Drivers used by Endpoint Protection Client
search cancel

Drivers used by Endpoint Protection Client

book

Article ID: 163631

calendar_today

Updated On: 03-26-2025

Products

Endpoint Protection

Issue/Introduction

Information about drivers used by Symantec Endpoint Protection (SEP) Client while troubleshooting on driver level isolation issue.

Environment

Symantec Endpoint Protection 14.x Managed/Unmanaged Client.

Resolution

Below are the drivers associated with different components or Feature sets of Symantec Endpoint Protection 14.x clients.

•       AutoProtect kernel component drivers (part of Antivirus and Antisypware)

        srtsp.sys (32-bit Windows)
        srtspx.sys (32-bit Windows)
        srtspl.sys (legacy AP, 32-bit Windows)
        srtsp64.sys (64-bit Windows)
        srtspx64.sys (64-bit Windows)
        srtspl64.sys (legacy AP, 64-bit Windows)

•       Antivirus Engine kernel component drivers (part of Antivirus and Antispyware)

        NavEx15.sys (32-bit Windows)
        NavEng.sys (legacy AVE, 32-bit Windows)
        EX64.sys (64-bit Windows)        
        Eng64.sys (legacy AVE, 64-bit Windows)

•       Firewall & IPS Kernel Component drivers (part of Network Threat Protection)

        teefer2.sys/ teefer3.sys

•       STAR IPS kernel component drivers (part of Network Threat Protection)

        IDSvia64.sys - 64bit OS
        IDSvix86.sys - 32bit OS

•       BASH Kernel component drivers (part of Antivirus and Antispyware + Proactive Threat Protection)

        BHDrvx86 - 32bit OS
        BHDrvx64 - 64bit OS

•       Firewall kernel component drivers (part of Network Threat Protection)

        Component is different depending on the OS version installed. 
        SymTDI.sys: Windows 2000, XP, and 2003
        SymTDIv.sys : Windows Vista, 2008
        SymNetS.sys : Windows 7, 2008r2, onwards

•       SymEFA kernel component drivers (part of Network Threat Protection)

        symefa.sys

•       SymDS kernel component drivers

         symds.sys

•       Symantec Extended File Attributes

         symefasi64.sys

•       Symantec Network Security WFP Driver

         SymNets.sys

•       Symantec Event Library

         SymEvnt.sys
         Symevent64x86.sys

•       Symantec ELAM

         SymELAM.sys

•       Common Client Settings Driver

         ccSetx64.sys

•       Application and Device Control (ADC) kernel component drivers (Part of Proactive Threat Protection)

        sysplant.sys
        sydvctrl.sys      

•       Iron kernel component drivers

        IRONx86.sys (32bit)
        IRONx64.sys (64bit)

•       ERASER kernel component drivers

        ERASER.sys/EECTRL.sys (32 bit)
        ERASER64.sys/EECTRL64.sys (64 bit)
        eeCtrl64.sys
        EraserUtilRebootDrv.sys

•       Power Eraser

        SMRxxx.sys (where xxx is the driver version, like: SMR510.sys)

Powered by Wolken Software