Ye olde Blue Screen of Death is back – this time, a bad Symantec update is to blame
The wrong kind of intrusion protection
Updated Symantec has acknowledged an issue with an update to its Endpoint Protection Client that causes a Windows kernel exception after users this morning came down with a mild case of Blue Screen of Death.
A Reg reader who got in touch about the problem confirmed "multiple" businesses running Symantec were getting hit with the BSOD stick.
According to the support note TECH256643:
When run LiveUpdate, Endpoint Protection Client gets a Blue Screen Of Death (BSOD) indicates IDSvix86.sys/IDSvia64.sys is the cause of the exception BAD_POOL_CALLER (c2) or KERNEL_MODE_HEAP_CORRUPTION (13A).
When BSOD happens, Intrusion Prevention signature version is 2019/10/14 r61.
The solution, presuming you can persuade Windows to boot successfully, is either to run a further update to get release R62 of the bad Intrusion Protection signature, or roll back to an earlier one.
Symantec said it was aware of the issue and would update the support doc "when new information becomes available".
It is not yet clear which versions of Windows are affected.
Thanks to Reg reader Tarjei Utnes for the tip. ®
Updated to add
Symantec has sent in the following statement:
"We learned of the SEP issue earlier this morning and immediately issued an update to resolve it."