Issue: Blue screen with Endpoint Security installed

Version 14

    Verified Product Versions

    LANDESK Management Suite 9.6LANDESK Management Suite 2016.x

    Issue

     

    Occasionally it is possible to experience a blue screen error when using the LANDESK Endpoint Security product.

     

    A blue screen typically occurs when a virtual device driver is reporting an error to the user.  To ensure optimal security, LANDESK Endpoint security uses a Virtual Device Driver called LDSECDRV.SYS.  This virtual device driver works at the kernel level to intercept malware and malicious activity.

     

    Cause

     

    Occasionally conflicts with third-party drivers and/or applications can cause a conflict with LANDESK Endpoint security.  Considering the current installation base of LANDESK Endpoint Security, blue screen incidents have been limited.

     

    This often can occur when a virtual device driver from another program is updated, or when the third party program behaves in such a way that causes an unexpected exception.  Issues reported within the last year have only been seen with the following programs:

     

    • Symantec Endpoint Protection 11 (Install latest LANDESK EPS patch and/or install latest Symantec maintenance update)
      Symantec Endpoint Protection 12 (Install latest LANDESK EPS patch and/or install latest Symantec maintenance update)
                                          (Click here for a Symantec article detailing the latest versions of their products)
    • Trend Micro Officescan
    • HP Proliant Server (Disable NX in BIOS to resolve)
    • Nvidia Graphics Driver (Install latest LANDESK EPS patch and/or install latest Nvidia driver)
    • Windows Live Mail Installer (Install latest LANDESK patch and/or latest version of Windows Live Mail)

     

     

    LANDESK has made code changes to our product to accommodate these issues, however it is always advisable to contact the software vendor causing a conflict and seek resolution.

     

     

    Resolution

     

    LANDESK Software understands the level of impact that these sort of errors have and therefore treats incidents regarding a Blue Screen at the highest priority.

     

    It is important to follow these steps to ensure optimal support:

     

    Prior to contacting LANDESK Support, please be sure to check the following:

     

    1. Do you have the latest patches for LANDESK Endpoint Security installed?  (See http://community.LANDESK.com/support/docs/DOC-27264)
      These patches will start with an "EPS" prefix.
      Often installing the latest patch will resolve known bluescreen issues. 
      Note: It is imperative to ensure that the client has been installed and is up to date.  Often the core server is found to be up to date with the latest patch, but the clients have not been updated to the same patch level.
    2. Do you have the latest version of hardware drivers installed?
    3. Are third-party antivirus or other software products up to date with the latest patches or service packs?
    4. Does the computer have the latest BIOS installed?
    5. Gather Endpoint Security Debug Logs.
    6. Gather a Kernel Memory Dump.  (A minidump is insufficient, it must be a full kernel dump)
    7. Provide the following information:

      - Operating System the client is running.
      - Computer model affected.
      - List of LANDESK EPSs patches installed.
      - STOP code for the Bluescreen error.  If possible, a picture of the blue screen is helpful.
    8. Contact LANDESK Support and let them know the business impact of your issue.

     

    Upon receipt of the support ticket, the issue will be given the highest priority, the memory dump and debug logs analyzed and contact will be made to the customer regarding what they can expect for a fix.

     

    For more information about gathering Endpoint Security Debug Logs and a Kernel Memory dump, please see the following article under the heading "Items to gather for the LANDESK technician":

     

    How to troubleshoot LANDESK Device Control

    http://community.LANDESK.com/support/docs/DOC-9853