Symantec Endpoint Protection update caused BSOD

by Brendan Smith
August 8, 2023
Symantec update caused BSOD
Written by Brendan Smith

Windows 7.8 and 10 users encountered an unpleasant problem after updating Symantec Endpoint Protection to version 2019/10/14 r61. This update triggered the legendary Blue Screen of Death (BSOD).

The affected devices malfunctioned, and the update provoked a blue screen of death (BSOD), which referred to problems with IDSvix86.sys and IDSvia64.sys.

“Not feeling well today, but still having a better day than Symantec, who are apparently busily BSOD’ing entire enterprises through a bad signature update in their Endpoint Protection product”, — writes Twitter user @neurovagrant.

In addition, some users complained about an arbitrary reboot of the servers but did not indicate which OS they were running. Some victims reported that the problem affected dozens of machines in their organization, while others wrote that they had problems with more than 10,000 systems.

First, users fixed the problem on their own (for example, the rollback to the previous version of Symantec Endpoint Protection helped), and then the developers finally reacted to what was happening. The updated version, 2019/10/14 r62, fixed the bug, and now the developers recommend that all victims arrange it as soon as possible.

Read also: Microsoft and NIST will teach business how to install patches

Symantec did not specify which specific versions of Windows were in conflict with the problematic version 2019/10/14 r61, nor did they begin to give any figures regarding the number of victims. Users who haven’t yet experienced any BSODs are advised to “rollback to an earlier known good content revision to prevent the BSOD situation,” following the step-by-step definition rollback procedure detailed here.

BSOD workarounds

Customers who cannot apply the new signatures by running LiveUpdate on their systems can use the following workaround:

  • Boot in Safe Mode and perform the following for x64 or x86 installations of SEP,
  • Run sc config idsvia64 start= disabled or sc config idsviax86 start=disabled from cmd,
  • Reboot in normal mode,
  • Update the IPSdefs,
  • Run sc config idsvia64 start= system or sc config idsviax86 start=system from cmd
  • Reboot.

Those who cannot grab the new definitions without a BSOD, can also grab the Network-Based Protection (IPS) update from here and install it offline.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Brendan Smith

I'm Brendan Smith, a passionate journalist, researcher, and web content developer. With a keen interest in computer technology and security, I specialize in delivering high-quality content that educates and empowers readers in navigating the digital landscape.

With a focus on computer technology and security, I am committed to sharing my knowledge and insights to help individuals and organizations protect themselves in the digital age. My expertise in cybersecurity principles, data privacy, and best practices allows me to provide practical tips and advice that readers can implement to enhance their online security.

View all posts

Leave a Reply

Sending