Blue screen error on Windows 7 with Endpoint Security or VirusScan Enterprise and Forcepoint (formerly Websense) installed

Technical Articles ID: KB87353
Last Modified: 2023-02-27 21:56:39 Etc/GMT

Environment

Endpoint Security (ENS) 10.x
VirusScan Enterprise (VSE) 8.8

Microsoft Windows 7
NOTE: This issue doesn’t occur with Microsoft Windows 10.

Forcepoint Data Loss Prevention (DLP) 7.8 (Forcepoint was previously known as Websense or Raytheon|Websense).

Problem

After installing ENS or VSE on a Windows 7 system with Forcepoint installed, a blue screen error occurs on the system. The crashing thread stack resembles the following:

fffff880`09ced458 fffff800`0307b929 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`09ced460 fffff800`0307a5a0 : fffffa80`0beb9010 00000000`000007ff 00000000`0000003e fffffa80`0bd876f0 : nt!KiBugCheckDispatch+0x69
fffff880`09ced5a0 fffff800`03091295 : fffffa80`0c69d800 00000000`00000000 fffff880`09ceda10 fffff880`09ceda18 : nt!KiPageFault+0x260 (TrapFrame @ fffff880`09ced5a0)
fffff880`09ced730 fffff800`0306f473 : 00000000`00000001 00000000`00000000 00000000`00000000 fffff8a0`00000000 : nt!IopCompleteRequest+0xae5
fffff880`09ced800 fffff800`0302cf79 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x1e3
fffff880`09ced880 fffff800`033ce2fa : fffffa80`0c69d800 fffffa80`0a027b10 fffff880`09ceda10 fffff880`09ceda08 : nt!KiCheckForKernelApcDelivery+0x25
fffff880`09ced8b0 fffff800`0339a9ee : ffffdb75`00000004 fffffa80`0a027b10 fffff880`09ceda10 00000000`00000000 : nt! ?? ::NNGAKEGL::`string'+0x289fa
fffff880`09ced9a0 fffff800`0307b613 : 00000000`0000014c fffffa80`0beae060 00000000`00d7edf8 00000000`00d7f001 : nt!NtMapViewOfSection+0x2bd
fffff880`09ceda70 00000000`7739bdba : 00000000`7738678c 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`09cedae0)
00000000`00d7edd8 00000000`7738678c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtMapViewOfSection+0xa
00000000`00d7ede0 00000000`773863e1 : 00000000`00000148 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!LdrpMapViewOfSection+0x136
00000000`00d7ee90 00000000`77375da3 : 00000000`00000000 00000000`00d7f2d0 00000000`c0150008 00000000`00000000 : ntdll!LdrpFindOrMapDll+0x231
00000000`00d7efe0 00000000`77375fcf : 00000000`00000000 00000000`00000001 00000000`00d7f2e8 000007fe`fd2c2871 : ntdll!LdrpLoadDll+0x2f3
00000000`00d7f1e0 000007fe`fd2c0176 : 00000000`00000000 00000000`00000000 00000000`00221c80 00000000`00000000 : ntdll!LdrLoadDll+0xed
00000000`00d7f250 000007fe`fd2ac7a1 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000001 : KERNELBASE!LoadLibraryExW+0x2a3
00000000`00d7f2d0 000007fe`fc8d4695 : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`0000005b : KERNELBASE!LoadLibraryExA+0x51
00000000`00d7f320 000007fe`fc8d3c66 : 00000000`00000000 000007fe`ff1804cf 00000000`00000000 00000000`00000001 : CRYPTSP!CryptAcquireContextA+0x9ed
00000000`00d7f490 000007fe`ff1801cd : 00000000`00000000 00000000`ffa777c0 00000000`00000000 00000000`00000001 : CRYPTSP!CryptAcquireContextW+0xce
00000000`00d7f510 00000000`ff7e6e4d : 00000000`00000001 00000000`ff83c0a9 00000000`00000002 00000000`ffa79f68 : ADVAPI32!CryptAcquireContextWStub+0x11
00000000`00d7f550 00000000`00000001 : 00000000`ff83c0a9 00000000`00000002 00000000`ffa79f68 00000000`f0000000 : sppsvc+0xb6e4d
00000000`00d7f558 00000000`ff83c0a9 : 00000000`00000002 00000000`ffa79f68 00000000`f0000000 00000000`0000074a : 0x1
00000000`00d7f560 00000000`00000002 : 00000000`ffa79f68 00000000`f0000000 00000000`0000074a 00000000`ffa79db0 : sppsvc+0x10c0a9
00000000`00d7f568 00000000`ffa79f68 : 00000000`f0000000 00000000`0000074a 00000000`ffa79db0 00000000`ff7c39a0 : 0x2
00000000`00d7f570 00000000`f0000000 : 00000000`0000074a 00000000`ffa79db0 00000000`ff7c39a0 00000000`ffa79f68 : sppsvc+0x349f68
00000000`00d7f578 00000000`0000074a : 00000000`ffa79db0 00000000`ff7c39a0 00000000`ffa79f68 00000000`46215f1c : 0xf0000000
00000000`00d7f580 00000000`ffa79db0 : 00000000`ff7c39a0 00000000`ffa79f68 00000000`46215f1c 00000000`ffa777c0 : 0x74a
00000000`00d7f588 00000000`ff7c39a0 : 00000000`ffa79f68 00000000`46215f1c 00000000`ffa777c0 00000000`00000001 : sppsvc+0x349db0
00000000`00d7f590 00000000`ffa79f68 : 00000000`46215f1c 00000000`ffa777c0 00000000`00000001 00000000`00000000 : sppsvc+0x939a0
00000000`00d7f598 00000000`46215f1c : 00000000`ffa777c0 00000000`00000001 00000000`00000000 00000000`00000000 : sppsvc+0x349f68
00000000`00d7f5a0 00000000`ffa777c0 : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : 0x46215f1c
00000000`00d7f5a8 00000000`00000001 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : sppsvc+0x3477c0
00000000`00d7f5b0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x1

Cause

The crash thread has an I/O request packet (IRP) to inspect. Inspection reveals that a driver named QIP.sys last handled the IRP. QIP.sys belongs to Forcepoint.

Solution

The QIP.sys driver that Forcepoint software uses on Windows 7 systems causes the issue. Any solution must come from Forcepoint. If you experience this issue, we recommend that you contact Forcepoint Technical Support for assistance. This issue hasn’t been reported to occur with newer versions of Forcepoint DLP 8.2.

Knowledge Center

Blue screen error on Windows 7 with Endpoint Security or VirusScan Enterprise and Forcepoint (formerly Websense) installed

Environment

Problem

Cause

Solution

Workaround

Affected Products

Languages:

Title

Title

Knowledge Center

Blue screen error on Windows 7 with Endpoint Security or VirusScan Enterprise and Forcepoint (formerly Websense) installed

Environment

Problem

Cause

Solution

Workaround

Affected Products

Languages:

Choose your region

Title

Title