CLOUD SOLUTIONS

Blue Screen Of Death caused by BEST

The purpose of this section is to assist the Bitdefender customers using GravityZone in solving the Blue Screen Of Death (BSOD) issues after installing Endpoint Security or BEST on one of the following operating systems:

  • Windows Vista with Service Pack 2 (SP2)

  • Windows Server 2008 with Service Pack 2 (SP2)

  • Windows 7

  • Windows 7 with Service Pack 1 (SP1)

  • Windows Server 2008 R2

  • Windows Server 2008 R2 with Service Pack 1 (SP1)

Introduction

Endpoint Security and BEST use the Windows Filtering Platform API in Windows 7, Windows Server 2008 R2, Windows Server 2008 and Windows Vista. This issue occurs because the FwpsStreamInjectAsync0 function in the API causes the Interrupt Request Level (IRQL) to leak. The FwpsStreamInjectAsync0 function injects TCP data segments into a TCP data stream.

The BSOD event is mostly random and it involves the Endpoint Security endpointservice.exe / BEST epsecurityservice.exe service that is using Windows Filtering Platform Callout Drivers and calls the FwpsStreamInjectAsync0 function that in its default state is vulnerable to injections.

Resolution

If you have encountered this issue and you have one of the operating systems specified, follow this Microsoft knowledge base article related to this issue: Computer stops responding when you run an application that uses the Windows Filtering Platform API in Windows 7, Windows Server 2008 R2, Windows Server 2008, or Windows Vista.

In this article, Microsoft provides you with a hotfix that helps you solve this issue.

The hotfix does not replace any other hotfixes and does not require manual editing of the registry keys. Still, the hotfix requires a reboot.

After installing the hotfix, make sure to update your operating system.