Symantec has rolled back the Eraser engine that causes this issue. The definitions that contain the rollback are dated 20 August 2013, revision 19, sequence number 146721. Symantec recommends that you update your virus definitions to this version or later.
If the August 19 rev. 17 definitions are on a client, do one of the following to solve the problem, depending on the state of the client:
If the client has not been restarted, update the definitions
- From Symantec Endpoint Protection Manager, click Admin.
- In the left pane, select Servers.
- Under View Servers, select a site to update.
- Under Tasks, click Download LiveUpdate Content, and then click Download.
The clients receive the new definitions as they check in with the manager.
- Confirm that the content version on the client is August 20, 2013 rev. 19 or later.
If the client has been restarted, and is experiencing blue screen errors, disable the Eraser driver and update the definitions
- Start the computer in Safe Mode.
- In Device Manager, click View > Show hidden devices.
- Click Non-Plug and Play Drivers, then right-click Symantec Eraser Control Driver and click Properties.
- Under Startup Type, select Disabled, and then click OK.
- Restart the client computer.
- Confirm that the computer starts correctly in normal mode.
- From Symantec Endpoint Protection Manager, click Admin.
- In the left pane, select Servers.
- Under View Servers, select a site to update.
- Under Tasks, click Download LiveUpdate Content, and then click Download.
The clients receive the new definitions as they check in with the manager.
- Confirm that the content version on the client is August 20, 2013 rev. 19 or later.
- In Device Manager, click View > Show hidden devices.
- Click Non-Plug and Play Drivers, then right-click Symantec Eraser Control Driver and click Properties.
- Under Startup Type, select System, and then click OK.
- Restart the client computer.
- Confirm that the computer starts correctly in normal mode.
If you are unable to update the definitions, you can backdate the definitions to work around the problem. Do one of the following, depending on the state of the client:
If the client has not been restarted, backdate the definitions
- From Symantec Endpoint Protection Manager, click Policies.
- Under View Policies, click LiveUpdate.
- On the LiveUpdate Content tab, select the LiveUpdate content policy.
- In the LiveUpdate Content pane, under Virus and spyware definitions, check Select a revision, and then click Edit.
- Select a set of definitions prior to the August 19 rev. 17 set, and click OK.
The clients receive the backdated definitions as they check in with the manager.
- Confirm that the content has been backdated on the client.
If the client has been restarted, and is experiencing blue screen errors, disable the Eraser service and backdate the definitions
- Start the computer in Safe Mode.
- In Device Manager, click View > Show hidden devices.
- Click Non-Plug and Play Drivers, then right-click Symantec Eraser Control Driver and click Properties.
- Under Startup Type, select Disabled, and then click OK.
- Restart the client computer.
- Confirm that the computer starts correctly in normal mode.
- From Symantec Endpoint Protection Manager, click Policies.
- Under View Policies, click LiveUpdate.
- On the LiveUpdate Content tab, select the LiveUpdate content policy.
- In the LiveUpdate Content pane, under Virus and spyware definitions, check Select a revision, and then click Edit.
- Select a set of definitions prior to the August 19 rev. 17 set, and click OK.
The clients receive the backdated definitions as they check in with the manager.
- Confirm that the content has been backdated on the client.
- In Device Manager, click View > Show hidden devices.
- Click Non-Plug and Play Drivers, then right-click Symantec Eraser Control Driver and click Properties.
- Under Startup Type, select System, and then click OK.
- Restart the client computer.
- Confirm that the computer starts correctly in normal mode.