DLP EDPA and WDP services crashing immediately
search cancel

DLP EDPA and WDP services crashing immediately

book

Article ID: 277582

calendar_today

Updated On:

Products

Data Loss Prevention Data Loss Prevention Endpoint Prevent

Issue/Introduction

You installed the DLP agent and both EDPA and WDP services are crashing immediately. In the "edpa_ext0.log" logs you will see the following errors; you may need to gather logs using symdiag.

 

File: Files/C__Program Files_DLP_Endpoint Agent_edpa_ext0.log
Date: <TimeStamp>
Thread: 1048
Level: WARNING
Source: FileSystem.ApplicationChecklist
Message: Failed in getting explorer path (shell), err:2
 
File: Files/C__Program Files_DLP_Endpoint Agent_edpa_ext0.log
Date: <TimeStamp>
Thread: 1048
Level: SEVERE
Source: FileSystem.FileSystemConnector
Message: Exception occured while starting the FileSystemConnector. Error Code : 0x80010005

 

Windows event will also contain the following: 

 

Environment

15.X/16.0

Cause

The DLP agent service (fsc.dll) is unable to initiate its drivers as it fails to determine the path to the Windows shell and causes the agent to shut down, which is why you see two errors in the logs. 

Resolution

Make sure that under HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon you have Shell (REG_SZ) entry in your registry. If missing, create it with explorer.exe as the Data value.

Example:

Powered by Wolken Software