Drivers used by Endpoint Protection Client
Article ID: 163631
Updated On:
Products
Issue/Introduction
Information about drivers used by Symantec Endpoint Protection (SEP) Client while troubleshooting on driver level isolation issue.
Environment
Symantec Endpoint Protection 14.x Managed/Unmanaged Client.
Resolution
Below are the drivers associated with different components or Feature sets of Symantec Endpoint Protection 14.x clients.
• AutoProtect kernel component drivers (Part of Antivirus and Antisypware)
srtsp.sys (32-bit Windows)
srtspx.sys (32-bit Windows)
srtspl.sys (legacy AP, 32-bit Windows)
srtsp64.sys (64-bit Windows)
srtspx64.sys (64-bit Windows)
srtspl64.sys (legacy AP, 64-bit Windows)
• Antivirus Engine kernel component drivers(Part of Antivirus and Antispyware)
NavEx15.sys (32-bit Windows)
NavEng.sys (legacy AVE, 32-bit Windows)
EX64.sys (64-bit Windows)
Eng64.sys (legacy AVE, 64-bit Windows)
• Firewall & IPS Kernel Component drivers (Part of Network Threat Protection)
teefer2.sys/ teefer3.sys
• STAR IPS kernel component drivers (Part of Network Threat Protection)
IDSviA64.sys - 64bit OS
IDSvix86.sys - 32bit OS
• BASH Kernel component drivers (Part of Antivirus and Antispyware + Proactive Threat Protection)
BHDrvx86 - 32bit OS
BHDrvx64 - 64bit OS
• Firewall kernel component drivers (Part of Network Threat Protection)
Component is different depending on the OS version installed.
SymTDI.sys: Windows 2000, XP, and 2003
SymTDIv.sys : Windows Vista, 2008
SymNetS.sys : Windows 7, 2008r2, onwards
• SymEFA kernel component drivers (Part of Network Threat Protection)
symefa.sys
• SymDS kernel component drivers
symds.sys
• Iron kernel component drivers
Ironx86.sys (32bit)
Ironx64.sys (64bit)
• Application and Device Control (ADC) kernel component drivers (Part of Proactive Threat Protection)
sysplant.sys
sydvctrl.sys
• ERASER kernel component drivers
ERASER.sys/EECTRL.sys (32 bit)
ERASER64.sys/EECTRL64.sys (64 bit)
• Power Eraser
SMRxxx.sys (where xxx is the driver version, like: SMR510.sys)
Feedback
