source for definitions.

    • Run LiveUpdate on the Symantec Endpoint Protection client.
    • If the Symantec Endpoint Protection client is not allowed to run LiveUpdate, and retrieves definitions from the Symantec Endpoint Protection Manager then verify that the client is communicating properly
      with the Symantec Endpoint Protection Manager server.
    • If the Symantec Endpoint Protection Manager does not pull down the whitelist content until after the client is installed, the client will not be able to retrieve the content. Look for the following folder:
      C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\content\{812CD25E-1049-4086-9DDD-A4FAE649FBDF}\<revision folder>\Full
      If the {812CD25E-1049-4086-9DDD-A4FAE649FBDF} moniker folder is not present then run LiveUpdate from within the Symantec Endpoint Protection Manager console. This will make the content available for the Symantec Endpoint Protection client to download.

The following may also resolve this issue:

  • Modify the installation of Symantec Endpoint Protection through Add or Remove Programs and uninstall Proactive Threat Protection, then modify it a second time to reinstall it.
  • Uninstall both LiveUpdate and Symantec Endpoint Protection, reinstall Live Update, then reinstall Symantec Endpoint Protection.


If the above steps do not resolve the issue then collect the log.liveupdate file located in the C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate folder then contact
Symantec Technical Support for log analysis and further troubleshooting.



Attachments