Enabling Driver Verifier with Blue Screen Memory Dumps related to Symantec Encryption clients

book

Article ID: 170382

calendar_today

Updated On:

Products

Drive Encryption Drive Encryption Powered by PGP Technology Encryption Desktop Powered by PGP Technology Endpoint Encryption

Issue/Introduction

In the event a Blue Screen occurs on a machine encrypted with Symantec Encryption software, complete memory dumps are typically needed. In some cases, more detailed memory dumps may be needed.

This article will go over the steps on how to obtain these more detailed memory dumps for both Symantec Endpoint Encryption and Symantec Encryption Desktop. 

One example of when this may be needed is if Symantec Encryption Desktop displays a Blue Screen of Death (BSoD) error referencing the PGPwded.sys driver.

Environment

  • Symantec Encryption Desktop 10.4.2 and above.
  • Symantec Endpoint Encryption 11.2 and above.

Resolution

If BSoD errors are occurring, first upgrade to the latest release of Encryption Desktop or Endpoint Encryption and ensure that the machine's BIOS and disk controller drivers are up to date.

When other troubleshooting steps have been unsuccessful, in order to fully analyze BSoD issues, Symantec Technical Support may ask for a memory dump.

Complete memory dumps are not enabled by default. To configure Windows to generate complete memory dumps, please see article 179911.

If Symantec Support does need the driver verifier dumps enabled, and once the complete memory dumps are configured, reboot and enable Microsoft Driver Verifier and customize it as follows.

Note: It is important to exclude Security checks from the Verifier configuration (see step 4 below) because some security checks in Verifier generate an erroneous DRIVER_VERIFIER_DETECTED_VIOLATION (c4) bug check:

  1. Open Verifier by using the Run command or using the Start menu.
  2. From run, type: verifier and click OK.
  3. Select Create custom settings (for code developers) and click Next:
  4. Choose Special Pool, Pool tracking, I/O verification, Deadlock detection and IRP Logging and click Next:


  5. Preferably, choose Select driver names from a list or alternatively choose Automatically select all drivers installed on this computer and click Next:
  6. For Encryption Desktop, select all drivers beginning with pgp* along with fvevol.sys, rdyboost.sys, volsnap.sys and any other disk related drivers that you see and click Finish:

    For Endpoint Encryption, select eeddiskencryptiondriver.sys and eedprotectiondriver.sys. If Endpoint Encryption Removable Media Encryption appears to be causing the blue screen, also select eerfsfd.sys.
     
  7. Reboot the system. When a memory dump is produced, it will typically be saved in %SystemRoot%\MEMORY.DMP.
  8. To display the current Verifier settings, open Verifier and choose Display existing settings.
  9. To reset Verifier to its defaults, open Verifier and choose Delete existing settings.

Attachments