Blue screen (BSOD) caused by the firewall infrastructure of Advanced EPDR/EDR products

+34 900 840 407

support@cytomic.ai

Blue screen (BSOD) caused by the firewall infrastructure of Advanced EPDR/EDR products

Related Products_

Advanced EPDR
Advanced EDR

Issue Status_

Tracking ID: WGUA 1881
Status: Resolved
Type of solution: Hotfix

Symptoms_

Blue screen (BSOD) with reference to the NNSDNS.sys driver caused by the firewall infrastructure of Advanced EPDR/EDR products. This issue may occur with any of these protections enabled on the affected endpoint: Advanced Protection, web protection, firewall protection, and web filtering protections.

Solution_

Apply the available hotfix on the affected endpoint.

Download and save the hotfix file to the endpoint:
hf-wgua1881-getdomainname.exe
Double-click the downloaded file.
The hotfix installation does not require restarting the computer.Note: To download an unattended or silent version of the hotfix, click here. The hotfix is applied after the next system restart.

Release Notes_

Next, find all the changes the hotfix includes.

Affected Versions

v8.00.21.X.
From v8.00.22.0010 to v8.00.22.0022.

To see your Cytomic product version, see this article.

File Details
The hotfix updates the following files:

File name	Location	File Version	Modified Date	Hotfix to be included in future versions?
NNSDNS.sys	C:\Windows\System32\Drivers\NNSDNS.sys (8.00.21.X Protections)	1.3.0.121	October 27th, 2023	Yes v8.00.22.0023
NNSDNS.sys	C:\Windows\System32\Drivers\NNSDNS.sys (8.00.22.X Protections)	7.0.0.134	October 26th, 2023	Yes v8.00.22.0023

Verify Hotfix Application

To confirm the correct application of the hotfix, check the file version (in File Details section) or else, verify the values of these Registry keys:

32 bits Architecture	64 bits Architecture
Registry Key	Value	Registry Key	Value
HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\Setup\Hotfix history\HF_NNSDNS_GetDomainName	Revision [REG_DWORD] 1	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Panda Software\Setup\Hotfix history\HF_NNSDNS_GetDomainName Revision	[REG_DWORD] 1
HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\Setup\Hotfix history\HF_NNSDNS_GetDomainName	Result [REG_DWORD] 0 = Success 1 = Not Applied 2 = Error	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Panda Software\Setup\Hotfix history\HF_NNSDNS_GetDomainName Result	[REG_DWORD] 0 = Success 1 = Not Applied 2 = Error

32 bits Architecture

64 bits Architecture

Registry Key

Value

Registry Key

Value

HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\Setup\Hotfix history\HF_NNSDNS_GetDomainName

Revision [REG_DWORD] 1

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Panda Software\Setup\Hotfix history\HF_NNSDNS_GetDomainName Revision

[REG_DWORD]

HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\Setup\Hotfix history\HF_NNSDNS_GetDomainName

Result [REG_DWORD]

0 = Success
1 = Not Applied
2 = Error

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Panda Software\Setup\Hotfix history\HF_NNSDNS_GetDomainName Result

[REG_DWORD]

0 = Success
1 = Not Applied
2 = Error