Blue screen error in Windows 7 or Windows Vista after installing Symantec Endpoint Protection version 11 RU5 Application and Device Control

book

Article ID: 177964

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Blue screen error in Windows 7 or Windows Vista after installing Symantec Endpoint Protection version 11 RU5 Application and Device Control

Symptoms
Blue screen errors, particular during Windows startup, after installing or upgrading to SEP 11 RU5 including Application and Device Control (ADC)


Cause

For a short time during Windows 7 or Windows Vista startup, some system environment variables are not initialized. If an ADC rule includes such an environment variable the rule cannot expanded correctly. As a result, this rule will block certain startup processes and the BSOD occurs. This is fixed in SEP 11 RU6.

Resolution

Upgrade to SEP 11 RU6.

Workarounds (if not upgrading to SEP 11 RU6)
  • wininit.exe is one of the critical startup processes that can be blocked--try adding it to the excluded list of the ADC rule
    NOTE that wininit.exe is a "caller process" and as such must be excluded at the topmost level of any ADC rule set.
    e.g. you want to allow wininit to launch other processes, not "allow wininit to launch wininit".
  • modify the ADC policy to "log only" and examine logs for additional processes that are matched during startup--try excluding those processes.
  • ... or remove environment variables from ADC rules (or explicitly spell out paths including those variables)