Our AV solution is Trend.
As for the image, I always use the same model of reference machine to build
the image on as the intended target machines. The first time I built this
image all the machine created from it had this problem so I went back and
rebuilt it from scratch and now only some machines get the problem, and they
don't get it right away. It shows up after a while. I wonder if it has
anything to do with the Lenovo software utiliites, or some other software
that I preinstall onto the image. I've also wondered if updates from our WSUS
server could cause this.Thanks for all your info.
"MowGreen [MVP]" wrote:
> Is the AV a Symantec 'product' ?
>
> Rereading your original post ... are the images created on a system with
> an X processor and deployed to other systems with Y processors ?
>
> Corruption in catroot2 immediately after an install of the OS may also
> be caused by faulty RAM.
>
> Catroot2 is not where the digital signatures are stored, they're in
> Catroot. The catdb [catalogue database] contains the info that points to
> the {F750E6C3-38EE-11D1-85E5-00C04FC295EE} subfolder in Catroot.
> That's where the .cats are stored. <meow>
>
>
> MowGreen [MVP 2003-2008]
> ===============
> *-343-* FDNY
> Never Forgotten
> ===============
>
>
>
> paristotle wrote:
>
> > Thanks. I'll look into it. I am a little sceptical only because the antivirus
> > is deployed and managed across our org in a similar manner to both desktops
> > and laptops. in this case only some laptops have this problem.
> > What I would really like is some in depth into on what happens in the
> > catroot2 folder. So far all I have learned is that it relates to the
> > encryption of signed drivers. This is why it propmts for admin creds to
> > install simple devices; they appear as unknown and unsigned. Am I on the
> > wrong track here?
> >
> > "MowGreen [MVP]" wrote:
> >
> >
> >>The edb.log can be corrupted by an antivirus scanning it while it's in
> >>use, commonly known as being 'locked'. Other security software that
> >>guards a file by preventing changes it to it may also cause corruption.
> >>
> >>See: Virus scanning recommendations for computers that are running
> >>Windows Server 2003, Windows 2000, or Windows XP
> >>http://support.microsoft.com/kb/822158
> >>
> >>Exclude the edb.log from scans and realtime 'protection' and see if that
> >>resolves the corruption issue.
> >>
> >>MowGreen [MVP 2003-2008]
> >>===============
> >> *-343-* FDNY
> >>Never Forgotten
> >>===============
> >>
> >>
> >>paristotle wrote:
> >>
> >>
> >>>I have a recurring catroot2 corruption issue. When it happens the machine
> >>>asks for Admin credentials to install simple devices like optical mouse,
> >>>flash drive. This has happened mostly for one machine image, but not
> >>>exculsively. If I rename the c:\windows\system32\catroot2\edb.log file the
> >>>problem goes away, and may or may notreturn sometime in the future. Today it
> >>>happened on a completely different type of machine so I am at least a little
> >>>concerned. What can cause this kind of corruption on XP pro sp2 machines?
> >>
>
Similar Threads
