• Windows 2008 R2 fails with a blue diagnostic screen when the installed antivirus software includes the vShield Endpoint filter driver, but VMware Tools is installed without the vShield Endpoint component selected during installation.
• You see the Stop code 0x0000007F is associated with the blue diagnostic screen.
• You see the blue diagnostic screen after booting the operating system and when you log in with any account.
• This issue is not seen when booting to Safe Mode.
• Virtual machine reboots unexpectedly.

If you are using vShield Endpoint Protection in your virtual environment, you must reinstall VMware Tools with the custom setup option. Also, ensure to install the vShield drivers

If you are not using vShield Endpoint Protection in your virtual environment but your antivirus installed the vsepflt.sys driver, you must either reinstall your antivirus software choosing not to include the virtual environment drivers or prevent the driver from loading.

To verify that the vsepflt.sys driver is installed and loaded:

1. Click Start > Run, type cmd, and click OK. The Command Prompt window opens.
2. Run this command to view the currently loaded filters:
   
   C:\> fltmc
   
   You see output similar to:
   
   Filter Name Num Instances Altitude Frame
   ---------------------- ------------- ------------ -----
   vsepflt 5 328200 0
   luafv 1 135000 0
    
3. Run this command to unload the vsepflt driver:
   
   C:\> fltmc unload vsepflt

To prevent the vsepflt.sys driver from loading during the next boot:

Note: This procedure modifies the Windows registry. Before making any registry modifications, ensure that you have a current and valid backup of the registry and the virtual machine. For more information on backing up and restoring the registry, see the Microsoft Microsoft Knowledge Base article 268986.

Note: The preceding link was correct as of July 7, 2014. If you find the link is broken, provide feedback and a VMware employee will update the link.

1. Click Start > Run, type regedit, and click OK. The Registry Editor window opens.
2. Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\vsepflt key.
3. Locate the DWORD named Start.
4. Right-click DWORD and click Modify.
5. Change the value to 4 and click OK.
6. Close the Registry Editor.
7. To ensure that the fix is applied, reboot the virtual machine and confirm the blue diagnostic screen does not occur.

Note: If this issue occurs on a View desktop running on ESXi 5.x, perform this work around on the primary image.