In the event a Blue Screen occurs on a machine encrypted with Symantec Encryption software, complete memory dumps are typically needed. In some cases, more detailed memory dumps may be needed.
This article will go over the steps on how to obtain these more detailed memory dumps for both Symantec Endpoint Encryption 11 and Symantec Encryption Desktop 10.
One example of when this may be needed is if Symantec Drive Encryption displays a Blue Screen of Death (BSoD) error referencing the PGPwded.sys driver.
If BSoD errors are occurring, first upgrade to the latest release of Encryption Desktop and ensure that the machine's BIOS and disk controller drivers are up to date.
When other troubleshooting steps have been unsuccessful, in order to fully analyze BSoD issues, Symantec Technical Support may ask for a memory dump.
Complete memory dumps are not enabled by default. To configure Windows to generate complete memory dumps, please see the article HOWTO31321.
If Symantec Support does need the driver verifier dumps enabled, and once the complete memory dumps are configured, reboot and enable Microsoft Driver Verifier and customize it as follows.
Note: It is important to exclude Security checks from the Verifier configuration (see step 4 below) because some security checks in Verifier generate an erroneous DRIVER_VERIFIER_DETECTED_VIOLATION (c4) bug check:
Open Verifier by using the Run command or using the Start menu.
From run, type: verifier and click OK.
Select Create custom settings and click Next:
Choose Select individual settings from a full list and click Next:
Choose Special Pool, Pool tracking, I/O verification and IRP Logging and click Next:
TIP: The screenshots may appear differently on Windows 10, however, the options are the same.
Preferably, choose Select driver names from a listor alternatively choose Automatically select all drivers installed on this computerand click Next:
Select all drivers beginning with pgp* along with fvevol.sys, rdyboost.sys, volsnap.sys and any other disk related drivers that you see and click Finish:
NOTE: For Symantec Endpoint Encryption, select "eeddiskencryptiondriver.sys" and "eedprotectiondriver.sys". If Symantec Endpoint Encryption Removable Media Encryption appears to be causing the blue screen, also select "eerfsfd.sys".
After clicking "Finish", reboot the system. When a memory dump is produced, it will typically be saved in %SystemRoot%\MEMORY.DMP.
To display the current Verifier settings, open Verifier and choose Display existing settings from the Select a task menu, then click Next.
Once Verifier has been configured, the next time that a BSoD occurs, a complete memory dump will be available and can be provided to Symantec Technical Support if they request it.
To reset Verifier to its defaults, open Verifier and choose Delete existing settings from the Select a task menu, then click Finish.
Subscribing will provide email updates when this Article is updated. Login is required.