Applies to LDMS 9.0 and 9.5
Issue
Windows 7 and Windows 2008 machines are blue screening upon boot.
Identifying Affected Machines
Machines can boot into Safe Mode.
While inside safe mode navigate to
64bit: HKLM\\software\\wow6432node\\LANDesk\\ManagementSuite\\Winclient\\SoftwareMonitoring\\FTD
32bit: HKLM\\software\\LANDesk\\ManagementSuite\\Winclient\\SoftwareMonitoring\\FTD
Look for CSRSS.exe
If it is there, the machine is affected.
You may also see CRITICAL_OBJECT_TERMINATION in the Bluescreen information.
Cause
CSRSS.exe is a Windows System file for some windows operating systems.
CSRSS.exe has recently been infected by viruses and DENY-CSRSS was made in response to this threat and offered in Application Blocking Content.
Denying this file on some OSs causes a blue screen.
Resolution
On Affected Clients:
Boot into Safe Mode.
Open Regedit.
Navigate to
64bit: HKLM\\software\\wow6432node\\LANDesk\\ManagementSuite\\Winclient\\SoftwareMonitoring\\FTD
32bit: HKLM\\software\\LANDesk\\ManagementSuite\\Winclient\\SoftwareMonitoring\\FTD
Find CSRSS.EXE and remove it.
Reboot normally.
On Core Server:
LANDESK has removed DENY-csrss from content. If you have DENY-csrss in Patch Manager, please update Application Blocking content and it will be automatically removed or you can manually delete DENY-csrss