AnsweredAssumed Answered

Symantec Backup Exec behavior

Question asked by mmarin on Jan 9, 2014
Latest reply on Jan 9, 2014 by JRom

Dear Community, we are facing a problem with a Windows Server endpoint controlminder.  The server is the Symantec Backup Exec server.

we installed CA ControlMinder endpoint (no rules), the installation worked fine, restart the server and everything ok.  But if we try to execute the Symantec Backup Exec we receive the error message: BackupExec.exe - The application was unable to start correctly (0xc0000142).  Click Ok to close the Application

then we stopped ControlMinder services, but problem persist.

We have to uninstall ControlMinder endpoint and BackupExec from Symantec works fine again.

in the seaudit we found the following lines:

08 Jan 2014 13:11:25 D REGKEY       NT AUTHORITY\SYSTEM Erase      92 10 HKEY_LOCAL_MACHINE\system\controlset001\enum\root\legacy_drveng C:\Windows\system32\svchost.exe                  

08 Jan 2014 13:11:25 D REGKEY       NT AUTHORITY\SYSTEM Write     995 10 HKEY_LOCAL_MACHINE\system\controlset001\enum\root\legacy_seosdrv\0000 C:\Windows\system32\svchost.exe  NT AUTHORITY\SYSTEM (OS user)     

nothing related to the exe program.

Anyone with experience in this case?  Maybe a Specialgm rule in order to support the exe program, or a definition in the registry for trusted applications?

Any help will be appreciated.....

Outcomes