Dear Customers,
On 11 July night, we found a defect on SEP
12.1 VD, which might cause some Win XP machines Blue Screen Of Death issue.
Below is the whole story and how to avoid the issue and what’s the work around
for your reference.
Problem
On July 11th, 2012
at approximately 22.30 PST, Symantec starting receiving reports of customers
experiencing blue screens after applying Antivirus Definitions July 11th
revision 18 and Proactive Threat Protection Definitions July 11th rev 11.
Machines may continue to blue screen after they reboot. This problem only
appears to occur on Windows XP machines running SEP 12.1.
Error
Blue screen (BSOD)
with code 0x000000CB after installing the definitions from 11/07/2012 rev. 11
or rev. 18
Environment
SEP 12.1 Systems on
Windows XP 32 bit and 64 bit
Cause
Symantec has
reproduced the problem and is now trying to identify the root cause. We have
posted updated signatures which resolve the issue to the public LiveUpdate
production servers.
Solution
Symantec has posted
updated signatures which resolve the issue to the public LiveUpdate production
servers. To work around the issue please follow these steps on the impacted
machines.
For Enterprise
customers, make sure you have updated to the latest virus definitions on the
Symantec Endpoint Protection Manager(SEPM)
1. Open the Symantec Endpoint Protection Manager
2. Login
3. Select "Admin"
4. Select "Local site"
5. Select "Download
LiveUpdate content"
On affected client
machines running Symantec Endpoint Protection 12.1
1. Start computer in safe mode
2. Navigate to the Symantec Endpoint Protection
definition directory: C:\Documents and Settings\All Users\Application
Data\Symantec\Symantec Endpoint
Protection\CurrentVersion\Data\Definitions\BASHDefs
3. Delete the latest content directory (should be
20120711.011)
4. Reboot
Note: If the client is pulling down content from
LiveUpdate or LiveUpdate Administrator, please run LiveUpdate. If the client is
pulling down content from the SEPM, the content will be automatically
downloaded without any interaction. Until the content is delivered, the client
UI may show with a warning due to missing content.
When the system has
been updated properly in the client user interface for Proactive Threat
Protection the definition versions will be Wednesday, July 11, 2012 r12
Article URL
http://www.symantec.com/docs/TECH192811
Thanks & Regards,
Linda
