Crash with error DRIVER_IRQL_NOT_LESS_OR_EQUAL (IDSVia64.sys) on Endpoint Protection systems
search cancel

Crash with error DRIVER_IRQL_NOT_LESS_OR_EQUAL (IDSVia64.sys) on Endpoint Protection systems


Article ID: 165313


Updated On:


Endpoint Protection


You experience a Blue Screen of Death (BSoD) with error DRIVER_IRQL_NOT_LESS_OR_EQUAL (IDSVia64.sys) on systems with Symantec Endpoint Protection (SEP) that received the May 11, 2017 CIDS definitions update (sequence #170511.021).  Further analysis of the dump or the related BugCheck event ID 1001 error in the Windows System log shows that the specific Bug Check code is 0xD1, with parameters {8, 2, 0, <address>}.

The Network and Host Exploit Mitigation or Network Threat Protection Definitions are dated 11 May 2017 r21.

*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *

An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arg1: 0000000000000008, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff800724c80d7, address which referenced memory

Debugging Details:

ffffd38044766e98 fffff80320dcb629 : 000000000000000a 0000000000000008 0000000000000002 0000000000000000 : nt!KeBugCheckEx
ffffd38044766ea0 fffff80320dc9c07 : 00000000fffffff8 0000000000000001 ffffd38044767060 fffff80072505708 : nt!KiBugCheckDispatch+0x69
ffffd38044766fe0 fffff800724c80d7 : 00000000fffffff8 ffffd38044767280 ffff9801ca623530 0000000000000000 : nt!KiPageFault+0x247
ffffd38044767170 fffff800724953b6 : ffff9801cddc3dd0 ffff9801cd86c290 ffff9801cb7021c8 ffffd38044767d00 : IDSvia64
ffffd38044767350 fffff800724d1f71 : ffffd38044767740 ffffd38044767bc8 ffffd38044767d00 0000000000000000 : IDSvia64
ffffd38044767450 fffff80071fddbb6 : ffff9801caf11bd0 ffffd38044767600 0000000000000174 0000000000000000 : IDSvia64
ffffd38044767500 fffff80071fdd02e : ffffd38044760034 ffffd38044767bc8 ffffd38044767d00 0000000000000000 : NETIO!ProcessCallout+0x9b6


Symantec Endpoint Protection 14 (MP1)


This issue was addressed in the CIDS 15.2.5 and 16.1.4 definitions, the latter of which were delivered via LiveUpdate to SEP 12.1 and 14.0 or higher clients on September 20, 2017.

Related terms: IDSvia64sys