Announcement

Collapse
No announcement yet.

Stop_pending

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Stop_pending

    Hi

    I have a problem with my Symantec Antivirus. It is installed on all of our servers. They are updated automatically from our Symantec server. If the definition is not getting updated automatically, we have to copy the definition file from the symatec server and need to restart the service. But we have noticed that the service is getting hung at STOP_PENDING state and need to restart the server.

    SERVICE_NAME: Symantec AntiVirus
    DISPLAY_NAME: Symantec AntiVirus
    TYPE : 110 WIN32_OWN_PROCESS (interactive)
    STATE : 3 STOP_PENDING
    (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x5
    WAIT_HINT : 0xea60

    Any help would be appreciated.

    Thank You
    Mohan Mathew[VU3MMU]
    MCITP [AD]

  • #2
    Re: Stop_pending

    IMHO replace Symantec with any other AV product!

    What version of AV?
    What Server OS?
    Is this a recurring problem or did it start recently? If the latter, what else may have changed?
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Stop_pending

      Thanks Ossian!

      Unfortunately, we can't replace symantec!! It is already deployed in more 2000+ servers. All the servers are 2003 itself. Symantec Crop v. 10.1.5

      It is recurring, but not everyday and randomly on most of the servers and even in client XP machines also. Also, I think it is not because of the changes made. This happens on new servers and client machines also, which installed very recently.

      Is there anyway we can find out which thread or any other possible way to kill those threads. I tried process explorer, but that didn't work!
      Mohan Mathew[VU3MMU]
      MCITP [AD]

      Comment


      • #4
        Re: Stop_pending

        Originally posted by mohanmathew View Post

        SERVICE_NAME: Symantec AntiVirus
        DISPLAY_NAME: Symantec AntiVirus
        TYPE : 110 WIN32_OWN_PROCESS (interactive)
        STATE : 3 STOP_PENDING
        (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE : 0 (0x0)
        SERVICE_EXIT_CODE : 0 (0x0)
        CHECKPOINT : 0x5
        WAIT_HINT : 0xea60
        Was there not also a Process identifier (PID number) shown in the list? Else, run a sc queryex "Symantec AntiVirus" |find /i "pid" to get the current PID.

        Then you can use taskkill /pid or use a PsKill.exe command line to kill that Process.

        Are you running a batch to stop the service and copy the definition files? Can you show the script - to be able to incorporate the taskkill command.


        \Rems
        Last edited by Rems; 21st December 2008, 10:03.

        This posting is provided "AS IS" with no warranties, and confers no rights.

        __________________

        ** Remember to give credit where credit's due **
        and leave Reputation Points for meaningful posts

        Comment


        • #5
          Re: Stop_pending

          Update to SAV 10.2. Your licencing should cover you for a free upgrade.
          1 1 was a racehorse.
          2 2 was 1 2.
          1 1 1 1 race 1 day,
          2 2 1 1 2

          Comment


          • #6
            Re: Stop_pending

            Originally posted by Rems View Post
            Was there not also a Process identifier (PID number) shown in the list? Else, run a sc queryex "Symantec AntiVirus" |find /i "pid" to get the current PID.

            Then you can use taskkill /pid or use a PsKill.exe command line to kill that Process.

            Are you running a batch to stop the service and copy the definition files? Can you show the script - to be able to incorporate the taskkill command.


            \Rems
            Not any script to kill. I tried to kill the service via task manager and pskill.exe, both didn't work. It showing access denied, because it is a system service. I tried it using the Administrator account itself.

            Originally posted by biggles77 View Post
            Update to SAV 10.2. Your licencing should cover you for a free upgrade.
            This is the last option. Since we have to upgrade more 2000+ servers.
            Mohan Mathew[VU3MMU]
            MCITP [AD]

            Comment


            • #7
              Re: Stop_pending

              Originally posted by mohanmathew
              This is the last option. Since we have to upgrade more 2000+ servers.
              Upgrade 1 server and see if that fixes it. If it does, you can do the rest with the builtin deployment utility or event script a deployment.

              With that many servers you should be able to build a lab and test different options in it and see what happens.
              1 1 was a racehorse.
              2 2 was 1 2.
              1 1 1 1 race 1 day,
              2 2 1 1 2

              Comment


              • #8
                Re: Stop_pending

                But the problem pop-up very randomly, any one or two servers and not regularly, may be fortnightly!

                So testing any of the server and deploying reset of them may be difficult, because we can't make sure the upgrade really eliminates the problem or not. Anyway we have no other option.

                Thank you soo much for your suggestions and opinions.
                Mohan Mathew[VU3MMU]
                MCITP [AD]

                Comment


                • #9
                  Re: Stop_pending

                  Have you contacted Symantec about this problem or even searched thier Knowledge Base for your error?
                  1 1 was a racehorse.
                  2 2 was 1 2.
                  1 1 1 1 race 1 day,
                  2 2 1 1 2

                  Comment


                  • #10
                    Re: Stop_pending

                    First, you should find the relevant EXE file which is used to run the service. You can find it in services.msc, under the property of the service.
                    Thank, you can start Process Explorer and click the EXE file. On the lower pane, you will see the handles of the process.
                    You can start "killing" handles one by one to see which one is causing the problem. You should start from file handles, and then go on to registry handles.

                    Comment


                    • #11
                      Re: Stop_pending

                      Naturally, use caution before trying this on a production system - schedule work like this out of hours.
                      Gareth Howells

                      BSc (Hons), MBCS, MCP, MCDST, ICCE

                      Any advice is given in good faith and without warranty.

                      Please give reputation points if somebody has helped you.

                      "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                      "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                      Comment


                      • #12
                        Re: Stop_pending

                        Originally posted by Smart-X View Post
                        First, you should find the relevant EXE file which is used to run the service. You can find it in services.msc, under the property of the service.
                        Thank, you can start Process Explorer and click the EXE file. On the lower pane, you will see the handles of the process.
                        You can start "killing" handles one by one to see which one is causing the problem. You should start from file handles, and then go on to registry handles.
                        Yes, I did. The exe used for this service is Rtvscan.exe
                        I tried PE & PM by Sysinternal to trace and kill the threads, but all it says access denied!

                        Originally posted by biggles77 View Post
                        Have you contacted Symantec about this problem or even searched thier Knowledge Base for your error?
                        We didn't contacted directly symantec, but found similar problem reported at symantec forums which is unanswered.
                        Mohan Mathew[VU3MMU]
                        MCITP [AD]

                        Comment


                        • #13
                          Re: Stop_pending

                          This was common when we ran Symantec 10.x CE. I never found a fix so when our subscription expired I moved to ESET.

                          Comment


                          • #14
                            Re: Stop_pending

                            Originally posted by Garen View Post
                            This was common when we ran Symantec 10.x CE. I never found a fix so when our subscription expired I moved to ESET.
                            What is ESET?
                            Mohan Mathew[VU3MMU]
                            MCITP [AD]

                            Comment


                            • #15
                              Re: Stop_pending

                              ESET = http://www.google.com.au/search?hl=e...e+Search&meta=
                              1 1 was a racehorse.
                              2 2 was 1 2.
                              1 1 1 1 race 1 day,
                              2 2 1 1 2

                              Comment

                              Working...
                              X