Signature update for Symantec Endpoint protection crashed many device

Symantec rolled out an intrusion prevention signature update for its Endpoint Protection product that has caused many devices to crash and display a so-called blue screen of death (BSOD).

An intrusion prevention signature update for the Endpoint Protection product had a bad impact on the devices, in many cases it caused the devices to crash and display the blue screen of death (BSOD).

Several users reported problems through the company’s support forums and other sites online.

Customers complained about problems with Windows 7, 8 and 10.

Symantec has acknowledged the problem with the update to its Endpoint Protection Client explaining that it causes a Windows kernel exception.

The company released the version 2019/10/14 r62 to address the issue caused by the 2019/10/14 r61 update.

“After running LiveUpdate on Symantec Endpoint Protection (SEP), the computer crashes indicating IDSvix86.sys/IDSvia64.sys as the cause of the exception.” reads the security advisory published by the researchers.

Symantec recommends to download the new signature version for the Endpoint Protection or roll back to an earlier stable version.

“Please run LiveUpdate to download latest Intrusion Prevention signature 2019/10/14 r62, or rollback to an earlier known good content revision to prevent the BSOD situation. Please check How to Backdate Virus Definitions in Endpoint Protection Manager for more details on how to roll back definitions.” continues Symantec.

Customers who cannot run LiveUpdate to apply the signatures on their systems can use the following workaround:

1. Boot in Safe Mode and perform the following for x64 or x86 installations of SEP,
2. Run sc config idsvia64 start= disabled or sc config idsviax86 start=disabled from cmd,
3. Reboot in normal mode,
4. Update the IPSdefs,
5. Run sc config idsvia64 start= system or sc config idsviax86 start=system from cmd
6. Reboot.

Pierluigi Paganini

(SecurityAffairs – Symantec, BSOD)

Share On