Issue/Introduction:
A blue screen error has been reported on certain combinations of hardware/operating systems and PGP WDE or SEE-FD software when Microsoft Driver Verifier is enabled with default settings. Following is the list of combination of hardware and OS combinations where we have encountered issues, though other models could be affected.
1. Manufacturer : DELL Inc.
Model : Latitude E6510
Processor : Intel (R ) Core (TM) i7 CPU M 640 @ 2.80 GHZ 2.79GHZ
Installed Memory : 4.0 GB (3.80 usable)
System Type : 64 bit operating system
Windows edition : Microsoft Windows 7 Professional SP1
2. Manufacturer : Dell Inc.
System Model : PowerEdge SC440
System Type : X86-based PC
Processor : x86 Family 15 Model 6 Stepping 4 GenuineIntel ~2793 Mhz
Installed Memory : 1,024.00 MB
Windows edition : Microsoft Windows XP Professional Version 5.1.2600 Service Pack 3 Build 2600
PGP WDE or SEE-FD utilize low level system calls to make the secure transition from Windows boot loader to Windows kernel. Those low level system calls are safe to use but are rarely needed by ordinary device drivers. Microsoft Device Verifier detects unusual behavior in device drivers and triggers kernel panic (a blue screen error) when it determines it is no longer safe for Windows kernel to keep running. Symantec believes the blue screen error triggered by the Driver Verifier is a false positive detection by Microsoft and is actively working with Microsoft to resolve this issue.
Resolution:
A temporary work around is:
· For systems running Windows XP, disable the custom setting "Enhanced I/O Verification" in Driver Verifier on systems affected by the blue screen error, and then reboot. You should not see any more blue screens errors. To disable the custom setting, in the Driver Verifier Options, select Create custom setting, select individual setting from the full list, and then select Enhanced I/O Verification.
· For systems running Windows Vista/Windows 7, there are no options or command line to switch-off the Enhanced IO Verification (flag bit 6) flag in the verifier. It is replaced by new "IO verification.” It is observed that Enhanced IO verification flag is by default set to 1 on Windows Vista/Windows 7 regardless of whether you select IO verification or not. If you de-select the IO verification, it does not disables this flag value. To avoid the blue screen error on Windows Vista/Windows 7 systems, de-select the PGP WDE driver (PGPwded.sys) or the SEE-FD driver (ephdlink.sys) from driver verifier if selected.
In either case, Symantec recommends the best option is to de-select the PGP WDE or SEE-FD driver from the driver list in Driver Verifier.