+34 900 840 407
support@cytomic.ai
BSOD on VPN servers caused by endpoint protection network interception drivers
Related Products_
- Advanced EPDR
- Advanced EDR
Issue Status_
Open
Symptoms_
The incorrect handling of FQDN requests that exceed 253 characters by endpoint protection interception drivers such as NNSSTRM.sys and NNSDNS.SYS can cause BSOD on VPN servers.
Affected protection versions:
- v8.00.24.0000
- v8.00.24.0001
- v8.00.25.0001
- v8.00.25.0002
To see your product version, see this article.
Solution_
A hotfix is available to resolve this issue.
To apply the hotfix on the affected endpoint:
- Download and save this hotfix file to the endpoint: hf-wgua6379-nnsdns-fqdnmax.exe
- Double-click the downloaded file. The hotfix does not require a restart of the endpoint.
Note: To install the unattended or silent version of the hotfix, click here. The hotfix is applied after the next system restart.
The hotfix updates these files:
File Details
The hotfix updates the following files:
| File name | Location | File Version | Modified Date | Hotfix to be included in future versions? |
|---|---|---|---|---|
| NNSDNS.sys (v8.00.24.X) |
C:\Windows\System32\Drivers\NNSDNS.sys | 7.0.0.150 | October 23th, 2025 |
Yes |
| NNSDNS.sys (v8.00.25.X) |
C:\Windows\System32\Drivers\NNSDNS.sys | 7.0.0.155 | October 23th, 2025 |
Yes |
To verify that the hotfix was successful, check the file version in the File Details section, or verify these values in the Windows Registry:
| 32 bits Architecture | 64 bits Architecture | ||
|---|---|---|---|
| Registry Key | Value | Registry Key | Value |
| HKEY_LOCAL_MACHINE\SOFTWARE\ Panda Software\Setup\Hotfix history\HF_NNSDNS_FQDNMax |
Revision [REG_DWORD] 1 |
HKEY_LOCAL_MACHINE\SOFTWARE\ WOW6432Node\Panda Software\Setup\Hotfix history\HF_NNSDNS_FQDNMax |
Revision [REG_DWORD] 1 |
| HKEY_LOCAL_MACHINE\SOFTWARE\ Panda Software\Setup\Hotfix history\HF_NNSDNS_FQDNMax |
Result [REG_DWORD] 0 = Success 1 = Not Applied 2 = Error |
HKEY_LOCAL_MACHINE\SOFTWARE\ WOW6432Node\Panda Software\Setup\Hotfix history\HF_NNSDNS_FQDNMax |
Result [REG_DWORD] 0 = Success 1 = Not Applied 2 = Error |
