Signature update for Symantec Endpoint protection crashed many device

Symantec rolled out an intrusion prevention signature update for its Endpoint Protection product that has caused many devices to crash and display a so-called blue screen of death (BSOD).

An intrusion prevention signature update for the Endpoint Protection product had a bad impact on the devices, in many cases it caused the devices to crash and display the blue screen of death (BSOD).

Several users reported problems through the company’s support forums and other sites online.

Customers complained about problems with Windows 7, 8 and 10.

Symantec has acknowledged the problem with the update to its Endpoint Protection Client explaining that it causes a Windows kernel exception.

The company released the version 2019/10/14 r62 to address the issue caused by the 2019/10/14 r61 update.

“After running LiveUpdate on Symantec Endpoint Protection (SEP), the computer crashes indicating IDSvix86.sys/IDSvia64.sys as the cause of the exception.” reads the security advisory published by the researchers.

Symantec recommends to download the new signature version for the Endpoint Protection or roll back to an earlier stable version.

“Please run LiveUpdate to download latest Intrusion Prevention signature 2019/10/14 r62, or rollback to an earlier known good content revision to prevent the BSOD situation. Please check How to Backdate Virus Definitions in Endpoint Protection Manager for more details on how to roll back definitions.” continues Symantec.

Customers who cannot run LiveUpdate to apply the signatures on their systems can use the following workaround:

Boot in Safe Mode and perform the following for x64 or x86 installations of SEP,
Run sc config idsvia64 start= disabled or sc config idsviax86 start=disabled from cmd,
Reboot in normal mode,
Update the IPSdefs,
Run sc config idsvia64 start= system or sc config idsviax86 start=system from cmd
Reboot.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Symantec, BSOD)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.