Symantec Endpoint Protection SyLinkReplacer

Written by James McDonald

October 23, 2009

Just a note to self. The Symantec Endpoint Protection SyLinkReplacer (a utility used to rehome clients) doesn’t seem to work if your target client has a non-standard windows directory.

e.g. all my clients with c:\windows as the %WINDIR% worked fine. But anything with C:\WSRV or C:\WXP failed.

It used to be reasonably common to obfuscate the windows directory to stop automated remote attacks from being able to reach the default file paths ( C:\Windows\system32\cmd.exe ).

Anyway this is the sylinkreplacer logs for the client machine.

You get two error messages.

Firstly:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7009
Date: 23/10/2009
Time: 1:59:11 PM
User: N/A
Computer: APF-MA-WS18
Description:
Timeout (30000 milliseconds) waiting for the sylinkreplacer service to connect.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Then:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 23/10/2009
Time: 1:59:11 PM
User: N/A
Computer: APF-MA-WS18
Description:
The sylinkreplacer service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

2 Comments

  1. Sandeep Cheema

    It should work, even if the windows directory is non standard. This error is irrelevant to the execution. The files are copied on the \\client\admin$ and then executed via the %windir% , shouldnt be a problem. This error is not related to it.

    Reply
    • james

      Yes, All the visible code in the batch file does the right thing and uses environment variables and calls things in a portable way.

      My theory is that the code in the actual sylink replacer service that is installed isn’t correct. So the service fails to start. The only thing in common to the failing clients was non-standard windows directories.

      Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.

You May Also Like…

Squarespace Image Export

To gain continued access to your Squarespace website images after cancelling your subscription you have several...

MySQL 8.x GRANT ALL STATEMENT

-- CREATE CREATE USER 'tgnrestoreuser'@'localhost' IDENTIFIED BY 'AppleSauceLoveBird2024'; GRANT ALL PRIVILEGES ON...

Exetel Opt-Out of CGNAT

If your port forwards and inbound and/or outbound site-to-site VPN's have failed when switching to Exetel due to their...