Symantec explains Windows XP 'blue screen of death' outbreak

Summary:The security firm is 'restructuring' its SONAR signature quality assurance process after an incompatibility took down a number of Symantec-protected Windows XP machines last week

Symantec has explained a compatibility problem that saw some of its Windows XP-using customers experience the 'blue screen of death' last week.

The company said on the weekend that a "full evaluation and root cause analysis of the issue" showed that the only customers to be affected were those running XP, certain third-party software, the latest version of Symantec's behaviour-based SONAR technology, and the 11 July rev11 SONAR signature set.

"The root cause of the issue was an incompatibility due to a three-way interaction between some third-party software that implements a file system driver using kernel stack based file objects — typical of encryption drivers, the SONAR signature and the Windows XP Cache manager," Symantec Security Response team member Orla Cox said in a blog post. "The SONAR signature update caused new file operations that create the conflict and led to the system crash."

Cox detailed the many elements of Symantec's quality assurance process for SONAR signatures, but conceded that it failed to catch this problem before the affected signature set was rolled out. She added that the company was tweaking its testing process to make sure it didn't happen again, and no new SONAR signatures would be released until that "restructuring" has taken place.

After the problem manifested itself on 11 July, Symantec rolled back the rev11 signature set — it was only being pushed out by the company's LiveUpdate servers for just over eight hours.

Soon afterwards, Symantec posted updated — and less crash-prone — 'r12' signatures to the public LiveUpdate production servers.

"Once the signature was rolled back, no new issues were reported from the field," the security firm said in a summary of the incident.

Topics: Security, Windows


David Meyer is a freelance technology journalist. He fell into journalism when he realised his musical career wouldn't be paying many bills. His early journalistic career was spent in general news, working behind the scenes for BBC radio and on-air as a newsreader for independent stations. David's main focus is on communications, of both... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.