Dear Community, we are facing a problem with a Windows Server endpoint controlminder. The server is the Symantec Backup Exec server.
we installed CA ControlMinder endpoint (no rules), the installation worked fine, restart the server and everything ok. But if we try to execute the Symantec Backup Exec we receive the error message: BackupExec.exe - The application was unable to start correctly (0xc0000142). Click Ok to close the Application
then we stopped ControlMinder services, but problem persist.
We have to uninstall ControlMinder endpoint and BackupExec from Symantec works fine again.
in the seaudit we found the following lines:
08 Jan 2014 13:11:25 D REGKEY NT AUTHORITY\SYSTEM Erase 92 10 HKEY_LOCAL_MACHINE\system\controlset001\enum\root\legacy_drveng C:\Windows\system32\svchost.exe
08 Jan 2014 13:11:25 D REGKEY NT AUTHORITY\SYSTEM Write 995 10 HKEY_LOCAL_MACHINE\system\controlset001\enum\root\legacy_seosdrv\0000 C:\Windows\system32\svchost.exe NT AUTHORITY\SYSTEM (OS user)
nothing related to the exe program.
Anyone with experience in this case? Maybe a Specialgm rule in order to support the exe program, or a definition in the registry for trusted applications?
Any help will be appreciated.....