When Symantec Endpoint Protection (SEP) is installed with Early Launch Anti-Malware (ELAM) enabled, the computer encounters a blue screen upon reboot. This persists across multiple reboots.
Computers joined to a domain with GPO enforcement of DriverLoadPolicy set to "8"
Windows' ELAM policy has been configured for "Good Only" and a driver on the system is not meeting that criteria.
Adjust the policy from "8" (known Good drivers only) to "1" (Good and unknown drivers), or locate and correct the offending driver.
Once you have the BSOD, if you reboot and BSOD again, the next reboot should start the computer in recovery mode. From there, open a command prompt, start regedit, load the SYSTEM hive from C:, and edit HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\EarlyLaunch - DriverLoadPolicy. Change the value to 1, and exit, committing the change. On the next reboot the system should boot normally.
Note: Once the system boots normally, it will apply the GPO again and revert the DriverLoadPolicy. You will need to adjust the policy, temporarily disable ELAM, or resolve the driver issue to allow subsequent reboots to not result in a BSOD.
Subscribing will provide email updates when this Article is updated. Login is required.