Multiple required ?random? restarts

I need a solution

While looking at some monitoring I noticed some interruptions in the data.

It seems the server has been restarted because of Symantec.

Log Name:      System
Source:        User32
Date:          5-11-2019 19:54:03
Event ID:      1074
Task Category: None
Level:         Information
Keywords:      Classic
User:          SYSTEM
The process C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.4814.1101.105BinccSvcHst.exe (GUP02) has initiated the restart of computer GUP02 on behalf of user NT AUTHORITYSYSTEM for the following reason: Legacy API shutdown
 Reason Code: 0x80070000
 Shutdown Type: restart
Event Xml:
<Event xmlns="">
    <Provider Name="User32" Guid="{b0aa8734-56f7-41cc-b2f4-de228e98b946}" EventSourceName="User32" />
    <EventID Qualifiers="32768">1074</EventID>
    <TimeCreated SystemTime="2019-11-05T18:54:03.190864200Z" />
    <Correlation />
    <Execution ProcessID="388" ThreadID="440" />
    <Security UserID="S-1-5-18" />
    <Data Name="param1">C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.4814.1101.105BinccSvcHst.exe (GUP02)</Data>
    <Data Name="param2">GUP02</Data>
    <Data Name="param3">Legacy API shutdown</Data>
    <Data Name="param4">0x80070000</Data>
    <Data Name="param5">restart</Data>
    <Data Name="param6">
    <Data Name="param7">NT AUTHORITYSYSTEM</Data>

For the reason I looked in the system log:

5-11-2019 19:55:18    Information    Connected to Symantec Endpoint Protection Manager (server01)    
5-11-2019 19:55:13    Information    Symantec Management Client has been started.    
5-11-2019 19:55:13    Information    Symantec Endpoint Protection -- Engine version: 14.2.4814    
5-11-2019 19:55:13    Information    Number of ‘Mapped Group Update Providers usable by the client’ in the policy: 1    
5-11-2019 19:55:13    Information    Number of ‘Group Update Provider Mapping entries usable by the client’ in the policy: 1    
5-11-2019 19:55:13    Information    Start serving as the Group Update Provider (proxy server).    
5-11-2019 19:54:53    Information    Number of ‘Group Update Provider Mapping entries’ in the policy: 57    
5-11-2019 19:54:05    Information    Symantec Management Client is stopped.    
5-11-2019 19:54:05    Information    Disconnected from Symantec Endpoint Protection Manager (    
5-11-2019 19:54:04    Information    User is attempting to terminate Symantec Management Client....    
5-11-2019 19:54:03    Information    Symantec Endpoint Protection requires a restart, requested by: the client management component    

Is there within SEPM maybe more info why the clients needs a restart?

Thanks in advance for any that can help with more info!



  • No Related Posts

Leave a Reply