Multiple required ?random? restarts

I need a solution

While looking at some monitoring I noticed some interruptions in the data.

It seems the server has been restarted because of Symantec.

Log Name:      System
Source:        User32
Date:          5-11-2019 19:54:03
Event ID:      1074
Task Category: None
Level:         Information
Keywords:      Classic
User:          SYSTEM
Computer:      gup02.network.lan
Description:
The process C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.4814.1101.105BinccSvcHst.exe (GUP02) has initiated the restart of computer GUP02 on behalf of user NT AUTHORITYSYSTEM for the following reason: Legacy API shutdown
 Reason Code: 0x80070000
 Shutdown Type: restart
 Comment: 
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="User32" Guid="{b0aa8734-56f7-41cc-b2f4-de228e98b946}" EventSourceName="User32" />
    <EventID Qualifiers="32768">1074</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2019-11-05T18:54:03.190864200Z" />
    <EventRecordID>699759</EventRecordID>
    <Correlation />
    <Execution ProcessID="388" ThreadID="440" />
    <Channel>System</Channel>
    <Computer>gup02.network.lan</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="param1">C:Program Files (x86)SymantecSymantec Endpoint Protection14.2.4814.1101.105BinccSvcHst.exe (GUP02)</Data>
    <Data Name="param2">GUP02</Data>
    <Data Name="param3">Legacy API shutdown</Data>
    <Data Name="param4">0x80070000</Data>
    <Data Name="param5">restart</Data>
    <Data Name="param6">
    </Data>
    <Data Name="param7">NT AUTHORITYSYSTEM</Data>
  </EventData>
</Event>

For the reason I looked in the system log:

5-11-2019 19:55:18    Information    Connected to Symantec Endpoint Protection Manager (server01)    
5-11-2019 19:55:13    Information    Symantec Management Client has been started.    
5-11-2019 19:55:13    Information    Symantec Endpoint Protection -- Engine version: 14.2.4814    
5-11-2019 19:55:13    Information    Number of ‘Mapped Group Update Providers usable by the client’ in the policy: 1    
5-11-2019 19:55:13    Information    Number of ‘Group Update Provider Mapping entries usable by the client’ in the policy: 1    
5-11-2019 19:55:13    Information    Start serving as the Group Update Provider (proxy server).    
5-11-2019 19:54:53    Information    Number of ‘Group Update Provider Mapping entries’ in the policy: 57    
5-11-2019 19:54:05    Information    Symantec Management Client is stopped.    
5-11-2019 19:54:05    Information    Disconnected from Symantec Endpoint Protection Manager (server02.network.lan)    
5-11-2019 19:54:04    Information    User is attempting to terminate Symantec Management Client....    
5-11-2019 19:54:03    Information    Symantec Endpoint Protection requires a restart, requested by: the client management component    

Is there within SEPM maybe more info why the clients needs a restart?

Thanks in advance for any that can help with more info!

0

Related:

  • No Related Posts

Leave a Reply