Using the Microsoft Driver Verifier with PGP WDE/SEE-FD


Article ID: 156097


Updated On:


Endpoint Encryption


A blue screen error has been reported on certain combinations of hardware/operating systems and PGP WDE or SEE-FD software when Microsoft Driver Verifier is enabled with default settings. Following is the list of combination of hardware and OS combinations where we have encountered issues, though other models could be affected.

1.            Manufacturer                    : DELL Inc.
               Model                                 : Latitude E6510
               Processor                           : Intel (R ) Core (TM)  i7 CPU M 640 @ 2.80 GHZ 2.79GHZ
               Installed Memory             : 4.0 GB (3.80 usable)
               System Type                      : 64 bit operating system
               Windows edition              : Microsoft Windows 7 Professional SP1
2.            Manufacturer                    : Dell Inc.            
               System Model                   : PowerEdge SC440         
               System Type                     : X86-based PC  
               Processor                          : x86 Family 15 Model 6 Stepping 4 GenuineIntel ~2793 Mhz           
               Installed Memory             : 1,024.00 MB
               Windows edition              : Microsoft Windows XP Professional Version 5.1.2600 Service Pack 3 Build 2600          
PGP WDE or SEE-FD utilize low level system calls to make the secure transition from Windows boot loader to Windows kernel. Those low level system calls are safe to use but are rarely needed by ordinary device drivers. Microsoft Device Verifier detects unusual behavior in device drivers and triggers kernel panic (a blue screen error) when it determines it is no longer safe for Windows kernel to keep running. Symantec believes the blue screen error triggered by the Driver Verifier is a false positive detection by Microsoft and is actively working with Microsoft to resolve this issue.


A temporary work around is:

·         For systems running Windows XP, disable the custom setting  "Enhanced I/O Verification"  in Driver Verifier on systems affected by the blue screen error, and then reboot. You should not see any more blue screens errors. To disable the custom setting, in the Driver Verifier Options, select Create custom setting, select individual setting from the full list, and then select Enhanced I/O Verification.
·         For systems running Windows Vista/Windows 7, there are no options or command line to switch-off the Enhanced IO Verification (flag bit 6) flag in the verifier. It is replaced by new "IO verification.” It is observed that Enhanced IO verification flag is by default set to 1  on Windows Vista/Windows 7 regardless of whether you select IO verification or not. If you de-select the IO verification, it does not disables this flag value. To avoid the blue screen error on Windows Vista/Windows 7 systems, de-select the PGP WDE driver (PGPwded.sys) or the SEE-FD driver (ephdlink.sys) from driver verifier if selected.
In either case, Symantec recommends the best option is to de-select the PGP WDE or SEE-FD driver from the driver list in Driver Verifier.