BSOD with Vipre or Faronics AntiVirus Software

  • 7009322
  • 09-Sep-2011
  • 27-Apr-2012

Environment

Novell ZENworks 11 Configuration Management Support Pack 1 - ZCM 11 SP1
Novell ZENworks 11 Endpoint Security Management
Novell ZENworks 11 Configuration Management

Situation

BSOD (Blue Screen of Death) on reboot with ZCM agent and Vipre or Faronics AntiVirus software installed on device.

Resolution

Contact Sunbelt Software techincal support.  Depending on version the following was suggested as a fix for the AntiVirus sofware crash.  Since the crash is not in Novell software, this cannot be confirmed:
 
Please see the following Technet article regarding the IRPStackSize location for AFD.sys
 
The problem should go away once you increase the IRPStackSize.
 
Appendix C: Windows Sockets and DNS Registry Parameters
 
AFD Registry Parameters
Afd.sys is the kernel-mode driver that is used to support Windows Sockets applications.
[…]
The following values can be set under:
HKEY_LOCAL_MACHINE
\SYSTEM
\CurrentControlSet
\Services
\Afd
\parameters:
 
[…]
 
IrpStackSize
Value Type: REG_DWORD
Valid Range: 1–255
Default: 4
Description: The count of IRP stack locations used by default for AFD. Changing this value is not recommended.
 
Although the change is not recommended in the Microsoft documentation , try changing this value to 8 or 16. If the registry value doesn’t exist, create it.
 
Workaround:
Rename sbtis.sys and sbFw.sys in the C:\Windows\System32 directory to stop the blue screens from occurring. However, the AV management console will report all those managed devices which have been modified as inactive.