Since the past 6 months we have been getting around 50-70 random computers every month not booting up after the pending reboot after installation of monthly patches from Microsoft. The computers get stuck at the HP logo (All of our computers are HP elitebook but different generations) with spinning wheel.
After creating a windows dump file and analysing it with help from Microsoft, they have identified the problem to be the Checkpoint zone alarm firewall driver vsdatant.sys interfering with letting Microsoft drivers loading. As I have noticed the vsdatant.sys driver is loading at high priority at kernel stage and therefore blocking everything else.
The problem started in October 2018, we used Windows 1803. Since then we have upgraded to 1809 and also upgraded the Checkpoint Endpoint VPN client to version E80.90 but the problem still exist.
We are not able to recreate the problem, it affects random computers every month, one month a computer can install the patches and boot up after restart without problem other month same computer is failing. Troubleshooting this has not been easy.
When booting in safe mode or disabling the vsdatant.sys file temporarly the computer boots up and finnishing up the patch installation. And then when we enable it we cant restart the computer without any isse.
Does anyone else has or had the same problem or maybe someone can put us on the right direction to troubleshoot this?
We created a ticket to Checkpoint and awaiting response. April patches just released and when deploying to a pilot group we already got one crashed computer so we are not confident enough to rollout the patches.
Some more details:
We are only using CheckPoint endpoint VPN on the computer and are using Windows defender as main firwall/antivirus. We had a working solution since Windows 7 where we never got any issue, after upgrading to Windows 10 we only upgraded the VPN client on the computers to a supported version for the specific Windows release, no change in config has been done on the server side. From my understanding that should not be necessary since the only policy that is downloaded to the client when using the VPN is just IP rules. However, my knowledge of the network part is limited... but since its working fine for so many computers and random computers are failing i dont think thats an issue. Worth mentioning is that we use UEFI, SecureBoot. Is Secureboot maybe causing this?
Any help is much apreciated!