search cancel

Web browsers crashing and Microsoft processes will not start while BeyondTrust Power Broker is installed

book

Article ID: 163578

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Microsoft processes and Symantec Endpoint Protection Master Service (ccsvchst.exe) will not start, Internet Explorer and Chrome browsers crash.

Environment

Symantec Endpoint Protection 12.1.x
Beyond Trust Power Broker 6.0

Cause

On August 23, 2016, an update to the Intrusion Prevention component of Symantec Endpoint Protection enabled additional application hooks intended to improve efficacy and protection. Older versions of the BeyondTrust PowerBroker software are overwriting these hooks with their own process hooks. The side effect of this conflict is that SEP client processes and other 3rd party processes may unexpectedly stop or terminate.

 

Resolution

New IPS content was released on August 26th, 2016 (20160826.012) to address this concern.

One or more of the following actions may be necessary if an affected client's ccSvcHst.exe process cannot be started:

  • Uninstall and reinstall Symantec Endpoint Protection
  • Run a repair on Symantec Endpoint Protection:
    1. Open Programs and Features
    2. Select Symantec Endpoint Protection
    3. Click "Repair"
  • Remove the conflicting hooks:
    1. Uninstall/disable the 3rd party software that is creating the conflict
    2. Restart the Endpoint Protection Master Service
    3. Run liveupdate and ensure the client has IPS content of revision 20160826.012 or greater
    4. Reinstall/re-enable the 3rd party software

Additionally, the following options have also been known to rectify this:

  • Upgrade Beyond Trust to the latest version. The version this has been observed on is 6.0 or older
  • Within the Power Broker software, add exclusions for the impacted web browser or Microsoft processes

Note: We highly recommend updating the BeyondTrust software or engaging BeyondTrust support to ensure compatibility with future releases of Intrusion Prevention content.