This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
KV
Explorer
‎2019-04-10 12:58 PM

Checkpoint endpoint VPN Windows 10 is not booting up after Monthly patches

Since the past 6 months we have been getting around 50-70 random computers every month not booting up after the pending reboot after installation of monthly patches from Microsoft. The computers get stuck at the HP logo (All of our computers are HP elitebook but different generations) with spinning wheel.

After creating a windows dump file and analysing it with help from Microsoft, they have identified the problem to be the Checkpoint zone alarm firewall driver vsdatant.sys interfering with letting Microsoft drivers loading. As I have noticed the vsdatant.sys driver is loading at high priority at kernel stage and therefore blocking everything else.

The problem started in October 2018, we used Windows 1803. Since then we have upgraded to 1809 and also upgraded the Checkpoint Endpoint VPN client to version E80.90 but the problem still exist.

We are not able to recreate the problem, it affects random computers every month, one month a computer can install the patches and boot up after restart without problem other month same computer is failing. Troubleshooting this has not been easy.

When booting in safe mode or disabling the vsdatant.sys file temporarly the computer boots up and finnishing up the patch installation. And then when we enable it we cant restart the computer without any isse.

Does anyone else has or had the same problem or maybe someone can put us on the right direction to troubleshoot this?

We created a ticket to Checkpoint and awaiting response. April patches just released and when deploying to a pilot group we already got one crashed computer so we are not confident enough to rollout the patches.

Some more details:

We are only using CheckPoint endpoint VPN on the computer and are using Windows defender as main firwall/antivirus. We had a working solution since Windows 7 where we never got any issue, after upgrading to Windows 10 we only upgraded the VPN client on the computers to a supported version for the specific Windows release, no change in config has been done on the server side. From my understanding that should not be necessary since the only policy that is downloaded to the client when using the VPN is just IP rules. However, my knowledge of the network part is limited... but since its working fine for so many computers and random computers are failing i dont think thats an issue. Worth mentioning is that we use UEFI, SecureBoot. Is Secureboot maybe causing this?

Any help is much apreciated!

9 Replies
Ave_Joe
Contributor
‎2019-04-10 01:47 PM

We had a similar issue. It was addressed with the build E80.88.4126.
I think the fix in E80.88.4126 is now included in E80.95.
I also think that it may be worth turning off FastBoot as in my experience it may cause similar issues.
KV
Explorer
‎2019-04-10 11:34 PM
In response to Ave_Joe

Found this article which verify your solution: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Since we are only using the VPN client, I belive the latest version is E80.92?

 

Will try to deploy and see how it goes.

Cyril
Explorer
‎2019-09-26 08:03 AM
In response to KV

Hello, We have exactly the same random symptoms. Did the E80.92 update solve all these monthly Windows 10 update problems well? Sincerely
0 Kudos
PhoneBoy
Admin
Admin
‎2019-04-10 01:47 PM

While I believe the first release that supported 1809 was E80.90, the most current release as of this writing is E80.95.
We release monthly updates to the Endpoint Security VPN client to add additional functionality and to resolve issues with the latest Microsoft patches.
Aside from working with the TAC on this, I highly recommend making sure you're using our latest release for maximum compatibility.
Maksym_Sofer
Employee Alumnus
Employee Alumnus
‎2019-04-21 05:13 AM
In response to PhoneBoy

I would like to add an update:

 

The latest available Endpoint client at the moment is E80.96.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

Standalone VPN clients can be found in section "Standalone Clients Downloads" of SK.

 

0 Kudos
Thomas_Bauer
Contributor
‎2019-10-17 01:50 AM
In response to Maksym_Sofer

Hello, we have so much problems after Patch since Win10 v1803 with our DELL Notebooks. 25-35% doesn't boot after Win patching.

In the most of the DELL notebooks we use E80.82 or E80.84 VPN Standalone Client. Patching (win) is succesfully, but the reboot can't finish. 

Actually we are going to update all our Notebooks to Version E80.92  Build:986100175 - via Matrix42 Empirum.  (Only 10% done til now)

The Matrix 42 Admin go's in touch with me today ....to check if the problem reason is to search by Checkpoint.  He investigate since a lot of month this issue.

  • Can anybody tell me if CP Endpoint Client is the reason about this ?
  • And is the problem fixed in E80.92 or do I need a newer version of the Endpoint StandAlone VPN Client ? Means -should I stop rollout ?

INFO:

I found vsdatant.sys in 3 different folders on my DELL Win10 pro  10.0.17134 Build 1734

  1. C:\Windows\System32\drivers
  2. C:\Windows\System32\DriverStore\FileRepository\vsdatant.inf_amd64_48af42919990972
  3. C:\Windows\SysWOW64\Zonelabs

 

0 Kudos
J_B
Collaborator
‎2019-10-17 03:36 AM
In response to Thomas_Bauer

It states here that the issue was fixed with the E80.92 Client

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

However, the latest VPN client is now E81.40, so why not roll this version out?

 

0 Kudos
Thomas_Bauer
Contributor
‎2019-10-17 03:59 AM
In response to J_B

Thanks for quick feedback "It states here that the issue was fixed with the E80.92 Client" .

We have more than 5000 Clients and work with a Change Mgmt (ITIL conform) - this takes a very long time period to organizice /test/ create a Empirum-paket/ get approval /rollout in all over the world in my company.

I build E80.92 and do the task's the last 12 weeks..now we start rollout (500 clients finsh ) that's ca. 10% !

It's not so easy to do it ....also in matter of CN plants.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2019-10-17 04:58 AM
In response to Thomas_Bauer

Windows monthly patches do not with a Change Mgmt (ITIL conform) ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events