Be sure to reboot your pc after Windows and/or N360 changes in settings.
As this could be an interaction with Windows files/functions, have you run a Windows file scan from an elevated command prompt. Click on Start and type CMD in the search box. Right click on cmd.exe and click on Run as Administrator. Type 'sfc /scannow' without the quotes. This will check your Windows installation and try to correct any errors it finds.
Progress so far:
Never enabled Sleep or Hibernation in anything.
CMD with Administrator priveleges:
sfc/scannow
Windows Resource Protection did not find any integrity violations.
Tutorial on sevenforums at:
http://www.sevenforums.com/tutorials/236709-services-restore-default-services-windows-7-a.html
Missing services:
BitLocker Drive Encryption Service
Block Level Backup Engine Service
Changes
Cryptographic Services Manual->Automatic
Remote Desktop Services Started/Autmatic->Manual
Windows Driver Foundation - User-mode Driver Framework Manual->Automatic
Windows Event Collector Started/Automatic (Delayed Stare)->Manual
Different
Windows Defender Manual .NE. Automatic (Delayed Start)
IKE and AuthIP IPsec Keying Modules Started/Automatic .NE. Manual
Windows Font Cache Service Started/Automatic .NE. Started/Autmoatic (Delayed Start)
QUESTIONS:
What is "Optimizer?" If this is defrag, I use Diskeeper 12 Pro with default settings on all four drives.
I couldn't find any Norton Community Watch settings in N360 Settings. Where are they?
Should I wait to see if what I have done helps before I disable Windows Update, Auto Live Update?
I'm going to reboot now to set my services changes but will check back here in a few minutes - but I do understand that this is the "insomnia shift" that is sparsely staffed.
" Never enabled Sleep or Hibernation in anything."
Sleep & Hibernation functions are by default enabled in W7 when their timer expires.
Go to Windows CP and set their setting to "Never". Reboot.
I do not know about N360 but in NIS main GUI, section Settings - General, somewhere between the tabs you have Optimizer.
Disable it.
Also, disable via windows CP the scheduled auto defrag of your disks if enabled and set WU to "Never check for updates"
Another step is to go to Task Scheduler and disable the WinSat task. I'll explain later why.
Do not forget to disable the other Norton tasks I've mentionned like Auto LU and NCW, I believe that it also exists in N360.
After all these changes, monitor your system and run LU only manually, if there are new Virus defs, I suppose that you already changed the setting to 2 minutes, close all programs and allow the idle quick scan to run, it should take between 3-5 minutes.
Regards,
"Sleep & Hibernation functions are by default enabled in W7 when their timer expires."
I realize this. I allow it in my laptop, which runs W 7 Home. But one of the main purposes of my main computer has been to run my own software 24/7 for weeks at a time, and I always disable sleep and hibernate when I install the OS. This computer has never been in a hibernate or sleep mode. But thanks for the tip.
"Optimizer" isn't seen in my N360 Settings window, but there is something that is called "PC Tuneup" that may be the same thing. It is enabled on my computer. It has check boxes for deleting IE temp files, deleting Windows TEMP files, deleting IE history, disk optimization (de-frag), and registry cleanup. I do NOT have IE history or registery cleanup checked. Should I un-check everything?
I disabled ProgramDataUpdater, the user experience computation, or the WinSat task. I don't use this machine for gamaing and have no plans to do so. The indicators are all against the stops except the HD speed, which is great but leave room for a SSD, which I don't use for long-term reliability reasons. I don't need the WinSat task. I'm interested in why you think it may cause a problem though.
I just disabled Norton Community Watch.
I just un-checked Disk Optimization (de-frag) in the PC Tuneup settings window.
I just turned off automatic Live Update.
Auto de-frag was disabled in the Windows scheduler when I last installed Diskeeper Pro.
NOTE
N360 had a patch late yesterday. When applied, it stopped all N360 processes for the patch and re-started them. In the past, I have noted that when it does this, the two-day clock for another 3038,104 restarts, just like a reboot. Build is still eported as 21.4.0.13.
NOTE
I did not use the downloaded .reg files from sevenforums, I used the Propertys window for each process that I modified. I did not start the BitLocker and WinBackup processes becasue I don't use Bit Locker or Windows Backup (or Norton Backup). I use Acronis rotating backup to a low-power USB RAID from each HD.
PECULIARITIES OF MY SYSTEM
I use an eight-core AMD CPU running on Windows 7 Ultimate, 64-Bit Edition.
I have 164 programs installed.
I have a UEFI BIOS but my C: drive is a 2 TB Western Digital Black HD initialized on an older BIOS that was not UEFI. I moved the boot partition from a failing 1 TB HD with Acronis. It took a couple of hours to resolve the drivers and, because my motherboard failed and I changed video cards, the video card drivers to get all set up from the DVD that came with the new motherboard and video card (Gigabyte rebranded NVIDIA GEForce 660, current driver 334.88, updated weekly). NVIDIA was updaing the driver every day or so but I changed the schedule because I have the card for Photoshop and long-term future software compatibilty and don't need last night's gaming enhancement.
OK, I'll shut everything down, run LU, and let it run QS now. Please note that it may be two days or more before I have another 3038,104, and four days is the longest I have been without one.
Whoops, just had anoter 3938,104 error. System clock was 17 seconds slow. I ran LU first, and, sure enough, there was a Virus Definitions x64 update. I clicked the button to go to the web site to convey the information to Norton that way.
Security log has this entry at the same time as the error:
Category: Norton Product Tamper Protection
Date & Time,Risk,Activity,Status,Recommended Action,Date,Actor,Actor PID,Target,Target PID,Action,Reaction
7/22/2014 9:12:02 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,7/22/2014 9:12:02 PM,C:\WINDOWS\SYSTEM32\CONHOST.EXE,23368,C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\buih.exe,20868,Access Process Data,Unauthorized access blocked
Process 23368 is not running after the fact. Neither is process 20868.
Other security log information of interest:
Intrusion Prevention Engine 6.0.1.2, Definitions Set 20140722.001
Intrusion Prevention Driver 12.2.0.5
I'm going to turn some things back on to make my comptuer more secure:
- Automatic Windows Update
- Automatic Live Update
- Defrag in PC Tuneup
Note that my Diskeeper does Intelliwrite (picking open spaces to prevent instant fragmentation by starting file writes in small holes in disk space) and real-time defragmentation. If you correlate this problem with Diskeeper, I will disable the auto-defrag.
No reason to think it is related (except pehaps to time loss) but have you thought of disabine Diskkeeper for a while and seeing if any difference. I don't know if we have discussed this before but I gave up on Diskkeeper after using it for years when I found it an immense burden on the system which reacted much more quickly when I disabled.
When troubleshooting it seems a good idea to at lealst temprarily disable stuff that is not essential.
In another place where I do computer support one of the other sysops is a now retired hard disk designer and he says
1 -- Modern disk design with the use of large caches reduces the practical effect of fragmentation.
2 -- The data structure now used on the disks and the way it is accessed make fragmentation less important on access times
3 -- The nature of NTFS results in files being deliberately broken up when written to the disk.
And after I disabled Diskkeeper I found that Windows 7 was defragging automatically in the background and seemed to be doing a satisfactory job if judged by the numerical data ..... but is that meaningful?
I assume you have disabled N 360's Optimizer so that your Diskeeper and it are not scrapping ...
FWIW
I do a lot of things that generate lots of data and have hundreds of gigabytes of it in research databases that I have generated over the years. I have found that Diskeeper does a better job than the "Diskeeper lite" that comes with Windows. There was a time when the settings needed to be tailored to most systems to avoid a noticeable performance hit but not in the last few years.
But, one of the things that one of you mentioned to do was to disable Optimizer, which I finally figured out was PC Tuneup on N360, which includes scheduling a de-frag among other things every morning before I start using the computer. I disabled that but didn't think of the real-time (background) de-frag that Diskeeper does.
I'll disable the real-time de-frag for a couple of days and see if that solves the problem. If so, we have a foundation on where to look.
There is one other consistent flag that I have seen: the problem always follows an update of virus definitions x64 and there is a CONHOST.EXE process that attempts to modify a N360 process at the time of the 3038,104. Do you think this is significant, or just what you would expect from this error?
Right after I disabled the background de-frag of Diskeeper, I did a LU and QS to establish that things were OK. They weren't; I got another 3038,104. So, I'm rebooting now, and have background de-frag turned off. Let's see how long it goes without an error this time. I'll check in again in about two days even if I don't have another 3038,104 but I have gone up to four days without an error, so if this is the magic bullet, it will be a few days before we are sure.
<< Do you think this is significant, or just what you would expect from this error? >>
Can't help you on the aspects of the system. I'm sure others here can.
Just wanted to pass on something not widely known about defragging.
Note that if one bases ones judgement of good defragging on the report of the defragger it could be self-fulfilling. Which utility is going to be honest enough to say we didn't do a very good job except at drawing pretty pictures ..... and if 100% defragged is immediately followed by NTFS breaking the files up ........
I've used a lot of defraggers in my time, starting with DOG for FAT drives under OS/2 1.3 (under with a DOS boot) and PC Tools. OS/2 2.0 and later de-fragged and tested sectors in the background and has a file opening policy of selecting larger open areas for placing new files, so I never had a fragmentation problem so long as I used OS/2, particularly with HPFS. I finally moved over to Windows 2000 to get my Palm Pilot to synch in about 2001. I found that Windows 2000 was an excellent OS but that MS had pitched a lot of features from OS/2. The pet rocks of the SOM and its use of EAs was the first to go, and adoption of the Windows pet rocks of the registry in place of the two OS/2 system database files and EAs weakened its robustness and supportability. A bunch of DOS capabilities that catered to the 128 character limit of the PATH in DOS but were not relevant to NT - mapping folders to drive letters and such - were added to NTFS, originally a mod of HPFS, apparently to provide compatibility with old setup schemes. And, the provisions for avoiding fragmentation were all pitched. These were replaced by a utility that turns out to be Diskeeper Lite, i.e. I belive that MS buys or licenses their included de-frag utility from Diskeeper, and has since the Windows 3.x days. I went to the full Diskeeper for my work machine when I moved over from a Mac at work in the late 1990's on the advice of the company IT people.
I'm sure that there are lots of de-frag utiities out there. It isn't rocket science. But with HPFS, I've never used anything except Diskeeper other than a trial or two.
Diskeeper doesn't make claims about how good they de-frag. The disk map doesn't look "pretty" or cater to OCD types. They offer options for manual and automated de-fragging that will pack everything up tight for the OCD types but they don't recommend it. In fact, they don't recommend manual de-frag at all, and I never use it except when I get a huge virus definitions update and the machine slows down, and I find that the Norton files have hundreds or thousands of fragments. Other situations that won't wait for the automated de-frag are massive fragmentation on installation of new software that, as a result, runs slowly, or a massively fragmented system log or other file that the system uses constantly. But that's increasingly rare.
With their "Intelli-write" Diskeeper has replaced the feature of OS/2 that selects large gaps in the disk space for writing new files. Their background de-frag replaces the OS/2 background de-frag. According to Diskeeper, the background de-frag, along with Itelli-write, prevents most fragmentation problems and solves ones that do come up better than can be done with a manual de-frag, and I have found it so.
As for now, I have disabled de-frag in the N360 Tuneup and have disabled background de-frag in Diskeeper. If that turns out to be the magic bullet, I think we need to solve that problem with either Diskeeper, N360, or both.
But, let's don't get ahead of ourselves. Even though the process of elimination and the other things that we have tried make eliminating all de-frag look good, I don't think that's the ticket here. The core de-frag operation locks a file, copies, it, verifies the copy, then updates the HD directory pointers to point to the new location, then unlocks the file and frees the old location in the allocation maps. I don't see how that can interfere with N360 unless there is a thread horse-race condition involving multiple files that is disrupted, and then the problem would not be 100% reproducible once it sets in, which is the case here. And, Diskeeper suspends background de-frag when there is disk activity. I think I'll get another 3038,104 in a day or two and we'll be back to looking at what we haven't done yet.
FYI, I've never had automatic/scheduled Windows Dis Defrag enabled on either of my machines having this problem
DD
Live Update/3038,104 Problem Characteristics Summary
Troubleshooting Steps/Exonerations For My Live Update/ 3038,104 Problem
My Home PC
NAV Version 21.2.0.38 (Automatic Live Update has been Disabled)
2010 Milwaukee PC Desktop - Windows 7 64 Bit Sp1
My Fathers PC (which he uses, but I own)
NAV Version 21.1.0.18 (Automatic Live Update has been Disabled)
2013 Dell 17R 5720 Inspiron Laptop - Windows 7 64 Bit Sp1
DD - thank you for letting me know that you seem to have already exonerated the de-frag. Also, thanks for linking me up with other threads on the 3038,104 error. I know I'm not alone in working with Norton/Symantec on this error.
Since I use Diskeeper Pro v. 12 (build 16.0,1017.64) and I don't see mention of Diskeeper in the other threads, I'll continue as-is to verify whether or not disabling de-frag using Diskeeper solves my problem. I don't think de-frag is the problem either, but this is a test, and opinions don't count, really, in that context.
Note that going to 21.3.0.13 fixed the 8920,208 problem. Also note that there are other users that are trying different things with Norton/Symantec to solve this problem. I'm pitching in too. I hope that the 3038,104 root cause is only days away from exposure and annihilation.
Since this problem is 100% reproducable once it sets in, perhaps there is something that we can put in place, such as a special patch with a verbose log, that will help. I would do that.
motorfingers11 wrote:
Note that going to 21.3.0.13 fixed the 8920,208 (Live Update Failures) problem.
Thanks for the heads up on that issue. I think I'll hold-off on upgrading to V21.3.0.13, in hopes that the 3038,104 errors are also fixed very soon. No sense upgrding if one major problem still exists.
DD
DD -The 3038,104 problem isn't the only thing on the plate of Symatec/Norton. Every update or patch addresses some issue that has been prioritized and addressed by Norton/Symantec. I don't even want to *know* about these; that's why I use N360 instead of, say, clam or Windows Defender. So, I apply fixes as soon as they are rolled out, by Microsoft and by Norton (and Adobe, etc.).
I keep everything up-to-date for best protection because I've had issues with attempted hacking incidents, some of them very persistent and some of them very sophisticated and my main machine has never been compromised. So, after the last 3038,104 exonerated WU and LU in my case, I re-enabled them. LU is configured to automatically download patches, and I always click "Install Now."
My current N360 build is 21.4.0.13, and virus definitions are current, last updated about 4:00 AM EDT.
Whoops, another 3038,104.
The error was immediately preceded by a LU download and install of a 250 mb virus definitions update.
There was another security log entry of a CONHOST process attempting to access a buih.exe process. Neither process was active after the fact. Log entry:
Category: Norton Product Tamper Protection
Date & Time,Risk,Activity,Status,Recommended Action,Date,Actor,Actor PID,Target,Target PID,Action,Reaction
7/24/2014 6:16:17 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,7/24/2014 6:16:17 PM,C:\WINDOWS\SYSTEM32\CONHOST.EXE,15292,C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\buih.exe,14920,Access Process Data,Unauthorized access blocked
I'm re-enabling the de-frag options in Diskeeper and N360.
What do we do now?
After restarting, the Norton mini-icon did not appear on the taskbar. The Task Manager showed the N360 in the system process list, but it was stopped. I restarted a second time and things seem normal.
" Category: Norton Product Tamper Protection
Date & Time,Risk,Activity,Status,Recommended Action,Date,Actor,Actor PID,Target,Target PID,Action,Reaction
7/24/2014 6:16:17 PM,Medium,Unauthorized access blocked (Access Process Data),Blocked,No Action Required,7/24/2014 6:16:17 PM,C:\WINDOWS\SYSTEM32\CONHOST.EXE,15292,C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\buih.exe,14920,Access Process Data,Unauthorized access blocked"
The logs you post like the above mean nothing, simply Norton prevents it's files from being accessed.
It has nothing to do with your issue.
It appears that Norton is incompatible with some system config's, and it's not normal that your system clock is constantly outdated even for a few seconds.
In my opinion, you must ask to a Symantec tech, from the higher levels, to remotely access your system, and see what is wrong.
Many users have the same or similar issues, you can post thousands of lines here no-one will be able to assist you.
Also, I must say that if I had, let's say the 10% of your issues, on my systems, and given the ignorance of Symantec employees or the trick to "gather" logs, which you won't be able to, I would have changed AV product long time ago...
Just my opinion.
Regards,
The reason that I am repeating the access prevention is that I get the same one every time I get a 3038,104 error and the time tag is the same time as the error. Also, the 3038,104 happens the next manual QS after installing a 200+ MB virus definitions update. Then, the 3038,104 is 100% repeatable. Thus something is happening that is corrupting N360 so that module 3038 gets an error 104 every time. To me that is major, and would provide a basis for finding the error. Since the error is 100% repeatable once it sets in until I reboot, I figured that online assistance would be able to find it if I waited until it happened and then went to Norton Chat and allowed them to look. But, it seems that when you do that you get people with a flow chart that ignore what you have to say and look for Malwarbytes and other such packages, disable scans inside archives, etc. I had one run a script at boot that sets system permissions that he thought would do the trick; I don't know how to find or disable that but I see a quick title bar for it every time the machine boots.
I would be glad to have someone from Norton look at my machine remotely. How do I do that? Should we set it up so that they can look while the error is current?
motorfingers11 wrote:Whoops, another 3038,104.
The error was immediately preceded by a LU download and install of a 250 mb virus definitions update.
Same thing here, even when using Manual Live Update exclusively. 3038,104 errors occur in conjunction with the failed installation of the Incremental Virus Definition Update file, which is subsequently followed by the download/installation of the full (250+MB) Virus Definition file.
Also FYI, in checking my NAV, I learned that I am running Version 21.4.0.13 (no doubt due to the product update from 2 weeks ago).
So, this problem continues for me since last November (even using the latest NAV version), still with no solution in sight.
DD
My Home PC
NAV Version 21.4.0.13 (Automatic Live Update has been Disabled)
2010 Milwaukee PC Desktop - Windows 7 64 Bit Sp1
My Fathers PC (which he uses, but I own and maintain)
NAV Version 21.1.0.18 (Automatic Live Update has been Disabled)
2013 Dell 17R 5720 Inspiron Laptop - Windows 7 64 Bit Sp1