Some Internet Security Systems products stop running after you install the revised MS05-019 security update or after you install the Update Rollup 1 for Windows 2000 SP4 on a Windows 2000-based computer (901159)


The information in this article applies to:

  • Microsoft Windows 2000 Advanced Server SP4
  • Microsoft Windows 2000 Advanced Server SP3
  • Microsoft Windows 2000 Datacenter Server SP4
  • Microsoft Windows 2000 Datacenter Server SP3
  • Microsoft Windows 2000 Professional SP4
  • Microsoft Windows 2000 Professional SP3
  • Microsoft Windows 2000 Server SP4
  • Microsoft Windows 2000 Server SP3

SYMPTOMS

After you install the revised version of security update MS05-019 that was released on June 14, 2005 or after you install the Update Rollup 1 for Windows 2000 Service Pack 4 (SP4) that was released on June 28, 2005 on a Microsoft Windows 2000-based computer, the following Internet Security Systems (ISS) products stop running and the increased protection provided by these products is disabled:
  • RealSecure Desktop 3.6 with XPU versions ENO, ENP, and ENQ
  • RealSecure Desktop 7.0 with XPU versions ENO, ENP, and ENQ
  • BlackICE Agent for Server 3.6 with XPU versions ENO, ENP, and ENQ
  • BlackICE PC Protection 3.6 with XPU versions CNO, CNP, and CNQ
  • BlackICE Server Protection 3.6 XPU versions CNO, CNP, and CNQ
The affected ISS products generally stop running within one to two minutes after you start the computer.

Note ISS X-Press Updates (XPUs) are signature and driver updates that are required for the most current security protection. The XPUs listed here are significantly older than the current XPU versions. As a precautionary measure, Windows Update will not offer the revised MS05-019 security update to computers that are running these programs until a more recent XPU has been installed. Also, if the following ISS programs are installed, users of the affected computer may not be notified to install the revised version of security update MS05-019. This behavior occurs because the following programs also may contain an affected version of the affected file. However, the following programs are not affected. Therefore, you can manually install the revised version of security update MS05-019 or the Update Rollup 1 for Windows 2000 SP4.
  • Server Sensor 7.0
  • Server Sensor 7.0 SR 4.1
  • Server Sensor 7.0 XPU versions 20.18 - 20.19, 21.1, 21.3, 22.3 - 22.4, 22.5 - 22.19, 22.20 - 22.37
  • RealSecure Guard 3.6
  • Internet Scanner 7.0
  • Internet Scanner 7.0 SP1
Note This issue does not affect the BlackICE Defender, BlackICE Defender for Server, or Proventia Desktop products.

CAUSE

This issue occurs because the affected ISS products cannot detect the changes that are made to the TCP/IP protocol by the revised MS05-019 security update or by the Update Rollup 1 for Windows 2000 SP4. The affected ISS products contain one of the following versions of the Blackdrv.sys file:
  • Versions later than 3.6.0.0 and earlier than 3.6.319.0
  • Versions later than 7.0.0.0 and earlier than 7.0.319.0

RESOLUTION

To resolve this issue, upgrade the affected ISS products with the current XPU versions. XPUs whose versions are ENR or later are not affected by this issue. For more information, visit the following ISS Web sites:The information and the solution in this document represents the current view of Microsoft Corporation on these issues as of the date of publication. This solution is available through Microsoft or through a third-party provider. Microsoft does not specifically recommend any third-party provider or third-party solution that this article might describe. There might also be other third-party providers or third-party solutions that this article does not describe. Because Microsoft must respond to changing market conditions, this information should not be interpreted to be a commitment by Microsoft. Microsoft cannot guarantee or endorse the accuracy of any information or of any solution that is presented by Microsoft or by any mentioned third-party provider.

Microsoft makes no warranties and excludes all representations, warranties, and conditions whether express, implied, or statutory. These include but are not limited to representations, warranties, or conditions of title, non-infringement, satisfactory condition, merchantability, and fitness for a particular purpose, with regard to any service, solution, product, or any other materials or information. In no event will Microsoft be liable for any third-party solution that this article mentions.

MORE INFORMATION

For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

900345 Fixes that are included in Update Rollup 1 for Microsoft Windows 2000 Service Pack 4 that is dated June 28, 2005

891861 Update Rollup 1 for Windows 2000 SP4 and known issues

Modification Type:MinorLast Reviewed:11/4/2005
Keywords:kbtshoot kb3rdparty kbSecurity KB901159 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.