Tag Archives: sav

Persistent disconnected network drive

Recently we had an issue with a particular Windows terminal server running on Windows 2003.

When users logon to it, a default logon script runs which maps specific and standard drives for the user. One of the standard drive is our S drive. This maps the users to the root of our DFS group data tree.

During logon, all users had an error prompt from our logon script that the S drive cannot be mapped. Upon logged on and if we view My Computer, we could see the S drive there marked as “disconnected network drive”. Users could continue to browse their S drive despite this error. What was strange is that I get the drive even when I was logging on as an admin (which doesn’t run the logon script).

You see this occurs when somehow the server remembers a drive mapping at logon, and as a result when your logon script tries to map the same drive, it fails and Windows marks the drive as disconnected.

Anyway, this caused some frustrated users and they would immediately assumed that S drive was not available because of that.

I tried some recommendations off the Net but they did not work:

  • removing mountpoints from the registry
  • tried to disconnect it, but there was an error
  • tried to reboot the server, but this did not work

TechRepublic: Server 2003 Disconnected Network Drive

However, one of the recommendation sounds mostly likely the cause of our problem. That is an issue caused by Symantec AV version 10.x. A quick check on our current version and confirmed that indeed SAV as below 10.1.4. We did an emergency change, had the SAV upgraded to 10.1.5, rebooted the server and the persistent drive issue dissappear.

Leave a comment

Posted by on November 5, 2007 in Windows



How to BSOD Windows with SAV file/folder exclusions

Symantec Antivirus keeps its list of files/folders to exclude into the registry.

This is no doubt a good and consistent practice, however, it also weakness the server as users and administrators could unwittingly BSOD their machines.

In normal Windows machine, this weakness don’t manifest so readily, but in machines where some of the folders can contain thousands of files, this can be a problem. By itself this is not a problem, but if there is a need to, say, exclude such folders, one could accidentally selected each individual file in that folder instead of just excluding that contents of that folder.

For example, someone comes to you to get a particular FTP folder excluded. That folder contains a lot of huge files and realtime scan is slowing down their process. The files are already prescanned elsewhere so it not an issue. So you go into the SAV realtime configuration option and select that folder. The first visual will be a (+)plus with a check mark (this creates an inherited exclusion). You clicked the folder again, you saw that now its only a check mark (this creates an individual file/folder exclusion). “Hmmm… not sure which I should apply”, you think to yourself, “Should not matter too much, let’s try and see”. You hit enter and the SAV sort of freezes as it desperately tries to fill up the registry with entries of the thousand of files you just selected!

The next thing you know… Windows BSOD

Well, it sort of happened to one of the servers I worked with! It was a dumb mistake on my part because I saw how SAV wrote to the registry with file/folder exclusions, but was experimenting with exclusions on 2 volumes and clicked OK too fast before I could remove the selection on that huge ftp folder.

I think Symantec should move the exclusion list into a text file. This way, the most it will crash is SAV and the text file, not the whole Windows via writing to the registry.

Incidentally, this happened because I was investigate seemingly an issue with SAVCE10 where my folder exclusion doesn’t seem to work, SAV is still scanning the excluded folder. Found nothing on the newsgroup nor Symantec site about it so far.

1 Comment

Posted by on February 4, 2007 in Windows