[OPLINTECH] Anyone else experiencing an increase in Windows Services crashes?

Tue Mar 3 13:00:22 EST 2015

Crashes like that _are_ common with a malware infection. To rule that out,
take one of your problem computers and run a set of online virus scans on
it. You mentioned you have SEP installed, so you can skip the Symantec
scans. Do a Google search for "online virus scan" and hit up some of the
well-known names:  AVG, Kapersky, TrendMicro, bitdefender, eset, etc. and
run their on-line scans. You're not looking to install anything
permanently; just the online tools. Often, just relying on one scanner
isn't enough to ferret out everything that infects a computer. If you run
three or four online scans in addition to your resident anti-virus
software, and you show up clean, then you're probably ok and can rule that
out.

FWIW, also, the quality of Microsoft patches has been decreasing over the
last year or so, according to some security experts. I've only run into a
couple of minor things myself, but it seems to be a somewhat downward
trend. There have been several patches that were initially released, broke
something, and then were either soon retracted or soon(/eventually)
re-patched to fix the things the first patch broke. You could be running
into an issue where a patch has introduced instability into your
environment. (Good luck with that one!)

With nothing specific to go on, you're left with basic troubleshooting.
Check your Windows Event logs and find the first errors that occur after a
reboot. Those will be the most relevant. Google can help for anything you
find. Also try to figure out what's common among the problem computers. For
instance, if you're having the same problems on the staff computers, then
you can rule out Deep Freeze unless you have it installed on staff
computers too.

Additionally, assuming you don't make mistakes with Deep Freeze by
accidentally leaving it thawed with a patron using it, you can make some
more educated guesses. The problem has developed with DF enabled. So what's
changed? You probably didn't upgrade DF itself, so that's not it. You may
have auto-Windows Updates installed, so that's a candidate. LPTOne,
PCReservation, etc. probably haven't changed, so you can rule them out,
etc. My guess is that you'll have a very limited scope of changes between
when you didn't have the problem and when it started to become noticed. It
may be limited to as little as Symantec LiveUpdates and Windows Updates.
Between the two, it's unlikely to be Symantec.

Good luck!

______________________________
*Chad Neeper*
Senior Systems Engineer

*Level 9 Networks*
740-548-8070 (voice)
866-214-6607 (fax)

*Full IT/Computer consulting services -- Specialized in libraries and
schools*

On Tue, Mar 3, 2015 at 9:37 AM, Greg Ricker <RickerG at wtcpl.org> wrote:

>  Hi all,
>
>
>
> We have seen a drastic increase in the number of windows services shutting
> down or freezing and we are at a loss as to what is causing them.
>
>
>
> It started with our public computers. We would notice that frequently and
> randomly, we would lose LPTOne and PCReservation. Sometimes the computer
> would require booting up 4-5 times before the service would start properly
> and be stable. It wasn’t all the computers, it would happen randomly. We
> initially thought there might be an issue in LPTOne/PCRes so we contacted
> Envisionware. Then we started getting SchoolVue crashes and then
> DeepFreeze’s client began locking up on random computers. Then a short time
> later, we began having issues with staff computers. Now we keep losing
> print spoolers and have to go in and restart that service. It doesn’t
> happen all the time and it’s random machines.
>
>
>
> I’m not even sure where to start looking for a cause. Is this a Windows
> Update that caused this issue or possibly a program we installed/upgraded
> or could this be a virus of some odd type that doesn’t show up on the
> scans? We have been going into Administrative > Services and setting the
> services that crash on a regular basis to restart on first/second and
> subsequent failures. We never had to go into each computer and change these
> settings before.
>
>
>
> Here is a list of the various software we use on our computers:
>
> Symantic Endpoint Protection 12 (Staff/Public PCs)
>
> Deep Freeze (Public PCs)
>
> SchoolVue (Public/Handful of Staff PCs)
>
> PC Reservation (Public PCs)
>
> LPTOne (Public PCs)
>
> Windows 7 w/ SP1
>
> LogMein (Public/Staff PCs)
> Express Metrics (Public/Staff PCs)
>
> Updating computers with Ninite Pro in the mornings (Staff/Public PCs) – No
> client or anything like that, it gets pushed out from a console via active
> directory.
>
>
>
> I guess I’m just hoping maybe someone else has had this issue and
> successfully resolved their issue or point me to some log files that would
> be helpful. Maybe someone remembers reading something about one of these
> programs we use causing this kind of issue that might lead to a resolution.
>
>
>
> Thanks in advance for any tips/hints/experience anyone shares.
>
>
>
> -----
>
> *Greg Ricker*
>
> *Warren-Trumbull County Public Library*
>
> Assistant Department Manager, Information Technology
>
> 444 Mahoning Ave. NW  Warren, Ohio 44483
>
> rickerg at wtcpl.org | http://www.wtcpl.org/
>
> 330.399.8807 x144
>
>
>
> [image: email_signature]
>
>
>
> _______________________________________________
> OPLINTECH mailing list
> OPLINTECH at lists.oplin.org
> http://lists.oplin.org/mailman/listinfo/oplintech
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20150303/0238a4b6/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 9400 bytes
Desc: not available
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20150303/0238a4b6/attachment.gif>