Windows 7.8 and 10 users encountered an unpleasant problem after updating Symantec Endpoint Protection to version 2019/10/14 r61. This update triggered the legendary Blue Screen of Death (BSOD).
The affected devices malfunctioned, and the update provoked a blue screen of death (BSOD), which referred to problems with IDSvix86.sys and IDSvia64.sys.
“Not feeling well today, but still having a better day than Symantec, who are apparently busily BSOD’ing entire enterprises through a bad signature update in their Endpoint Protection product”, — writes Twitter user @neurovagrant.
In addition, some users complained about an arbitrary reboot of the servers but did not indicate which OS they were running. Some victims reported that the problem affected dozens of machines in their organization, while others wrote that they had problems with more than 10,000 systems.
First, users fixed the problem on their own (for example, the rollback to the previous version of Symantec Endpoint Protection helped), and then the developers finally reacted to what was happening. The updated version, 2019/10/14 r62, fixed the bug, and now the developers recommend that all victims arrange it as soon as possible.
Read also: Microsoft and NIST will teach business how to install patches
Symantec did not specify which specific versions of Windows were in conflict with the problematic version 2019/10/14 r61, nor did they begin to give any figures regarding the number of victims. Users who haven’t yet experienced any BSODs are advised to “rollback to an earlier known good content revision to prevent the BSOD situation,” following the step-by-step definition rollback procedure detailed here.
BSOD workarounds
Customers who cannot apply the new signatures by running LiveUpdate on their systems can use the following workaround:
- Boot in Safe Mode and perform the following for x64 or x86 installations of SEP,
- Run sc config idsvia64 start= disabled or sc config idsviax86 start=disabled from cmd,
- Reboot in normal mode,
- Update the IPSdefs,
- Run sc config idsvia64 start= system or sc config idsviax86 start=system from cmd
- Reboot.
Those who cannot grab the new definitions without a BSOD, can also grab the Network-Based Protection (IPS) update from here and install it offline.