Over the weekend, Symantec revealed that a recent antivirus update wreaked havoc on certain Windows XP machines, causing them to crash with the dreaded “blue screen of death.” According to the company, the update in question slipped through the “compatibility testing part of the quality assurance process for SONAR signatures” and remained available via LiveUpdate between 6:25 p.m. PT July 11 and 2:51 a.m. PT July 12.
Symantec has identified the cause of this whole problem. Apparently, these blue screens (error code 0x000000CB) were the result of an unintended threesome involving certain third-party software, the SONAR signature update (20120711.011), and the Windows XP Cache manager.
“On July 11, 2012 at approximately 10:30 PM PT, Security Response started receiving reports of customers experiencing blue screens after applying definitions July 11th revision 18 and SONAR (SONAR is the behavior-based technology that is part of Symantec Endpoint Protection’s Proactive Threat Protection.) definitions July 11th rev11,” the company said in a Knowledge Base article on the issue. “We are currently restructuring our testing process to improve compatibility testing and will not be releasing new SONAR signatures until this new process is in place.”
The flawed update has already been replaced with updated signatures and a workaround is now available for affected machines.