I have been working with Symantec on this very same issue for weeks. The Symantec Service just doesn't start at bootup for about half my systems. So far the Symantec support folks are no help. I have LDMS 8.7 SP4 / Symantec 10.1.7.7000.
If you review the readme of 8.7 SP5
I found this: CR00116342 -- Softmon service is keeping Symantec Antivirus from starting.
I will be updating to SP5 Monday night(6/2/2008)..
We are using 8.7 SP5 and Trend OfficeScan with the above versions.
The exact same issue as the case "Symantec Antivirus Service Doesn't Start" but for Trend
We are finding that many machines that have the LANDesk agent installed are timing out when starting the "Trend Antivirus" service. The error log on the client side is:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7009
Time: 7:53:31 AM
Timeout (60000 milliseconds) waiting for the OfficeScanNT RealTime Scan service
For more information, see Help and Support Center at
This only occurs when the LANDesk agent is installed.
I also have trouble with "Softmon.exe running at 100% - LDMS 8.8 & XP" is it related in anyway?
For those interested, here is the information from our closed Symantec case:
It was my pleasure to work with you on resolving your Symantec
Enterprise Security issue reported in Case 311-906-580. I am providing
you with a summary of the key points of the case for your records. If
this is not your understanding of the issue, please contact me directly.
Service Control Manager time-out errors in Symantec Antivirus after
installing LANDesk 8.7.
PROBABLE CAUSE ANALYSIS:
Service start-up conflict.
Extend the Service time-out to 60000 ms or disable un-needed services
The "disable un-needed services" refers to the Windows security center
service, but disabling it completely does nothing to help the problem.
Interesting. Not quite sure why a delay in the service-start timeout of 60 seconds helps, but maybe the clients are just too busy at boot up time or what not.
Thanks for sharing the information all the same.
LANDesk EMEA Technical Lead.
Paul. This has only occaisionally helped. It has not solved our problem. We are looking for a better fix as we skipping SP5 and it may be a while until we're ready for 8.8.
LDMS 8.7 SP4
I have a XP SP2 system which Symnatec 10.1.7.7000 fails to start on every boot. I changed the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\LANDesk\ManagementSuite\WinClient\SoftwareMonitoring\watchForSpyware to a value of 0. For the first time ever on this system, Symantec Service has started during bootup.
LDMS 8.7 SP5
HKEY_LOCAL_MACHINE\SOFTWARE\LANDesk\ManagementSuite\WinClient\SoftwareMonitoring\watchForSpyware set to 0
Just for your information Trend Antivirus also works on troubled machines when this is set to 0.
The LDMS 8.7 SP5 systems that are affected might be worth imaging (so that you can give it to us) and we can have a look at it.
8.7 SP4 customers should ideally move to SP5 or see if they can get the stand-alone fix - see if that helps them.
But the 8.7 Sp5 customers may have found a different / new problems ... might be related to PC hardware as well (potentially) but in any case, I would encourage opening a proper case with support, so that we can try to get to the root of this...
LANDesk EMEA Technical Lead.
This may be related to the spyware issue with softmon, but definitely call in with this. There is already a ticket open in support for a similar issue. What I believe is happening is that softmon is checking the machine at startup as it's supposed to and loading the spyware database into memory. As it checks the services that start (like Symantec) it's taking too long to release them and so that service then times out.
If it's related to the recent spyware hangup issue (http://community.landesk.com/support/blogs/bulletins/2008/05/30/softmonexe-is-running-at-100-causing-delayed-logins-at-times-up-to-15-minutes-or-longer), an easy way to check is to update the Microsoft Spyware definitions in Security and Patch manager and then force a vulscan against the client machines in question - this should update the LRD file on the client. Then set the registry key for watch for spyware back to 1 and reboot the machine to see if it works or not. If it doesn't, we'll definitely need this in support so we can get it added a CR.
Thanks for all your help. We have contacted support and confirmed the fix is to either disable softmon or upgrade to SP5 or 8.8. They do not have a standalone patch for SP4.
We may consider disabling softmon since we're not sure exactly when were going to get up to 8.8 (unique enviornment, requires much testing but is planned). What are the ramifications of disabling softmon? What would we lose?
You would lose:
- Software License Monitoring. No tracking of product usage without Softmon. If you're not fussed about SLM, this isn't a big loss.
- Spyware watch - if you have Security Suite, SOFTMON is what actually gets used (fed information by Vulscan) to detect + kill spyware. This has a higher potential impact.
That's pretty much it ...
LANDesk EMEA Technical Lead.
Installed SP5 Monday and pushed the client out to most all systems, approx 5500. Some of the systems in which Symantec wasn't starting began to startup at boot. I went from 900+ system with Symantec not starting to about 850 with installation of SP5. Sooo, I went ahead and disabled the Real Time Spyware monitoring and almost all my Symantec Service and Windows Firewall Service issues are dropping fast. I went from 850 systems on average with Symantec not starting to 158 systems this morning. Also we had about 400 system with the Windows Firewall Service not starting at startup to 37. All client systems are XP SP2. About 70% of the systems with issues have 256meg RAM and the remaining systems have 512meg according to my query. I have not found a system with issues that have 1 GIG of RAM or more. Seems to be a resource thing.
Would I be able to disable softmon by turning off something in the agent config? Or would I have to push the registry key? I would much prefer something in the agent.