Microsoft KB Archive/901159

= Some Internet Security Systems products stop running after you install the revised MS05-019 security update or after you install the Update Rollup 1 for Windows 2000 SP4 on a Windows 2000-based computer =

Article ID: 901159

Article Last Modified on 11/4/2005

-

APPLIES TO


 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Datacenter Server
 * Microsoft Windows 2000 Service Pack 3
 * Microsoft Windows 2000 Professional Edition
 * Microsoft Windows 2000 Service Pack 3
 * Microsoft Windows 2000 Service Pack 4
 * Microsoft Windows 2000 Service Pack 3

-





SYMPTOMS
After you install the revised version of security update MS05-019 that was released on June 14, 2005 or after you install the Update Rollup 1 for Windows 2000 Service Pack 4 (SP4) that was released on June 28, 2005 on a Microsoft Windows 2000-based computer, the following Internet Security Systems (ISS) products stop running and the increased protection provided by these products is disabled:
 * RealSecure Desktop 3.6 with XPU versions ENO, ENP, and ENQ
 * RealSecure Desktop 7.0 with XPU versions ENO, ENP, and ENQ
 * BlackICE Agent for Server 3.6 with XPU versions ENO, ENP, and ENQ
 * BlackICE PC Protection 3.6 with XPU versions CNO, CNP, and CNQ
 * BlackICE Server Protection 3.6 XPU versions CNO, CNP, and CNQ

The affected ISS products generally stop running within one to two minutes after you start the computer.

Note ISS X-Press Updates (XPUs) are signature and driver updates that are required for the most current security protection. The XPUs listed here are significantly older than the current XPU versions. As a precautionary measure, Windows Update will not offer the revised MS05-019 security update to computers that are running these programs until a more recent XPU has been installed. Also, if the following ISS programs are installed, users of the affected computer may not be notified to install the revised version of security update MS05-019. This behavior occurs because the following programs also may contain an affected version of the affected file. However, the following programs are not affected. Therefore, you can manually install the revised version of security update MS05-019 or the Update Rollup 1 for Windows 2000 SP4.
 * Server Sensor 7.0
 * Server Sensor 7.0 SR 4.1
 * Server Sensor 7.0 XPU versions 20.18 - 20.19, 21.1, 21.3, 22.3 - 22.4, 22.5 - 22.19, 22.20 - 22.37
 * RealSecure Guard 3.6
 * Internet Scanner 7.0
 * Internet Scanner 7.0 SP1

Note This issue does not affect the BlackICE Defender, BlackICE Defender for Server, or Proventia Desktop products.



CAUSE
This issue occurs because the affected ISS products cannot detect the changes that are made to the TCP/IP protocol by the revised MS05-019 security update or by the Update Rollup 1 for Windows 2000 SP4. The affected ISS products contain one of the following versions of the Blackdrv.sys file:
 * Versions later than 3.6.0.0 and earlier than 3.6.319.0
 * Versions later than 7.0.0.0 and earlier than 7.0.319.0



RESOLUTION
To resolve this issue, upgrade the affected ISS products with the current XPU versions. XPUs whose versions are ENR or later are not affected by this issue. For more information, visit the following ISS Web sites:
 * http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=3031
 * http://www.iss.net/support/documentation/all.php
 * http://www.iss.net/db_data/xpu/RSDP.php
 * http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=3032

The information and the solution in this document represents the current view of Microsoft Corporation on these issues as of the date of publication. This solution is available through Microsoft or through a third-party provider. Microsoft does not specifically recommend any third-party provider or third-party solution that this article might describe. There might also be other third-party providers or third-party solutions that this article does not describe. Because Microsoft must respond to changing market conditions, this information should not be interpreted to be a commitment by Microsoft. Microsoft cannot guarantee or endorse the accuracy of any information or of any solution that is presented by Microsoft or by any mentioned third-party provider.

Microsoft makes no warranties and excludes all representations, warranties, and conditions whether express, implied, or statutory. These include but are not limited to representations, warranties, or conditions of title, non-infringement, satisfactory condition, merchantability, and fitness for a particular purpose, with regard to any service, solution, product, or any other materials or information. In no event will Microsoft be liable for any third-party solution that this article mentions.



MORE INFORMATION
For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

900345 Fixes that are included in Update Rollup 1 for Microsoft Windows 2000 Service Pack 4 that is dated June 28, 2005

891861 Update Rollup 1 for Windows 2000 SP4 and known issues

Additional query words: Server XPU X-Press Update

Keywords: kbtshoot kbsecurity kb3rdparty KB901159

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.