Symantec pins blame for XP SP3 registry corruption on Microsoft

The finger-pointing is getting ugly. Gregg Keizer reports:

Symantec Corp. Thursday said it was Microsoft’s code that crippledsome PCs after upgrades to Windows XP Service Pack 3 (SP3) emptiedDevice Manager, deleted network connections, and packed the registrywith thousands of bogus entries.

“We finally got to the bottom of this last night,” said Dave Cole,Symantec’s senior director for product management of its consumersoftware. “All of these problems are related to the same thing, aMicrosoft file that created all the garbage entries [in the registry].”

He also said that some of the same symptoms had been acknowledged byMicrosoft when users updated to Windows XP SP2 several years ago; Colereferenced a pair of Microsoft support documents to back up his claim.

Two weeks ago, after Microsoft launched Windows XP SP3 on WindowsUpdate, users started reporting that their network cards and previouslycrafted connections had mysteriously vanished from Windows afterupdating with the service pack. The Device Manager had been emptied,they said, and Windows’ registry, a directory that stores settings andother critical information, had been packed with large numbers of bogusentries.

Most users who posted messages on Microsoft’s XP SP3 support forumsaid that the errant registry keys — which started with characters suchas “$%&” and appeared corrupted at first glance — were located insections devoted to settings for Symantec products. Not surprisingly,they quickly pinned blame on the security company.

Earlier this week, Symantec denied that its software was at fault, and instead pointed a finger at Microsoft.

Thursday, Cole said Symantec engineers had connected the currentproblem to a Microsoft file named “fixccs.exe.” According toinformation on the Web, fixccs.exe stands for “Fix CCS MaxSubkeyNamemismatch,” and appears to be part of both XP SP3’s and SP2’s updatepackages.

Cole wasn’t sure exactly what function fixccs.exe served. “But itcaused similar problems with the Device Manager after SP2. It lookslike it’s reared its head again.”

Two Microsoft support documents — KB893249 and KB914450 — bothdescribe a problem remarkably similar to what users have reportedrecently. “After you install Windows XP Service Pack 2 (SP2) on aWindows XP-based computer, the Device Manager window is blank or somedevices no longer appear,” reads KB893249.

The fixccs.exe file attempts to make changes to the registry, saidCole, but in some cases also adds large numbers of unnecessary keys.When asked why so many users had reported seeing the errant entries insections reserved for Symantec products, Cole called it “the luck ofthe draw. We have a fair number of keys in the registry, and we’re on alot of systems. This is not exclusive to Symantec.”

Others have noted that too. A user identified as MRFREEZE61, whoposted the first message on the Microsoft support forum thread twoweeks ago, and later came up with a workaround, said as much today.

“The reported problems are not just limited to those using Symantecproducts,” wrote MRFREEZE61 in a comment added to the originalComputerworld story. “Folks on the forum report this specific registrycorruption with no Symantec products installed at all. Some find thiscorruption in device control set enumerators associated with UPNP(Universal Plug and Play) and other ‘legacy devices,’ others from usersof Avast [Antivirus].”

Fixccs.exe has also been linked to problems some users hadinstalling early builds of XP SP3 late last year. In a support forumthread that started Dec. 22, 2007, Shashank Bansal, a Microsoftengineer helping users troubleshoot XP SP3 installation bugs, said:“This is a serious problem for us and we would like to investigate itto further depths. We would need help from all users on this forum forthe same.” Bansal then asked users who had had trouble updating from XPSP2 to SP3 to identify the process that had hung or had hogged CPUcycles. “Look out for cscipt.exe or fixccs.exe,” he asked.

On Thursday, Cole said Symantec was working on a standalone toolthat would delete the extraneous registry entries. “We hope to have itready pretty quickly,” he said. “We’re working with Microsoft in thenormal channels.”

That word must not have trickled down to Microsoft’s technicalsupport representatives. Users who have posted to Symantec’s supportforum and others who have e-mailed Computerworld claim that they havebeen told by Microsoft support that the fault is all or partiallySymantec’s.

A user going by “ZLevee” copied messages received from Microsoftsupport to a Thursday post on the Symantec support site. “Based on thecurrent research, the issue can probably be caused by the conflictsbetween SP3 and Norton. Please let me know if you have any Nortonproduct installed.,” ZLevee said the Microsoft support representativehad claimed.

A Computerworld reader e-mailed an account of his experience lastweek with Microsoft’s support. “I had an online chat with a techsupport person named ‘Obaid’ on 5/18,” said Thom Nielsen in the e-mail.“He told me that Symantec products do NOT work with XP SP3. He told meSymantec is aware of the problem(s) & is working on it.”

“This is the first I’ve heard of this,” said Cole when asked to comment. “I hope we can clear up any confusion.”

When asked earlier Thursday whether it had uncovered any moreinformation about the disappearing Device Manager and the corruptedregistry entries, Microsoft said it nothing new to add beyond therecommendation it made Tuesday: that users contact the company’stechnical support desk if they have had problems upgrading to XP SP3.

Microsoft was not available for comment Thursday night.

Related Download
CanadianCIO Census 2016 Mapping Out the Innovation Agenda Sponsor: Cogeco Peer 1
CanadianCIO Census 2016 Mapping Out the Innovation Agenda
The CanadianCIO 2016 census will help you answer those questions and more. Based on detailed survey results from more than 100 senior technology leaders, the new report offers insights on issues ranging from stature and spend to challenges and the opportunities ahead.
Register Now