A Windows blue screen has been reported when running Endpoint Security Solution and/or Norton AntiVirus with SVS fxls.sys driver versions 2.0.1403 or 2.0.1404

There is a conflict between older versions of SVS and recent definition files for SEP and SAV that has been causing bluescreens. Most people should not encounter this problem because newer versions of SVS do not have this issue. The versions having the problem that have been reported are in the 2.0 line. Customers should update to the 2.1 releases of SVS.

If you are experiencing these blue screens, try the following solution below. This solution has been tested and should work; if it doesn't, please let us know.

To resolve this issue, the following is recommended:

1. Update Software Virtualization Solution to the latest build (as soon as the client is not in a blue-screen state).
2. Update the registry on each computer that has Endpoint Security Solution or Norton AntiVirus and Software Virtualization Solution installed. 
   1. Boot into Safe Mode (if you are in the blue-screen state).
   2. Back up the registry.
   3. Open regedit and browse to HKEY_LOCAL_MACHINE\SYSTEM\Altiris\FSL\ProgramIgnoreList.
      
      The registry key will have data similar to the example below:  (Note: The directory paths may different on each individual system. The example below is an example of SEP/SAV installed to the default paths.)
      
      [_B_]PROGRAMFILES[_E_]\NAVNT\rtvscan.exe
      [_B_]PROGRAMFILES[_E_]\Symantec_Client_Security\Symantec Antivirus\rtvscan.exe
      [_B_]PROGRAMFILES[_E_]\Symantec Client Security\Symantec Antivirus\rtvscan.exe
      [_B_]PROGRAMFILES[_E_]\Symantec Antivirus\rtvscan.exe
   4. Double-click on the ProgramIgnoreList key and add the two paths below:
      
      [_B_]PROGRAMFILES[_E_]\Symantec Antivirus\defwatch.exe
      [_B_]PROGRAMFILES[_E_]\Symantec Antivirus\dwhwizrd.exe
      
      The key will now look like this:
      
      [_B_]PROGRAMFILES[_E_]\NAVNT\rtvscan.exe
      [_B_]PROGRAMFILES[_E_]\Symantec_Client_Security\Symantec Antivirus\rtvscan.exe
      [_B_]PROGRAMFILES[_E_]\Symantec Client Security\Symantec Antivirus\rtvscan.exe
      [_B_]PROGRAMFILES[_E_]\Symantec Antivirus\rtvscan.exe
      [_B_]PROGRAMFILES[_E_]\Symantec Antivirus\defwatch.exe
      [_B_]PROGRAMFILES[_E_]\Symantec Antivirus\dwhwizrd.exe
      
   5. Close the Registry and restart the computer. What you should be able to verify is the Definitions would be updated (you may have this process automatically) and the client did not go to a blue screen.
   6. The other option is if the clients are able to PXE boot (MS DOS automation partition), you can run the the batch script to rename the fslx.sys.
      
      FIRM COPY PROD:\WINDOWS\system32\drivers\fslx.sys PROD:\WINDOWS\system32\drivers\fslx.BAD
      FIRM DELETE PROD:\WINDOWS\system32\drivers\fslx.sys

Note: There is no need to re-create, remove, push, import, modify, or repackage your virtual layers after you upgrade from Software Virtualization Solution 2.0 to 2.1; all you have to do is upgrade to Software Virtualization Solution 2.1 and then activate the existing layers on the computer. They will be automatically upgraded to work with the latest build.

Applies To

Software Virtualization Solution 2.0.1403, 2.0.1404 (all builds of 2.0.xxxx)