Operational Defect Database
BugZero found this defect 132 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA16S000000bzCDSAY
Firewall infrastructure in WatchGuard Endpoint Security can cause BSOD
Last update date:
1/8/2024
Affected products:
WatchGuard Endpoint Security
Affected releases:
All
WatchGuard Endpoint Security
Fixed releases:
All
Description:
Issue
This issue applies to WatchGuard EPP, EDR, EDR Core, EPDR, and Advanced EPDR. It was resolved in Hotfix WGUA 1881. A blue screen (BSOD) with reference to the NNSDNS.sys driver caused by the firewall infrastructure of WatchGuard Endpoint Security products could occur when any of these features is enabled on the affected endpoint: Advanced ProtectionWeb protectionFirewall protectionWeb filtering Affected protection versions: v8.00.21.Xv8.00.22.0010 to v8.00.22.0022 For information on how to determine your protection version, go to Determine the Software Version in Help Center.
Workaround/Solution
A hotfix is available to resolve this issue.To apply the hotfix on the affected endpoint: Download and save this hotfix file to the endpoint: hf-wgua1881-getdomainname.exeDouble-click the downloaded file. The hotfix does not require a restart of the endpoint. Note: To install the unattended or silent version of the hotfix, click here. The hotfix is applied after the next system restart. Hotfix WGUA 1881 updates these files: File NameLocationFile VersionModified DateHotfix to be included in future versions?NNSDNS.sysC:\Windows\System32\Drivers\NNSDNS.sys (8.00.21.X Protections)1.3.0.12127 October 2023Yes v8.00.22.0023NNSDNS.sysC:\Windows\System32\Drivers\NNSDNS.sys (8.00.22.X Protections)7.0.0.13426 October 2023Yes v8.00.22.0023 To verify that the hotfix was successful, check the file version in the File Details section, or verify these values in the Windows Registry: 32-Bit Architecture64-Bit ArchitectureRegistry KeyValueRegistry KeyValueHKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\Setup\Hotfix history\HF_NNSDNS_GetDomainNameRevision [REG_DWORD] 1HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Panda Software\Setup\Hotfix history\HF_NNSDNS_GetDomainName Revision [REG_DWORD] 1 HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\Setup\Hotfix history\HF_NNSDNS_GetDomainName Result [REG_DWORD] 0 = Success1 = Not Applied2 = Error HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Panda Software\Setup\Hotfix history\HF_NNSDNS_GetDomainName Result [REG_DWORD] 0 = Success1 = Not Applied2 = Error
