Symantec Endpoint Protection SyLinkReplacer

Written by James McDonald

October 23, 2009

Just a note to self. The Symantec Endpoint Protection SyLinkReplacer (a utility used to rehome clients) doesn’t seem to work if your target client has a non-standard windows directory.

e.g. all my clients with c:\windows as the %WINDIR% worked fine. But anything with C:\WSRV or C:\WXP failed.

It used to be reasonably common to obfuscate the windows directory to stop automated remote attacks from being able to reach the default file paths ( C:\Windows\system32\cmd.exe ).

Anyway this is the sylinkreplacer logs for the client machine.

You get two error messages.

Firstly:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7009
Date: 23/10/2009
Time: 1:59:11 PM
User: N/A
Computer: APF-MA-WS18
Description:
Timeout (30000 milliseconds) waiting for the sylinkreplacer service to connect.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Then:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 23/10/2009
Time: 1:59:11 PM
User: N/A
Computer: APF-MA-WS18
Description:
The sylinkreplacer service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

2 Comments

  1. Sandeep Cheema

    It should work, even if the windows directory is non standard. This error is irrelevant to the execution. The files are copied on the \\client\admin$ and then executed via the %windir% , shouldnt be a problem. This error is not related to it.

    Reply
    • james

      Yes, All the visible code in the batch file does the right thing and uses environment variables and calls things in a portable way.

      My theory is that the code in the actual sylink replacer service that is installed isn’t correct. So the service fails to start. The only thing in common to the failing clients was non-standard windows directories.

      Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

You May Also Like…

How to Research a CPU Upgrade

How to Research a CPU Upgrade

Upgrade Time! Doing a lot of VMWare Workstation virtualization to create labs for self-study and training. Finding...