There is 1 administrator and multiple user accounts
Dell Dimension 3100
I’m a new boy. A couple of days ago I downloaded NIS2011 from the Symantec website on a 30 day trial with a view to purchasing.
I’ve been intensively test driving NIS over the past few days using both the XP administrator and user accounts – this has mainly gone well, but I have encountered persistent errors with the NIS module ccSVChst.exe. I often get the message from Windows that ccSVChst.exe is not working when logging out from Windows.
Tonight I ran Microsoft Baseline Security Analyser and was surprised to see that I was missing the latest July Windows Updates despite the system being set up to automatically receive updates. I therefore downloaded the updates and installed them automatically and this went smoothly.
However when I came to log out of the administrator account I again got as message that ccSVChst.exe was not working. I examined the NIS log and saw this in the event log:
UNAUTHORISED ACCESS BLOCKED (ACCESS PROCESS DATA) Actor: MRT.EXE Target C:….ccSVChst.exe
So it looks to me that the Windows Malicious Software Tool (MRT.EXE) has attempted to access the NIS process ccSVChst.exe and this was blocked by NIS. This may be a correct response by NIS from a self protection standpoint but I suspect that ccSVCHst then simply crashed. I say this because I tried to log out almost immediately following the successful completion of the Windows Update.
From my experiences so far ccSVChst does not appear to be a very stable or robust process. Or is my experience untypical?
I don't have an answer to you first issue, but the unauthorised access blocking thing (MrT.exe) is as it should be. It's just Norton's self protection doing it's job. The Windows Malicious Software tool scans for malware, as it should, and when it reaches Norton's files and folders and scans them, they are blocked from doing so. Norton doesn't differentiate between programs accessing its files; it blocks access to them regardless, as it should, and this produces this entry in the log. Perfectly as it should be, so don't worry about that - everyone gets those. :)
Crashes of ccsvchst.exe would indicate a problem with your installation - something has gone wrong. Did you have any other security software onboard at the time of installation, or do you currently have any other real-time protection running? If so, you would want to completely remove such programs from your system. You should then uninstall Norton, using the Norton Removal Tool, and reinstall. If you have information stored in Norton Identity Safe, you should back it up using the backup option in Norton's Web Settings before using the NRT.
Thanks for the info Bombastus - I suspected it might be NIS self protection at work. But my concern is that I suspect that ccSVChst blocked the access and then crashed very shortly thereafter. The MRT block may have just been a coincidence but as I said in my post I've experienced a number of instanes where ccSVChst simply seems to have stopped and that is a concern.
I was previously running Bit Defender 2010 and Online Armor as my security software.
I'm a fairly experienced user so I'm well aware of the problems that can arise if you are using more than 1 security system simultaneously. So I took particular care to ensure that Bit Defender and OA were removed from the machine using the utilities approved by the manufacturers. I then used third party tools to ensure that no remnants remained in the registry or other folders.
I then tested the system (without internet connected) to ensure everything appeared to work OK - which it did.
I went to a lot of trouble to enure a clean system in order to give NIS a fair workout.
The NIS installation went very smoothly and there were no difficulties over that. But it might be that something did indeed go wrong during the install but I'm currently using a 30 day trial version of the software provided by Symatntec. Looking at my Symantec account it says that this is a single download so you will understand I'm a bit reluctant to try removing and reinstalling at this point.
However your feedback is comforting in that ccSVChst should normally be expected to be stable, but I have noticed some other threads on this fourm where others have noted that this can be a runaway process.