The 3rd Party Application makes the Symantec Endpoint Protection 12.1.3 client report as "Offline" status on the Symantec Endpoint Protection Manager console

book

Article ID: 158554

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

From client side,it seems that it is online. But on the Symantec Endpoint Protection Manager console,the clients show offline status.Check the sylink log, it seems that SMC throw Internet Exception:Error Code=122;AH: failed to open request.

In the Sylink Monitor log:

Throw Internet Exception, Error Code=122;AH: failed to open request.

11/01 14:56:20.896 [364] http://<SEPM's IP Address:Port Number>
11/01 14:56:20.896 [364] Throw Internet Exception, Error Code=122;AH: failed to open request.
11/01 14:56:20.896 [364] CInternetException: : �ǻ���t�ΩI�s����ưϤӤp�C
11/01 14:56:19.771 [364] COMPLETED, returned 7

Or

2013/11/20 15:18:57.675 [3876:4580] <CheckUserInformation>: Failed to open ccSettings key UserInformation. (Probably because it doesn't exist) Error: 2147483904 
2013/11/20 15:18:57.878 [3876:2364] <SyLink>[MakeRegisterData] registration Hardware Key=051D619910F07E1A0120000D8CA02C8B 
2013/11/20 15:18:57.878 [3876:2364] Sylink:(EXCEPTION, err=122) AH: failed to open request. 
2013/11/20 15:18:57.878 [3876:2364] <SyLink>[SendRegsitrationRequest] Request Result= 7 
2013/11/20 15:18:57.893 [3876:2364] ###### Set ACSConnec offline
 

Cause

From the sceenshot, It seems that SMC.exe and CCsvchst.exe call the dynamic library(.dll) of the three party software. Or it could be understood that the third party software injects their dynamic library into the system, so SEP client loads them.

It is not virus and some softwares like Font translate software have such behaviour.

Resolution

Please remove the 3rd Party Application :
Product Name: 字霸中文 自動造字系統Client(V8.5)   

Publisher:  Astar Printerlink Co., Ltd.   

Version: 8.50.0000   
PATH=> C:\Program Files\AstarSoftlink\AsEudcClient\   
PATH=> C:\WINDOWS\Installer\b2d28.msi   
MD5 Hash:
MsiExec.exe /I{A4FDF149-6396-492D-9FD6-CAC8D9E994C8}
 

 

Applies To

Symantec Endpoint Protection 12.1.3 - RU3

Attachments