search cancel

"Network Intrusion Prevention is not protecting machine because its driver was unloaded" error when definitions update

book

Article ID: 164114

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

When Intrusion Prevention definitions update the following error may be logged in the client and the Windows Event Viewer Application log:

"Network Intrusion Prevention is not protecting machine because its driver was unloaded"

 

Shortly after this the following message is logged:

"Network Intrusion Prevention has been restored and enabled"

 

 

Network Intrusion Prevention is not protecting machine because its driver was unloaded

 

Cause

When Intrusion Prevention is updated it is normal for it's driver to be unloaded so it can switch over to the new definition set. This error is the result of a timing issue where a check takes place to see if the driver is loaded when it's in the midst of being reloaded. As this is a timing issue, it may only occur sometimes or only on some machines and not others.

Resolution

This is expected functionality and this message can be safely ignored if it's being properly restored shortly afterwards, generally less than a minute but timing will depend upon system speed. This message should not appear as frequently in Symantec Endpoint Protection 14.0 as multiple checks are now done and must all fail before this will be logged.