Symantec's update to its anti-virus software has caused thousands of Windows PCs to go blue screen. The company acknowledged the problem for what it said was a "subset" of customers, and a revised update was issued.
In a posting on the Symantec corporate blog on Saturday, Symantec Security Response's Orla Cox said that it was determined the issue was "limited to machines running a combination of Windows XP, the latest version of the SONAR technology, the July 11th rev11 SONAR signature set, and certain third party software." The specific third-party software was not indicated.
The root cause, wrote Cox, was an "incompatibility due to a three-way interaction between some third-party software that implements a file system driver using kernel stack based objects," such as those found in encryption drivers, the SONAR signature and the Windows XP Cache manager.
The SONAR signature update, which was sent by Symantec on July 11 and 12, caused "new file operations that create the conflict" and led to the crash, the company said.
Cox said Symantec understands the problems this kind of incompatibility creates for customers, and said that, despite an "extensive" quality assurance process, this particular confluence was missed. She added that a new QA process will be implemented before new SONAR signatures are released. SONAR is Symantec Online Network for Advanced Response, an anti-malware software issued by the company.
Another Symantec posting, written by the Security Team's Michael Marfise and updated Monday, said that, once the cause was discovered, the signature was removed from the SONAR definition set and "an updated definition set was published" in a rollback version on July 12 at 2:51 a.m. PT. He added that, "once the signature was rolled back, no new issues were reported from the field."
The company said it was reaching out to offer technical assistance to customers who have posted in its online community. It has also posted a work-around solution on its Web site at http://www.symantec.com/docs/TECH192811.
'Quality Control Is a Joke'
The reports began to circulate last week, and the Symantec Web site support forum was full of complaints about the lack of customer support. Reuters provided examples of a Dutch company, PSO Beheer BV, that had to close a laboratory after 150 PCs shut down, and an unnamed insurance company in Maryland that had to turn off anti-virus protection on more than 100 machines to prevent the problem.
One user named Andrew Parkes wrote on the Symantec forum that "the support is a joke, the quality control is a joke and the software is not much better."
Symantec Security Response said the reports began on July 11, with machines showing the famous "blue screen of death," rebooting themselves, and then repeating the cycle.
The company has reported that computers with the enterprise-grade Symantec Endpoint Protection anti-virus software, as well as the consumer-grade Norton 2010, 2011, 2012, and Norton 360 were susceptible.
The update in question was issued for about eight hours, beginning about 6:30 p.m. on July 11, after which Symantec ceased its availability.
Posted: 2012-08-25 @ 10:10am PT
I had the same problem; and resulted PC infected by Trojan Access. I completely removed Norton and I will on my other PC, and install another internet security program.