cluberti Posted July 10, 2009 Share Posted July 10, 2009 Never got a new dump. Honestly it looks a lot like Symantec may be the culprit from further analysis with Mr Snrub and myself, but without pool tagging it's going to be hard to say for certain. It's definitely an IRP leak, which seem to mostly track back to USB devices or FILE objects which are being held up by symevent.sys (hence only POSSIBLY Symantec - could be a bad driver too). Link to comment Share on other sites More sharing options...
tmp007 Posted July 11, 2009 Author Share Posted July 11, 2009 Hello Cluberti and Mr Snrub,I am bit away from that machine at the moment, I'm pretty sure it have core'd till now.I will upload it as soon as I get control over. Wont be much long :-) Link to comment Share on other sites More sharing options...
malmal Posted July 12, 2009 Share Posted July 12, 2009 In the meantime, is pool tagging worth enabling on a XP x64 machine at home that never bsods?Or just for company servers.Hmm... if it never bsods it wouldn't need it. Link to comment Share on other sites More sharing options...
tmp007 Posted July 13, 2009 Author Share Posted July 13, 2009 Hello Cluberti and Mr Snrub,Lets get back to the business :-)1: kd> !poolused 7 Sorting by NonPaged Pool Consumed Pool Used: NonPaged Paged Tag Allocs Frees Diff Used Allocs Frees Diff Used Irp 1234650 923602 311048 193442080 0 0 0 0 Io, IRP packets NDCM 4878844 4877733 1111 11535984 0 0 0 0 UNKNOWN pooltag 'NDCM', please update pooltag.txt SpDN 117439 117420 19 9408720 602 602 0 0 UNKNOWN pooltag 'SpDN', please update pooltag.txt Ar5k 295798 251837 43961 7129360 0 0 0 0 UNKNOWN pooltag 'Ar5k', please update pooltag.txt MmCm 770 23 747 3625232 0 0 0 0 Calls made to MmAllocateContiguousMemory , Binary: nt!mm tdLL 11832 9916 1916 1260968 0 0 0 0 UNKNOWN pooltag 'tdLL', please update pooltag.txt Attv 1418997 1418635 362 744608 0 0 0 0 UNKNOWN pooltag 'Attv', please update pooltag.txt Ddk 22 0 22 720968 84 78 6 336 Default for driver allocated memory (user's of ntddk.h) Wdm 2955 2116 839 698352 298 287 11 1392 WDM INTC 110935 110902 33 541608 347223 346967 256 10804344 Intel video driver Thre 1260008 1259207 801 506232 0 0 0 0 Thread objects , Binary: nt!ps File 7652723 7649529 3194 488176 0 0 0 0 File objects Devi 966 446 520 365640 0 0 0 0 Device objects AmlH 4 0 4 262144 0 0 0 0 ACPI AMLI Pooltags Even 2354587 2349626 4961 242512 0 0 0 0 Event objects SACM 54717 52659 2058 224912 0 0 0 0 UNKNOWN pooltag 'SACM', please update pooltag.txt Mm 13 0 13 222432 641 637 4 2632 general Mm Allocations , Binary: nt!mm CMpa 37521 33669 3852 215712 0 0 0 0 registry post apcs , Binary: nt!cm Vad 681176 676726 4450 213600 0 0 0 0 Mm virtual address descriptors , Binary: nt!mm NDpp 87 15 72 197840 0 0 0 0 packet pool , Binary: ndis.sys Ntf0 3 0 3 196608 327432 326175 1257 95320 general pool allocation , Binary: ntfs.sys usbp 4877 4827 50 193672 137 128 9 424 UNKNOWN pooltag 'usbp', please update pooltag.txt Ntfr 28341 26017 2324 149192 0 0 0 0 ERESOURCE , Binary: ntfs.sys AfdC 11124 10254 870 139200 0 0 0 0 Afd connection structure , Binary: afd.sys Pool 4 1 3 135168 0 0 0 0 Pool tables, etc. ... TOTAL 129490997 129081351 409646 236314128 226032011 225955018 76993 126236672 Link to comment Share on other sites More sharing options...
tmp007 Posted July 13, 2009 Author Share Posted July 13, 2009 New dump (with pool tagging enabled) available on http://www.megaupload.com/?d=DYWZA3W7Hope this helps to pin point the exact cause and solution.(Plz explain in details on root cause as I am not that expert in understanding Windows stuff, it will help me :-)) Link to comment Share on other sites More sharing options...
Mr Snrub Posted July 13, 2009 Share Posted July 13, 2009 Did you test uninstalling Symantec AV?The dump still has it loaded, with those modules from 2006 present...The pool tagging just confirms what we suspected - the nonpaged pool is exhausted through allocations to "Irp ", which is from I/O request packets.The I/Os themselves are completed, but the pool allocations not freed, most likley due to some driver.The I/Os also seem to be aimed at the various USB root hubs, which is why I also asked about any USB devices that may have been connected to the system recently.If I was a betting man, I would say it's Symantec AV causing the problem from the information we have so far - I would start by uninstalling that and watching the system for ~20 hours (the dumps so far seem to take 16-19 hours to get the point where they crash). Link to comment Share on other sites More sharing options...
tmp007 Posted July 13, 2009 Author Share Posted July 13, 2009 Hello Mr Snrub,Did you test uninstalling Symantec AV?>> No I haven't tested that yet as I wanted to get to the root cause before attempt for any workaround..Yes, I agree that the nonpaged pool is exhausted through allocations to "Irp "Can you throw some light what exactly poinits to Symantec AV ?The I/Os themselves are completed, but the pool allocations not freed, most likley due to some driver.>> can we determine exactly which drivers? Link to comment Share on other sites More sharing options...
Mr Snrub Posted July 13, 2009 Share Posted July 13, 2009 Did you test uninstalling Symantec AV?>> No I haven't tested that yet as I wanted to get to the root cause before attempt for any workaround..For easily reproducible issues it can be quicker to do simple "one at a time" tests, so considered part of root cause analysis (even if it rules the component out by the problem still being present without its presence).Yes, I agree that the nonpaged pool is exhausted through allocations to "Irp "Can you throw some light what exactly poinits to Symantec AV ?Experience The I/Os themselves are completed, but the pool allocations not freed, most likley due to some driver.>> can we determine exactly which drivers?Smarter people than me might be able to, but due to the way device and filter drivers work it's more of a "go with your gut" from me Link to comment Share on other sites More sharing options...
cluberti Posted July 13, 2009 Share Posted July 13, 2009 So, you want root cause, eh? Don't trust us? Well, I don't trust me either (although we were right). See here:// IRP list, showing the major IRP locations - in this case, Ntfs, Npfs, and Tcpip: Driver IRP[0] IRP[1] Maj/Min Function Count Name of Driver 8a683030 88670da8 ( e, 0) IRP_MJ_DEVICE_CONTROL 1 \Driver\NDProxy 8a7633f8 89cc57a0 ( e, 0) IRP_MJ_DEVICE_CONTROL 1 \Driver\Compbatt 8a6c5f38 8a683198 ( e, 0) IRP_MJ_DEVICE_CONTROL 1 \Driver\MountMgr 8a76a608 8a7345a0 8a733598 ( e, 0) IRP_MJ_DEVICE_CONTROL 5 \Driver\ACPI 8a76a608 8a731a80 (16, 0) IRP_MJ_POWER 1 \Driver\ACPI 8a6e5030 886f7700 886fc6e0 ( e, 0) IRP_MJ_DEVICE_CONTROL 5 \FileSystem\sr 89d69b78 87e7ad98 88127b20 ( c, 2) IRP_MJ_DIRECTORY_CONTROL 144 \FileSystem\Ntfs 89d69b78 8a6a6008 ( d, 0) IRP_MJ_FILE_SYSTEM_CONTROL 1 \FileSystem\Ntfs 89d69b78 ffbcb008 ( 0, 0) IRP_MJ_CREATE 1 \FileSystem\Ntfs 8a6e0f38 89cb9c88 ( e, 0) IRP_MJ_DEVICE_CONTROL 1 \Driver\CmBatt 8a67e438 89cb8c50 ( 0, 0) IRP_MJ_CREATE 1 \Driver\Cdrom 8a6df898 f7ce8b28 ( e, 0) IRP_MJ_DEVICE_CONTROL 1 \Driver\IBMPMDRV 8a6c6860 89d68450 ( e, 0) IRP_MJ_DEVICE_CONTROL 1 \Driver\Ftdisk 89d1b3b0 896b8ec8 ( e, 0) IRP_MJ_DEVICE_CONTROL 1 \Driver\NdisTapi 8a689870 84b003c8 f7f574f0 ( e, 0) IRP_MJ_DEVICE_CONTROL 3 \Driver\BTKRNL 8a67f030 88418bc8 88450e70 ( e, 0) IRP_MJ_DEVICE_CONTROL 19 \Driver\Tcpip 8a6ceca0 885cef68 885d3008 ( e, 0) IRP_MJ_DEVICE_CONTROL 2 \Driver\NdisWan 89cc2208 88920940 ( 3, 0) IRP_MJ_READ 1 \Driver\TermDD 8a6bb030 8956a008 f7c072f8 ( 3, 0) IRP_MJ_READ 2 \Driver\Kbdclass 8a6bd140 88b15008 f7db9710 ( 3, 0) IRP_MJ_READ 2 \Driver\Mouclass 0 89596a30 ( d, 0) IRP_MJ_FILE_SYSTEM_CONTROL 1 name not available 89619a98 8831cd98 88435c08 ( d, 0) IRP_MJ_FILE_SYSTEM_CONTROL 26 \FileSystem\Npfs 89619a98 842c6598 86af3280 ( 3, 0) IRP_MJ_READ 82 \FileSystem\Npfs 89bb3168 88915e70 ( 3, 0) IRP_MJ_READ 1 \FileSystem\Msfs 89ad3898 889a1338 ( e, 0) IRP_MJ_DEVICE_CONTROL 1 \Driver\SAVRT 8957b948 8854d680 8865c6d8 ( e, 0) IRP_MJ_DEVICE_CONTROL 4 \FileSystem\MRxSmb 8a685d10 89c7c7d0 ( f, 0) IRP_MJ_INTERNAL_DEVICE_CONTROL 1 \Driver\usbehci 89d694c8 896d47d0 89683838 ( f, 0) IRP_MJ_INTERNAL_DEVICE_CONTROL 4 \Driver\usbuhci 8956e198 88870c08 88974698 ( 3, 0) IRP_MJ_READ 2 \Driver\SPBBCDrv 89bb2030 8885dec8 ( e, 0) IRP_MJ_DEVICE_CONTROL 1 \Driver\IPSec 89cba030 886542a0 8865a5f0 ( e, 0) IRP_MJ_DEVICE_CONTROL 6 \Driver\IpNat 8957f598 88444738 88a6c5d0 ( e, 0) IRP_MJ_DEVICE_CONTROL 2 \Driver\NetBT 895ae540 889cc990 889cdc18 ( e,2d) IRP_MJ_DEVICE_CONTROL 3 \Driver\AFD 895ae540 885f76a8 889df4a8 ( e, 9) IRP_MJ_DEVICE_CONTROL 5 \Driver\AFD 895ae540 885c7640 885c7bd0 ( e,43) IRP_MJ_DEVICE_CONTROL 10 \Driver\AFD 895ae540 88a39720 88b05530 ( e, 3) IRP_MJ_DEVICE_CONTROL 3 \Driver\AFD 895ae540 886b26a8 88a6d730 ( e,20) IRP_MJ_DEVICE_CONTROL 2 \Driver\AFD 88a64990 88982a30 ( 3, 0) IRP_MJ_READ 1 \Driver\Ndisuio 889b5030 889dd828 ( e, 0) IRP_MJ_DEVICE_CONTROL 1 \Driver\irda 889a5cd0 88663dd0 886652b8 ( 3, 0) IRP_MJ_READ 4 \Driver\AegisP 8a68af38 884ff4a8 885024b0 ( e, 0) IRP_MJ_DEVICE_CONTROL 20 \Driver\HTTP 0 89cc1a28 89d89008 ( 0, 0) IRP_MJ_CREATE 2 name not available Driver IRP[0] IRP[1] Maj/Min Function Count Name of Driver 42 Drivers with 1 or more Active IRPs, accounting for 376 of 376 Active IRPs// First looking at the NTFS IRPs, showing us pending in FltMgr, a filter driver wants// to act on these writes (symevent.sys), but it isn't able to yet because something// further up the tree is pending (also note csrss.exe as the handle object):1: kd> !drvobj 89d69b78Driver object (89d69b78) is for: \FileSystem\NtfsDriver Extension List: (id , addr)Device Object list:8a6e0020 89d69a601: kd> !devobj 8a6e0020 Device object (8a6e0020) is for: \FileSystem\Ntfs DriverObject 89d69b78Current Irp 00000000 RefCount 0 Type 00000008 Flags 00000000DevExt 8a6e00d8 DevObjExt 8a6e0880 ExtensionFlags (0000000000) AttachedDevice (Upper) 89d6a268 \FileSystem\FltMgrDevice queue is not busy.1: kd> !devobj 89d69a60 Device object (89d69a60) is for: Ntfs \FileSystem\Ntfs DriverObject 89d69b78Current Irp 00000000 RefCount 1 Type 00000008 Flags 00000040Dacl e101690c DevExt 00000000 DevObjExt 89d69b18 ExtensionFlags (0000000000) AttachedDevice (Upper) 8a69ccb8 \FileSystem\FltMgrDevice queue is not busy.1: kd> !irp 87e7ad98Irp is active with 14 stacks 13 is current (= 0x87e7afb8) No Mdl: No System Buffer: Thread 88a6f3e8: Irp stack trace. cmd flg cl Device File Completion-Context [ 0, 0] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 [ 0, 0] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 [ 0, 0] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 [ 0, 0] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 [ 0, 0] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 [ 0, 0] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 [ 0, 0] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 [ 0, 0] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 [ 0, 0] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 [ 0, 0] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 [ 0, 0] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 [ 0, 0] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000>[ c, 2] 0 1 8a6e0020 88a53928 00000000-00000000 pending \FileSystem\Ntfs Args: 00001000 00000c5b 00000000 00000000 [ c, 2] 0 0 89b0a870 88a53928 00000000-00000000 \Driver\SymEvent Args: 00001000 00000c5b 00000000 000000001: kd> !fileobj 88a53928 \WINDOWSDevice Object: 0x89d6c030 \Driver\FtdiskVpb: 0x8a6bf7b0Access: Read SharedRead SharedWrite Flags: 0x40000 Handle CreatedFsContext: 0xe17dbd20 FsContext2: 0xe1232838CurrentByteOffset: 01: kd> !handle 00000c5b processor number 1, process 8951c020PROCESS 8951c020 SessionId: 0 Cid: 037c Peb: 7ffdf000 ParentCid: 034c DirBase: 20d90000 ObjectTable: e4bac9f0 HandleCount: 816. Image: csrss.exeHandle table at e7db8000 with 816 Entries in use0c5b: Object: 882318c8 GrantedAccess: 001f03ff Entry: e7db98b0Object: 882318c8 Type: (8a75b730) Thread ObjectHeader: 882318b0 (old version) HandleCount: 1 PointerCount: 31: kd> !irp 88127b20Irp is active with 14 stacks 13 is current (= 0x88127d40) No Mdl: No System Buffer: Thread 88a6f3e8: Irp stack trace. cmd flg cl Device File Completion-Context [ 0, 0] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 [ 0, 0] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 [ 0, 0] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 [ 0, 0] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 [ 0, 0] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 [ 0, 0] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 [ 0, 0] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 [ 0, 0] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 [ 0, 0] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 [ 0, 0] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 [ 0, 0] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000 [ 0, 0] 0 0 00000000 00000000 00000000-00000000 Args: 00000000 00000000 00000000 00000000>[ c, 2] 0 1 8a6e0020 88a04838 00000000-00000000 pending \FileSystem\Ntfs Args: 00001000 00000c5b 00000000 00000000 [ c, 2] 0 0 89b0a870 88a04838 00000000-00000000 \Driver\SymEvent Args: 00001000 00000c5b 00000000 000000001: kd> !fileobj 88a04838 \WINDOWS\system32Device Object: 0x89d6c030 \Driver\FtdiskVpb: 0x8a6bf7b0Access: Read SharedRead SharedWrite Flags: 0x40000 Handle CreatedFsContext: 0xe17c8d20 FsContext2: 0xe1278780// Now we go to look at Npfs (named pipe file system), to try and determine what it// is further up the tree that is pending:1: kd> !drvobj 89619a98Driver object (89619a98) is for: \FileSystem\NpfsDriver Extension List: (id , addr)Device Object list:89bb60301: kd> !devobj 89bb6030 Device object (89bb6030) is for: NamedPipe \FileSystem\Npfs DriverObject 89619a98Current Irp 00000000 RefCount 204 Type 00000011 Flags 00000240Dacl e17d9774 DevExt 89bb60e8 DevObjExt 89bb6188 ExtensionFlags (0000000000) Device queue is not busy.1: kd> !irp 842c6598Irp is active with 1 stacks 1 is current (= 0x842c6608) No Mdl: No System Buffer: Thread 88a2d020: Irp stack trace. cmd flg cl Device File Completion-Context>[ 3, 0] 0 1 89bb6030 87c554f0 00000000-00000000 pending \FileSystem\Npfs Args: 00000400 00000000 00000000 000000001: kd> !fileobj 87c554f0 \lsassDevice Object: 0x89bb6030 \FileSystem\NpfsVpb is NULLFlags: 0x40080 Named Pipe Handle CreatedFsContext: 0xe7fe8449 FsContext2: 0x88961bc0Private Cache Map: 0x00000001CurrentByteOffset: 01: kd> !irp 86af3280Irp is active with 1 stacks 1 is current (= 0x86af32f0) No Mdl: No System Buffer: Thread 88711658: Irp stack trace. cmd flg cl Device File Completion-Context>[ 3, 0] 0 1 89bb6030 88711e58 00000000-00000000 pending \FileSystem\Npfs Args: 00000216 00000000 00000000 00000000// We can see that there is an IRP to the network namespace:1: kd> !fileobj 88711e58\net\NtControlPipe31Device Object: 0x89bb6030 \FileSystem\NpfsVpb is NULLFlags: 0x40082 Synchronous IO Named Pipe Handle CreatedFile Object is currently busy and has 0 waiters.FsContext: 0xe73e9458 FsContext2: 0x88711490Private Cache Map: 0x00000001CurrentByteOffset: 01: kd> !irp 8831cd98Irp is active with 1 stacks 1 is current (= 0x8831ce08) No Mdl: No System Buffer: Thread 88a2d020: Irp stack trace. cmd flg cl Device File Completion-Context>[ d, 0] 5 1 89bb6030 88477bc8 00000000-00000000 pending \FileSystem\Npfs Args: 00000000 00000000 00110008 000000001: kd> !fileobj 88477bc8 \lsassDevice Object: 0x89bb6030 \FileSystem\NpfsVpb is NULLFlags: 0x40080 Named Pipe Handle CreatedFsContext: 0xe7e3b3f1 FsContext2: 0xfa0d3280Private Cache Map: 0x00000001CurrentByteOffset: 0// We can see that there is an IRP to the workstation service:1: kd> !irp 88435c08Irp is active with 1 stacks 1 is current (= 0x88435c78) No Mdl: No System Buffer: Thread ff6a1b38: Irp stack trace. cmd flg cl Device File Completion-Context>[ d, 0] 5 1 89bb6030 886752d0 00000000-00000000 pending \FileSystem\Npfs Args: 00000000 00000000 00110008 000000001: kd> !fileobj 886752d0 \wkssvcDevice Object: 0x89bb6030 \FileSystem\NpfsVpb is NULLFlags: 0x40080 Named Pipe Handle CreatedFsContext: 0xe8601429 FsContext2: 0x886754d0Private Cache Map: 0x00000001CurrentByteOffset: 0// Knowing the workstation service and the network is where our IRPs are going, we should// start looking at the Tcpip IRPs, because we're definitely hanging up here...:1: kd> !drvobj 8a67f030Driver object (8a67f030) is for: \Driver\TcpipDriver Extension List: (id , addr)Device Object list:89603668 8961fa60 8961fb78 895cd38889cc7030// ...and here it is, SYMTDI.SYS doing heap operations - note these IRPs won't complete// until SYMTDI finishes it's heap operations:1: kd> !irp 88418bc8Irp is active with 2 stacks 1 is current (= 0x88418c38) No Mdl: No System Buffer: Thread 885ff8d0: Irp stack trace. cmd flg cl Device File Completion-Context>[ e, 0] 0 e1 89cc7030 895816c8 a9fa2db0-886af200 Success Error Cancel pending \Driver\Tcpip SYMTDI!rHeapFree Args: 00000000 00000000 00120034 00000000 [ e, 0] 0 0 89576ab0 895816c8 00000000-00000000 \Driver\SYMTDI Args: 00000000 00000000 00120034 000000001: kd> !irp 88450e70Irp is active with 2 stacks 1 is current (= 0x88450ee0) No Mdl: No System Buffer: Thread 885ff8d0: Irp stack trace. cmd flg cl Device File Completion-Context>[ e, 0] 0 e1 89cc7030 895816c8 a9fa2db0-896b0568 Success Error Cancel pending \Driver\Tcpip SYMTDI!rHeapFree Args: 00000000 00000000 00120038 00000000 [ e, 0] 0 0 89576ab0 895816c8 00000000-00000000 \Driver\SYMTDI Args: 00000000 00000000 00120038 000000001: kd> !fileobj 895816c8 Device Object: 0x89cc7030 \Driver\TcpipVpb is NULLFlags: 0x40000 Handle CreatedCurrentByteOffset: 01: kd> lmvm symtdistart end module namea9f8f000 a9fca000 SYMTDI (export symbols) SYMTDI.SYS Loaded symbol image file: SYMTDI.SYS Image path: \SystemRoot\System32\Drivers\SYMTDI.SYS Image name: SYMTDI.SYS Timestamp: Mon Aug 07 18:52:32 2006 (44D7C430) CheckSum: 00030C5E ImageSize: 0003B000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e41: kd> lmvm symeventstart end module nameaa1ae000 aa1d0000 SYMEVENT (export symbols) SYMEVENT.SYS Loaded symbol image file: SYMEVENT.SYS Image path: \??\C:\Program Files\Symantec\SYMEVENT.SYS Image name: SYMEVENT.SYS Timestamp: Mon Sep 18 20:52:19 2006 (450F3F43) CheckSum: 0001BF20 ImageSize: 00022000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4I don't know how old your Symantec Antivirus engine is on this machine, but it's definitely VERY out of date. Note Symantec updates BOTH it's virus definitions AND it's engines, but it only auto updates the virus defs. You can find the latest versions of symevent and symtdi.sys from here. This isn't guaranteed, of course, to solve your issues, but it's the best "first step" you can take. If the problems persist, uninstall SYMTDI (the email scanning component of Symantec Antivirus). Link to comment Share on other sites More sharing options...
Mr Snrub Posted July 13, 2009 Share Posted July 13, 2009 See, if you wait long enough someone smarter than me comes along.Story of my life Link to comment Share on other sites More sharing options...
gensicaeros Posted September 25, 2009 Share Posted September 25, 2009 (edited) This thread was awesome!I love the interactions and how you guys helped each other .. very human, kind, I love it! thank you. Edited September 25, 2009 by gensicaeros Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now