Search the VMware Knowledge Base (KB)
View by Article ID

Windows 2008 R2 fails with a blue diagnostic screen when the installed antivirus software includes the vShield Endpoint filter driver (2082588)

  • 5 Ratings

Symptoms

  • Windows 2008 R2 fails with a blue diagnostic screen when the installed antivirus software includes the vShield Endpoint filter driver, but VMware Tools is installed without the vShield Endpoint component selected during installation.
  • You see the Stop code 0x0000007F is associated with the blue diagnostic screen.
  • You see the blue diagnostic screen after booting the operating system and when you log in with any account.
  • This issue is not seen when booting to Safe Mode.
  • Virtual machine reboots unexpectedly.

Cause

Some antivirus software includes the option to install additional drivers for virtual environments. If the vShield Endpoint filter (vsepflt.sys) driver is installed by the antivirus software, but not selected when installing VMware Tools, Windows 2008 R2 show blue diagnostic screen when the antivirus attempts to load the driver and VMware Tools is not prepared to handle it.

Resolution

If you are using vShield Endpoint Protection in your virtual environment, you must reinstall VMware Tools with the custom setup option. Also, ensure to install the vShield drivers

If you are not using vShield Endpoint Protection in your virtual environment but your antivirus installed the vsepflt.sys driver, you must either reinstall your antivirus software choosing not to include the virtual environment drivers or prevent the driver from loading.

To verify that the vsepflt.sys driver is installed and loaded:

  1. Click Start > Run, type cmd, and click OK. The Command Prompt window opens.
  2. Run this command to view the currently loaded filters:

    C:\> fltmc

    You see output similar to:

    Filter Name Num Instances Altitude Frame
    ---------------------- ------------- ------------ -----
    vsepflt 5 328200 0
    luafv 1 135000 0


  3. Run this command to unload the vsepflt driver:

    C:\> fltmc unload vsepflt

To prevent the vsepflt.sys driver from loading during the next boot:

Note: This procedure modifies the Windows registry. Before making any registry modifications, ensure that you have a current and valid backup of the registry and the virtual machine. For more information on backing up and restoring the registry, see the Microsoft Microsoft Knowledge Base article 268986.

Note: The preceding link was correct as of July 7, 2014. If you find the link is broken, provide feedback and a VMware employee will update the link.

  1. Click Start > Run, type regedit, and click OK. The Registry Editor window opens.
  2. Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\vsepflt key.
  3. Locate the DWORD named Start.
  4. Right-click DWORD and click Modify.
  5. Change the value to 4 and click OK.
  6. Close the Registry Editor.
  7. To ensure that the fix is applied, reboot the virtual machine and confirm the blue diagnostic screen does not occur.

Note: If this issue occurs on a View desktop running on ESXi 5.x, perform this work around on the master image.

Tags

ntfs.sys reboot rebooting

See Also

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 5 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 5 Ratings
Actions
KB: