14 DAY TRIAL // A number of Symantec customers who applied the updates for Symantec Endpoint Protection (SEP) on July 12 complained that they started experiencing blue screens. After analyzing the incident, the security firm determined that it was caused by a compatibility issue.
Some time has passed since we’ve heard of a situation that involves the infamous blue screen of death (BSOD).
According to Symantec, the problem existed in the SONAR definitions and only affected Windows XP users who performed the update via LiveUpdate. Another ingredient that led to the incident was represented by certain third-party software.
“The root cause of the issue was an incompatibility due to a three way interaction between some third party software that implements a file system driver using kernel stack based file objects – typical of encryption drivers, the SONAR signature and the Windows XP Cache manager,” Orla Cox of Symantec Security Response explained.
“The SONAR signature update caused new file operations that create the conflict and led to the system crash.”
Fortunately, immediately after customers started reporting the problem, the company rushed to address the issue and instructed affected users on how to install the updated signatures.
Some of their clients complained that the update wasn’t tested enough before being released so Symantec detailed the quality assurance process for SONAR – a behavior-based technology integrated into SEP’s Proactive Threat Protection – and explained the cause of the problem.
“The compatibility testing part of the quality assurance process for SONAR signatures missed catching this compatibility issue. It is this part of our process that we will be improving to avoid future issues,” Cox added.
“We are currently restructuring our testing process to improve compatibility testing and will not be releasing new SONAR signatures until this new process is in place.”