Reboot loop with Endpoint Security 10.6.1 July 2019 Update
Last Modified: 2022-03-16 04:42:10 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Reboot loop with Endpoint Security 10.6.1 July 2019 Update
Technical Articles ID:
KB91642
Last Modified: 2022-03-16 04:42:10 Etc/GMT Environment
Endpoint Security (ENS) Threat Prevention 10.6.1 July 2019 Update
Problem
A reboot loop can occur after you install or upgrade to ENS 10.6.1 July 2019 Update. The issue occurs only if other Subject Interface Package (SIP) providers are present, and Exploit Prevention is enabled. For more information about SIP providers, see the "Related Information" section below. System Change
You installed or upgraded ENS to the 10.6.1 July 2019 Update.
Cause
During the ENS installation or upgrade, the Exploit Prevention component loaded within Solution
This issue is resolved in ENS 10.6.1 July 2019 Update Repost. Our product software, upgrades, maintenance releases, and documentation are available on the Product Downloads site.
NOTE: You need a valid Grant Number for access. See KB56057 - How to download product updates and documentation for more information about the Product Downloads site, and alternate locations for some products. To recover a system in a reboot loop: If you've already run into this problem, to recover: CAUTION: This article contains information about opening or modifying the registry.
Related Information
SIP providers: You can find additional information about SIP providers here: Microsoft article on SIP SIP discovery: The link to the first article includes information about how you can discover the presence of SIP providers in your environment. The article states to inspect the following registry keys and confirm whether the DLL pointers point to Microsoft DLLs. Pointers that point to a non-Microsoft DLL confirm that a third-party application is present. HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID HKLM\SOFTWARE\Microsoft\Cryptography\Providers\Trust HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust IMPORTANT: If you identify a third-party SIP provider, don't continue with the current ENS 10.6.1 July 2019 Update. Affected ProductsLanguages:This article is available in the following languages: |
|