Applies to LDMS 9.0 and 9.5

Issue

Windows 7 and Windows 2008 machines are blue screening upon boot.

Identifying Affected Machines

Machines can boot into Safe Mode.

While inside safe mode navigate to

64bit: HKLM\\software\\wow6432node\\LANDesk\\ManagementSuite\\Winclient\\SoftwareMonitoring\\FTD

32bit: HKLM\\software\\LANDesk\\ManagementSuite\\Winclient\\SoftwareMonitoring\\FTD

Look for CSRSS.exe

If it is there, the machine is affected.

You may also see CRITICAL_OBJECT_TERMINATION in the Bluescreen information.

Cause

CSRSS.exe is a Windows System file for some windows operating systems. 

CSRSS.exe has recently been infected by viruses and DENY-CSRSS was made in response to this threat and offered in Application Blocking Content.

Denying this file on some OSs causes a blue screen.

Resolution

On Affected Clients:

Boot into Safe Mode.

Open Regedit.

Navigate to

64bit: HKLM\\software\\wow6432node\\LANDesk\\ManagementSuite\\Winclient\\SoftwareMonitoring\\FTD

32bit: HKLM\\software\\LANDesk\\ManagementSuite\\Winclient\\SoftwareMonitoring\\FTD

Find CSRSS.EXE and remove it.

Reboot normally.

On Core Server:

LANDESK has removed DENY-csrss from content.  If you have DENY-csrss in Patch Manager, please update Application Blocking content and it will be automatically removed or you can manually delete DENY-csrss