Symantec has reported that a recent antivirus update caused a number of PCs running Windows XP to crash. The conflict is said to affect Symantec Endpoint Protection 12.1 software designed for business clients, resulting in the all-too-familiar blue screen of death for some if the right combination of software is present.
In a blog post on the subject, Symantec’s Orla Cox points out that customers running a combination of Windows XP, the latest version of Symantec Online Network for Advanced Response (SONAR), the rev11 SONAR signature set and “certain third party software” were affected.
The root cause of the issue was an incompatibility due to a three way interaction between some third party software that implements a file system driver using kernel stack based file objects – typical of encryption drivers, the SONAR signature and the Windows XP Cache manager. The SONAR signature update caused new file operations that create the conflict and led to the system crash.
The blog post highlights the fact that their compatibility testing phase missed catching the issue and that they would be working to improve this part of the process to avoid similar problems in the future. Symantec won’t be releasing any new SONAR signature drivers until this new process is in place.
The security company was first made aware of the issue last week via customer complaints after installing revision 18 definitions. They reportedly worked around the clock to remedy the situation, issuing a rollback a day later but even that short amount of downtime can be a serious issue for a small business and their IT team.
Symantec told CNET that they wouldn’t be compensating users for lost worker production or time and effort that IT staff invested to get systems back up and running, despite claims to the contrary on Symantec’s discussion board.
