News Security

Symantec Endpoint Protection update caused BSOD

Symantec update caused BSOD
Written by Brendan Smith

Windows 7.8 and 10 users encountered an unpleasant problem after updating Symantec Endpoint Protection to version 2019/10/14 r61. This update triggered the legendary Blue Screen of Death (BSOD).

The affected devices malfunctioned, and the update provoked a blue screen of death (BSOD), which referred to problems with IDSvix86.sys and IDSvia64.sys.

“Not feeling well today, but still having a better day than Symantec, who are apparently busy BSOD’ing entire enterprises through a bad signature update in their Endpoint Protection product”, — writes Twitter user @neurovagrant.

In addition, some users complained about an arbitrary reboot of the servers, but did not indicate which OS they were running. Some victims reported that the problem affected dozens of machines in their organization, while others wrote that they had problems with more than 10,000 systems.

First, users fixed the problem on their own (for example, the rollback to the previous version of Symantec Endpoint Protection helped), and then the developers finally reacted to what was happening. The updated version, 2019/10/14 r62, fixed the bug, and now the developers recommend that all victims arrange it as soon as possible.

Read also: Microsoft and NIST will teach business how to install patches

Symantec did not specified which specific versions of Windows were in conflict with the problematic version 2019/10/14 r61, nor did they begin to give any figures regarding the number of victims. Users who haven’t yet experienced any BSODs are advised to “rollback to an earlier known good content revision to prevent the BSOD situation,” following the step-by-step definition rollback procedure detailed here.

BSOD workarounds

Customers who cannot apply the new signatures by running LiveUpdate on their systems can use the following workaround:

  • Boot in Safe Mode and perform the following for x64 or x86 installations of SEP,
  • Run sc config idsvia64 start= disabled or sc config idsviax86 start=disabled from cmd,
  • Reboot in normal mode,
  • Update the IPSdefs,
  • Run sc config idsvia64 start= system or sc config idsviax86 start=system from cmd
  • Reboot.

Those who cannot grab the new definitions without a BSOD, can also grab the Network-Based Protection (IPS) update from here and install it offline.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Brendan Smith

Journalist, researcher, web content developer, grant proposal editor. Efficient and proficient on multiple platforms and in diverse media. Computer technology and security are my specialties.

Leave a Reply

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.