'Fwd: Windows Blue Screen Issue'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       patchmanagement
Subject:    Fwd: Windows Blue Screen Issue
From:       "Blaine D'Amico" <damico () gwu ! edu>
Date:       2012-07-12 23:57:08
Message-ID: CAPTc-mtYa-eekkCKnvXCg4puosXGYxhtqwEGwLrDMHu31B8y=w () mail ! gmail ! com
[Download RAW message or body]

So did anyone else on this list get hit by this.  We had at least dozen
machines bluescreening repeatedly today because of this issue.

-----------

Today we have encountered a handful of Windows machines with "blue screen"
issues.  These Windows XP systems are either in a reboot loop or boot to a
BSOD, usually  with a STOP 0x0000000A error message.

We have identified root cause as a Symantec Endpoint Protection (SEP)
update.  Until Symantec corrects the problem it is recommended that all
centrally managed SEP clients be rolled back to a signature version prior
to July 11.  The Division of IT has rolled back the offending update from
the GWU SEP management domain, but some machines were already affected.

The definition file from SEP that is causing the problem is 07/11/2012
rev18.  Anything prior to that is fine.  The GWU domain GW-Managed SEP 12.1
group is now at 07/11/2012 rev3. If you manage your own SEP domain, you
will want to rollback the update. If you need assistance with this please
submit a web ticket and request that it be assigned to SNS.

If you have computers that are exhibiting the blue screen issue the
workaround  is to perform the following steps in addition to rolling back
to a previous signature file.

Resolution:  This is a temporary resolution.  Full resolution requires SEP
to correct and reissue the update.

1)  Boot into Safe Mode and log in.

2)  Open regedit.

3)  Navigate to HKLM/System/CurrentControlSet/Services/BHDrvx86

4)  Change the value for Start from 1 to 4.

5)  Reboot.  Wait, because it seems to take a bit longer than normal.

6)  Log in.

This is a temporary workaround until Symantec fixes the issue as this
action disables the SONAR security features in SEP.

---
When posting or replying to messages on this list, please send all
emails in plain text format.  HTML formatted messages will not be accepted.

PatchManagement.org is hosted by VMware

To unsubscribe send a blank email to leave-patchmanagement@patchmanagement.org
If you are unable to unsubscribe via this email address, please email
owner-patchmanagement@patchmanagement.org
[Attachment #3 (text/html)]

<p>So did anyone else on this list get hit by this.=A0 We had at least doze=
n machines bluescreening repeatedly today because of this issue.</p>
<p>-----------</p>
<p>Today we have encountered a handful of Windows machines with &quot;blue =
screen&quot; issues.=A0 These Windows XP systems are either in a reboot loo=
p or boot to a BSOD, usually=A0 with a STOP 0x0000000A error message.</p>
<p>We have identified root cause as a Symantec Endpoint Protection (SEP) up=
date.=A0=A0Until Symantec corrects the problem it is recommended that all c=
entrally managed SEP clients be rolled back to a signature version prior to=
 July 11.=A0 The Division of IT has rolled back the offending update from t=
he GWU SEP management domain, but some machines were already affected.=A0</=
p>

<p>The definition file from SEP that is causing the=A0problem is 07/11/2012=
 rev18. =A0Anything prior to that is fine. =A0The=A0GWU domain GW-Managed S=
EP 12.1 group is now at 07/11/2012 rev3.=A0If you manage your own SEP domai=
n, you will want to rollback the update. If you need assistance with this p=
lease submit a web ticket and request that it be assigned to SNS.<br>

=A0<br>
If you have computers that are exhibiting the blue screen=A0issue the worka=
round=A0 is to perform the following steps in addition to rolling back to a=
 previous signature file.</p>
<p>Resolution:=A0 This is a temporary resolution.=A0 Full resolution requir=
es SEP to correct and reissue the update.=A0</p>
<p>1)=A0 Boot into Safe Mode and log in.</p>
<p>2)=A0 Open regedit.</p>
<p>3)=A0 Navigate to HKLM/System/CurrentControlSet/Services/BHDrvx86</p>
<p>4)=A0 Change the value for Start from 1 to 4.</p>
<p>5)=A0 Reboot.=A0 Wait, because it seems to take a bit longer than normal=
.</p>
<p>6)=A0 Log in.</p>
<p>This is a temporary workaround until Symantec fixes the issue as this ac=
tion disables the SONAR security features in SEP.<br><br><br><br></p>


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic