Friday, November 13, 2009

SYMEVENT.SYS -- I HATE YOU!

Recently, on a shiny new install of Windows 7 Professional of all things, I've experienced two BSOD's (blue screen errors) complete with nice fancy stop codes (sorry, I did not grab the stop codes).

A quick debug of the minidump file reveals something that I've seen before... in Vista!!

The culprit:

SYMEVENT.SYS

Symantec, what's up?

The first time I saw this was in Vista Home Premium last year, running Symantec Endpoint Protection (SEP) version MR4. Thankfully, the fix was quite simple: Boot to safe mode and uninstall SEP, reboot and reinstall SEP then rejoice. What has causes this? I have not searched for that answer yet.

In comes Windows 7 and my most recent (TWO!) run-in's with a BSOD caused by SYMEVENT.SYS -- only this time it is with version MR5. The fix is the same, but the catch is that Windows Installer does not work in Safe Mode. Well, out of the box that is. Following the instructions found on Symantec Connect here, editing the registry will allow Windows Installer to run in safe mode and let you uninstall SEP.

*NOTE: The registry entry is different for Safe Mode vs. Safe Mode with Networking so READ before you copy and paste! (I'm guilty, I've done it).

Taken directly from Symantec Connect:

  1. Safe Mode.
    Type this in a command prompt:
    REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot
    \Minimal\MSIServer" /VE /T REG_SZ /F /D "Service"


    and then

    net start msiserver

    This will start the Windows Installer Service.

  2. Safe Mode with Network
    REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot
    \Network\MSIServer" /VE /T REG_SZ /F /D "Service"


    and followed by

    net start msiserver

    This will start the Windows Installer Service.


Source: http://www.symantec.com/connect/blogs/windows-installer-safe-mode

No comments: