Blue screen error in Windows 7 or Windows Vista after installing Symantec Endpoint Protection version 11 RU5 Application and Device Control
Symptoms Blue screen errors, particular during Windows startup, after installing or upgrading to SEP 11 RU5 including Application and Device Control (ADC)
For a short time during Windows 7 or Windows Vista startup, some system environment variables are not initialized. If an ADC rule includes such an environment variable the rule cannot expanded correctly. As a result, this rule will block certain startup processes and the BSOD occurs. This is fixed in SEP 11 RU6.
Upgrade to SEP 11 RU6.
Workarounds (if not upgrading to SEP 11 RU6)
wininit.exe is one of the critical startup processes that can be blocked--try adding it to the excluded list of the ADC rule NOTE that wininit.exe is a "caller process" and as such must be excluded at the topmost level of any ADC rule set. e.g. you want to allow wininit to launch other processes, not "allow wininit to launch wininit".
modify the ADC policy to "log only" and examine logs for additional processes that are matched during startup--try excluding those processes.
... or remove environment variables from ADC rules (or explicitly spell out paths including those variables)
Imported Document ID: TECH96600
Subscribing will provide email updates when this Article is updated. Login is required.