ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Repeated SEP client installs or upgrades may lead to catroot database corruption

book

Article ID: 238513

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

When multiple successive versions of SEP have been installed or upgraded on a computer the catroot database used by Windows' CryptSvc may exhibit signs of corruption.

Symptoms:

  • Launching PowerShell, cscript or similar takes minutes instead of seconds
  • Signature verification using catalogs fails or takes forever
  • C:\Windows\System32\catroot2\dberr.txt contains related errors

Cause

CIDS driver installs its catalog file to unique GUIDs for each version, and cleanup of the prior catalog may occasionally fail. Windows eventually reaches a subsystem limit and the catroot database will generate error codes like -1601, -1811, and -1805.

Resolution

Upgrading the SEP client to 14.3 RU4 will attempt to clean the stale catalog files. If installation fails, a reboot may be necessary to allow the cleanup to complete before attempting the install again.

A permanent fix is being developed for release in a future version. This document will be updated upon its release.

Additional Information

SEP-75245

SEP-75255