When multiple successive versions of SEP have been installed or upgraded on a computer the catroot database used by Windows' CryptSvc may exhibit signs of corruption.

Symptoms:

• Launching PowerShell, cscript or similar takes minutes instead of seconds
• Signature verification using catalogs fails or takes forever
• C:\Windows\System32\catroot2\dberr.txt contains related errors

CIDS driver installs its catalog file to unique GUIDs for each version, and cleanup of the prior catalog may occasionally fail. Windows eventually reaches a subsystem limit and the catroot database will generate error codes like -1601, -1811, and -1805.

Upgrading the SEP client to 14.3 RU4 will attempt to clean the stale catalog files. If installation fails, a reboot may be necessary to allow the cleanup to complete before attempting the install again.

A permanent fix is being developed for release in a future version. This document will be updated upon its release.

SEP-75245

SEP-75255