Defender Services will not start

  • Thread starter Thread starter seamus151
  • Start date Start date
S

seamus151

I have 15 computers running on a domain using Group Policies. For whatever
reason I cannot succesfully install Defender on on my domain. Every
computer which are all running XP SP3 with Symantec Endpoint protection 11
all fail to start the Defender service upon install.

On some PC's I can get the install to work by manipulating the permission
settings in the registry at HKLM, software, microsoft, windows defender. By
giving the Administrator full admin rights to the key I can succesfully
install Defender. But on over half of my machines the install still fails.
When I check the registry key it has reverted back to allowing the
Administrator only read only rights.

I have tried the trick of switching the service "logon" rights to a domain
admin account but it still fails to start. I tried switching back to the
local system account and it still fails. I have also tried local admin
account with no joy.

It's not limited to XPSp3 machines either. I tried installing it on the a
server 2003 account and the service failed to start.

The only thing I can think of is that Group Policy/domain is somehow denying
the service to start. Or Maybe Symantec EndPoint Protection is causing the
failure.

Any help would be GREATLY appreicated as this little problem is driving me
nuts.
 
Here's what I think, and I have worked with a client who uses Symantec
Endpoint protection--I think 11, but I'm not certain:

You are mixing several symptoms and causes here.

I believe that the permissions settings you are seeing are normal, and are
made by Windows Defender itself, and not group policy settings or other
domain mechanisms.

I believe that the failure of the services to start is caused by Symantec
Endpoint protection itself. As I recall, during installation of SEP, you
are given the choice about whether to allow it to disable Windows Defender,
with the recommendation that you do so. My experience with Symantec is that
you darn well better follow their recommendations, so I did that for my
client--if you trust Symantec, you should allow them to tell you how to best
protect your systems.... (I.e. do what the doctor orders..)

I'm not sure exactly how Symantec does this, but I believe that if you
disable Symantec, Defender will start normally.

You might clean SEP and Defender off a sample XP machine, and then reinstall
Defender first, then SEP, and see what you get prompted for--that may help
clear this up for you.



seamus151 said:
I have 15 computers running on a domain using Group Policies. For
whatever
reason I cannot succesfully install Defender on on my domain. Every
computer which are all running XP SP3 with Symantec Endpoint protection 11
all fail to start the Defender service upon install.

On some PC's I can get the install to work by manipulating the permission
settings in the registry at HKLM, software, microsoft, windows defender.
By
giving the Administrator full admin rights to the key I can succesfully
install Defender. But on over half of my machines the install still
fails.
When I check the registry key it has reverted back to allowing the
Administrator only read only rights.

I have tried the trick of switching the service "logon" rights to a domain
admin account but it still fails to start. I tried switching back to the
local system account and it still fails. I have also tried local admin
account with no joy.

It's not limited to XPSp3 machines either. I tried installing it on the a
server 2003 account and the service failed to start.

The only thing I can think of is that Group Policy/domain is somehow
denying
the service to start. Or Maybe Symantec EndPoint Protection is causing
the
failure.

Any help would be GREATLY appreicated as this little problem is driving me
nuts.
Click to expand...


--
 
I have been thinking the same thing...I intially was thinking Group Policy
because I use that alot and I am in it all the time. But it didnt seem like
that was the answer because why would any GPO change affect Defender and not
some other application that uses a "system" account to start the service as
well?

You are right about the permissions issue in the registry. Defender does
create that during the install and does only assign the administrator with
read only permissions and grants the system account full control. You would
think MS would allow the Admin to have full control over the registry key as
well by default.

But I finally ran accross another post on a forum somehwhere that disucssed
Symantec and this same problem. So I think the best thing would be to do as
you say and setup a test PC. I'll install defender first then symantec and
then vice versa and see what results I get and let you know what I find out...

Thanks for your suggetions, greatly appreicated.
 
Thanks. "automatically disables" ought to imply that they use a method that
doesn't generate an error message that the users are confused by, in my
opinion!

Alby said:
According to Symantec SEP automatically disables Windows Defender. It
states
“Running the Windows Defender service on a computer with SEP installed is
unsupported. This is because of compatability issues between the
applications†See the following link:
http://service1.symantec.com/suppor.../9e4c1e7528d67210882573b50056df25?OpenDocumen
Click to expand...


--
 
Back
Top