search cancel

Drivers used by Endpoint Protection Client

book

Article ID: 163631

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Information about drivers used by Symantec Endpoint Protection (SEP) Client while troubleshooting on driver level isolation issue.

Environment

Symantec Endpoint Protection 14.x Managed/Unmanaged Client.

Resolution

Below are the drivers associated with different components or Feature sets of Symantec Endpoint Protection 14.x clients.

•       AutoProtect kernel component drivers (Part of Antivirus and Antisypware)

        srtsp.sys (32-bit Windows)
        srtspx.sys (32-bit Windows)
        srtspl.sys (legacy AP, 32-bit Windows)
        srtsp64.sys (64-bit Windows)
        srtspx64.sys (64-bit Windows)
        srtspl64.sys (legacy AP, 64-bit Windows)

•       Antivirus Engine Engine kernel component drivers(Part of Antivirus and Antispyware)

        NavEx15.sys (32-bit Windows)
        NavEng.sys (legacy AVE, 32-bit Windows)
        EX64.sys (64-bit Windows)        
        Eng64.sys (legacy AVE, 64-bit Windows)

•       Firewall & IPS Kernel Component drivers (Part of Network Threat Protection)

        teefer2.sys/ teefer3.sys

•       STAR IPS kernel component drivers (Part of Network Threat Protection)

        IDSviA64.sys - 64bit OS
        IDSvix86.sys - 32bit OS

•       BASH Kernel component drivers (Part of Antivirus and Antispyware + Proactive Threat Protection)

        BHDrvx86 - 32bit OS
        BHDrvx64 - 64bit OS

•       Firewall kernel component drivers (Part of Network Threat Protection)

        Component is different depending on the OS version installed. 
        SymTDI.sys: Windows 2000, XP, and 2003
        SymTDIv.sys : Windows Vista, 2008
        SymNetS.sys : Windows 7, 2008r2, onwards

•       SymEFA kernel component drivers (Part of Network Threat Protection)

        symefa.sys

•       SymDS kernel component drivers

        symds.sys

•       Iron kernel component drivers

        Ironx86.sys (32bit)
        Ironx64.sys (64bit)

•       Application and Device Control (ADC) kernel component drivers (Part of Proactive Threat Protection)

        sysplant.sys

•       ERASER kernel component drivers

        ERASER.sys/EECTRL.sys (32 bit)
        ERASER64.sys/EECTRL64.sys (64 bit)

•       Power Eraser

        SMRxxx.sys (where xxx is the driver version, like: SMR510.sys)