BUG REPORT: Symantec FileShare Encryption (formerly PGP Netshare) is using a legacy kernel filter driver

book

Article ID: 157948

calendar_today

Updated On:

Products

File Share Encryption Powered by PGP Technology

Issue/Introduction

Microsoft has recently recommended that all legacy kernel filter drivers undergo a certification from Microsoft where they provide an altitude level for your driver to sit on the kernel stack. The pgpfs driver used by Symantec Corporation for FileShare Encryption (formerly known as PGP Netshare) is using a legacy kernel filter driver.

You may not visibly see any error messages related to this issue. But you may notice system crashes. Commonly referred to as a Blue Screen of Death (BSOD) error related to this issue.

Cause

Microsoft made changes to their kernel which require the usage of driver altitude level settings with Windows 7. For more information please refer to the following resources on Microsoft's website:

http://msdn.microsoft.com/en-us/library/windows/hardware/ff541610%28v=vs.85%29.aspx

http://msdn.microsoft.com/en-us/library/windows/hardware/ff547378%28v=vs.85%29.aspx

Resolution

Symantec Corporation is committed to product quality and satisfied customers.  This issue is currently being considered by Symantec Corporation to be addressed in a forthcoming version or Maintenance Pack of the product.  Please be sure to refer back to this document periodically as any changes to the status of the issue will be reflected here.

The following is a known temporary workaround for the issue until the version/maintenance pack is released:

All workaround solutions involve disabling the Netshare (Symantec FileShare) driver. Solution A involves disabling Netshare during an upgrade. Solution B involves uninstalling Symantec Encryption Desktop (PGP Desktop) and reinstalling. Both solutions require that you use an MSI installer to install. If you are using a standalone installation of SED (PGP) you need to extract the MSI from the .EXE install, to do so please follow TECH167331 as your guide to obtain the MSI installer.

Solution A:

During an Symantec Encryption Desktop upgrade you will need to specify custom MSI options to disable Symantec FileShare Encryption (formerly PGP Netshare). This solution might be prefered if your client machine is whole disk encrypted since it would prevent you from having to decrypt the encrypted drive.

1) Obtain your MSI installer either from a Symantec Encryption Management Server (formerly PGP Universal Server) or from the steps in TECH167331 for standalone clients.

2) Run the following msiexec command line options when you are ready to upgrade:

    msiexec /i "Path_to_MSI_Installer" PGP_INSTALL_NETSHARE=0

Solution B:

Uninstall Symantec Encryption Desktop and re-install specifying the custom MSI options to disable Symantec FileShare Encryption (formerly PGP Netshare).

1) Obtain your MSI installer either from a Symantec Encryption Management Server (formerly PGP Universal Server) or from the steps in TECH167331 for standalone clients..

2) Uninstall Symantec Encryption Desktop and reboot.

3) Run the following msiexec command line options when you are ready to reinstall Symantec Encryption Desktop.

   msiexec /i "Path_to_MSI_Installer" PGP_INSTALL_NETSHARE=0


Applies To

Windows 7 (32-bit and 64-bit Edition)

Symantec Encryption Desktop 10.3.0 with FileShare Encryption enabled