Endpoint Protection

Good morning, I have Symantec Endpoint protection 14.3.558 installed on a group of Windows Server 2016 servers with the Terminal Server role. The servers constantly present "Hard Hang" they are blocked and remain on a black screen, it is only overcome after a reboot. Microsoft support says that the problem is caused by a driver called BHDrvx64. What we must do is update that driver (BHDrvx64) and try to see if the problem is corrected, and if not, it will have to be removed completely.

I would like to know if it is possible to update this Driver to a more recent version. Or is it possible to disable it (How) and what are the implications of disabling the driver? Thanks for your attention.

# Child-SP Return Call Site Info
0 ffffe681f3cbbd20 fffff800f22eb46d nt!KiSwapContext+0x76
1 ffffe681f3cbbe60 fffff800f22eaf0f nt!KiSwapThread+0x17d
2 ffffe681f3cbbf10 fffff800f22ecce7 nt!KiCommitThreadWait+0x14f
3 ffffe681f3cbbfb0 fffff804ac7e732f nt!KeWaitForSingleObject+0x377
4 ffffe681f3cbc060 fffff804ac73a27a BHDrvx64+0xb732f
5 ffffe681f3cbc0d0 fffff804ac73bb58 BHDrvx64+0xa27a
6 ffffe681f3cbc140 fffff804ac73b3cf BHDrvx64+0xbb58
7 ffffe681f3cbc2a0 fffff804ac7f980c BHDrvx64+0xb3cf
8 ffffe681f3cbc330 fffff804ac7f96e9 BHDrvx64+0xc980c
9 ffffe681f3cbc360 fffff804ac7f9baf BHDrvx64+0xc96e9
a ffffe681f3cbc3c0 fffff804ac7f8c15 BHDrvx64+0xc9baf
b ffffe681f3cbc490 fffff804ab6fdded BHDrvx64+0xc8c15
c ffffe681f3cbc4f0 fffff804ab6fe05c SYMEVENT64x86+0xdded
d ffffe681f3cbc520 fffff804ab6fe1ca SYMEVENT64x86+0xe05c
e ffffe681f3cbc550 fffff804ab6f9089 SYMEVENT64x86+0xe1ca
f ffffe681f3cbc580 fffff800f26618c3 SYMEVENT64x86+0x9089

0: kd> lmvm BHDrvx64
Browse full module list
start end module name
fffff804`ac730000 fffff804`ac921000 BHDrvx64 (no symbols)
Loaded symbol image file: BHDrvx64.sys
Image path: \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Definitions\BASHDefs\20220324.011\BHDrvx64.sys
Image name: BHDrvx64.sys
Browse all global symbols functions data
Timestamp: Fri Aug 27 19:19:23 2021 (6129810B)
CheckSum: 001F311C
ImageSize: 001F1000
File version: 12.3.0.69
Product version: 12.3.0.69
File flags: 8 (Mask 3F) Private
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Broadcom
ProductName: BASH
InternalName: BashDriver
OriginalFilename: BHDrvx64.sys
ProductVersion: 12.3.0.69
FileVersion: 12.3.0.69
FileDescription: BASH Driver
LegalCopyright: Copyright (c) 2021 Broadcom. All Rights Reserved.

Thanyou.

Cesar Ramiro Beltrán Hernández 

Good morning, I have Symantec Endpoint protection 14.3.558 installed on a group of Windows Server 2016 servers with the Terminal Server role. The servers constantly present "Hard Hang" they are blocked and remain on a black screen, it is only overcome after a reboot. Microsoft support says that the problem is caused by a driver called BHDrvx64. What we must do is update that driver (BHDrvx64) and try to see if the problem is corrected, and if not, it will have to be removed completely.

I would like to know if it is possible to update this Driver to a more recent version. Or is it possible to disable it (How) and what are the implications of disabling the driver? Thanks for your attention.

# Child-SP Return Call Site Info
0 ffffe681f3cbbd20 fffff800f22eb46d nt!KiSwapContext+0x76
1 ffffe681f3cbbe60 fffff800f22eaf0f nt!KiSwapThread+0x17d
2 ffffe681f3cbbf10 fffff800f22ecce7 nt!KiCommitThreadWait+0x14f
3 ffffe681f3cbbfb0 fffff804ac7e732f nt!KeWaitForSingleObject+0x377
4 ffffe681f3cbc060 fffff804ac73a27a BHDrvx64+0xb732f
5 ffffe681f3cbc0d0 fffff804ac73bb58 BHDrvx64+0xa27a
6 ffffe681f3cbc140 fffff804ac73b3cf BHDrvx64+0xbb58
7 ffffe681f3cbc2a0 fffff804ac7f980c BHDrvx64+0xb3cf
8 ffffe681f3cbc330 fffff804ac7f96e9 BHDrvx64+0xc980c
9 ffffe681f3cbc360 fffff804ac7f9baf BHDrvx64+0xc96e9
a ffffe681f3cbc3c0 fffff804ac7f8c15 BHDrvx64+0xc9baf
b ffffe681f3cbc490 fffff804ab6fdded BHDrvx64+0xc8c15
c ffffe681f3cbc4f0 fffff804ab6fe05c SYMEVENT64x86+0xdded
d ffffe681f3cbc520 fffff804ab6fe1ca SYMEVENT64x86+0xe05c
e ffffe681f3cbc550 fffff804ab6f9089 SYMEVENT64x86+0xe1ca
f ffffe681f3cbc580 fffff800f26618c3 SYMEVENT64x86+0x9089

0: kd> lmvm BHDrvx64
Browse full module list
start end module name
fffff804`ac730000 fffff804`ac921000 BHDrvx64 (no symbols)
Loaded symbol image file: BHDrvx64.sys
Image path: \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Definitions\BASHDefs\20220324.011\BHDrvx64.sys
Image name: BHDrvx64.sys
Browse all global symbols functions data
Timestamp: Fri Aug 27 19:19:23 2021 (6129810B)
CheckSum: 001F311C
ImageSize: 001F1000
File version: 12.3.0.69
Product version: 12.3.0.69
File flags: 8 (Mask 3F) Private
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Broadcom
ProductName: BASH
InternalName: BashDriver
OriginalFilename: BHDrvx64.sys
ProductVersion: 12.3.0.69
FileVersion: 12.3.0.69
FileDescription: BASH Driver
LegalCopyright: Copyright (c) 2021 Broadcom. All Rights Reserved.

Thanyou.

Cesar Ramiro Beltrán Hernández 

Good morning, I have Symantec Endpoint protection 14.3.558 installed on a group of Windows Server 2016 servers with the Terminal Server role. The servers constantly present "Hard Hang" they are blocked and remain on a black screen, it is only overcome after a reboot. Microsoft support says that the problem is caused by a driver called BHDrvx64. What we must do is update that driver (BHDrvx64) and try to see if the problem is corrected, and if not, it will have to be removed completely.

I would like to know if it is possible to update this Driver to a more recent version. Or is it possible to disable it (How) and what are the implications of disabling the driver? Thanks for your attention.

# Child-SP Return Call Site Info
0 ffffe681f3cbbd20 fffff800f22eb46d nt!KiSwapContext+0x76
1 ffffe681f3cbbe60 fffff800f22eaf0f nt!KiSwapThread+0x17d
2 ffffe681f3cbbf10 fffff800f22ecce7 nt!KiCommitThreadWait+0x14f
3 ffffe681f3cbbfb0 fffff804ac7e732f nt!KeWaitForSingleObject+0x377
4 ffffe681f3cbc060 fffff804ac73a27a BHDrvx64+0xb732f
5 ffffe681f3cbc0d0 fffff804ac73bb58 BHDrvx64+0xa27a
6 ffffe681f3cbc140 fffff804ac73b3cf BHDrvx64+0xbb58
7 ffffe681f3cbc2a0 fffff804ac7f980c BHDrvx64+0xb3cf
8 ffffe681f3cbc330 fffff804ac7f96e9 BHDrvx64+0xc980c
9 ffffe681f3cbc360 fffff804ac7f9baf BHDrvx64+0xc96e9
a ffffe681f3cbc3c0 fffff804ac7f8c15 BHDrvx64+0xc9baf
b ffffe681f3cbc490 fffff804ab6fdded BHDrvx64+0xc8c15
c ffffe681f3cbc4f0 fffff804ab6fe05c SYMEVENT64x86+0xdded
d ffffe681f3cbc520 fffff804ab6fe1ca SYMEVENT64x86+0xe05c
e ffffe681f3cbc550 fffff804ab6f9089 SYMEVENT64x86+0xe1ca
f ffffe681f3cbc580 fffff800f26618c3 SYMEVENT64x86+0x9089

0: kd> lmvm BHDrvx64
Browse full module list
start end module name
fffff804`ac730000 fffff804`ac921000 BHDrvx64 (no symbols)
Loaded symbol image file: BHDrvx64.sys
Image path: \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Definitions\BASHDefs\20220324.011\BHDrvx64.sys
Image name: BHDrvx64.sys
Browse all global symbols functions data
Timestamp: Fri Aug 27 19:19:23 2021 (6129810B)
CheckSum: 001F311C
ImageSize: 001F1000
File version: 12.3.0.69
Product version: 12.3.0.69
File flags: 8 (Mask 3F) Private
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Broadcom
ProductName: BASH
InternalName: BashDriver
OriginalFilename: BHDrvx64.sys
ProductVersion: 12.3.0.69
FileVersion: 12.3.0.69
FileDescription: BASH Driver
LegalCopyright: Copyright (c) 2021 Broadcom. All Rights Reserved.

Thanyou.

Cesar Ramiro Beltrán Hernández 

Good morning, I have Symantec Endpoint protection 14.3.558 installed on a group of Windows Server 2016 servers with the Terminal Server role. The servers constantly present "Hard Hang" they are blocked and remain on a black screen, it is only overcome after a reboot. Microsoft support says that the problem is caused by a driver called BHDrvx64. What we must do is update that driver (BHDrvx64) and try to see if the problem is corrected, and if not, it will have to be removed completely.

I would like to know if it is possible to update this Driver to a more recent version. Or is it possible to disable it (How) and what are the implications of disabling the driver? Thanks for your attention.

# Child-SP Return Call Site Info
0 ffffe681f3cbbd20 fffff800f22eb46d nt!KiSwapContext+0x76
1 ffffe681f3cbbe60 fffff800f22eaf0f nt!KiSwapThread+0x17d
2 ffffe681f3cbbf10 fffff800f22ecce7 nt!KiCommitThreadWait+0x14f
3 ffffe681f3cbbfb0 fffff804ac7e732f nt!KeWaitForSingleObject+0x377
4 ffffe681f3cbc060 fffff804ac73a27a BHDrvx64+0xb732f
5 ffffe681f3cbc0d0 fffff804ac73bb58 BHDrvx64+0xa27a
6 ffffe681f3cbc140 fffff804ac73b3cf BHDrvx64+0xbb58
7 ffffe681f3cbc2a0 fffff804ac7f980c BHDrvx64+0xb3cf
8 ffffe681f3cbc330 fffff804ac7f96e9 BHDrvx64+0xc980c
9 ffffe681f3cbc360 fffff804ac7f9baf BHDrvx64+0xc96e9
a ffffe681f3cbc3c0 fffff804ac7f8c15 BHDrvx64+0xc9baf
b ffffe681f3cbc490 fffff804ab6fdded BHDrvx64+0xc8c15
c ffffe681f3cbc4f0 fffff804ab6fe05c SYMEVENT64x86+0xdded
d ffffe681f3cbc520 fffff804ab6fe1ca SYMEVENT64x86+0xe05c
e ffffe681f3cbc550 fffff804ab6f9089 SYMEVENT64x86+0xe1ca
f ffffe681f3cbc580 fffff800f26618c3 SYMEVENT64x86+0x9089

0: kd> lmvm BHDrvx64
Browse full module list
start end module name
fffff804`ac730000 fffff804`ac921000 BHDrvx64 (no symbols)
Loaded symbol image file: BHDrvx64.sys
Image path: \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.558.0000.105\Data\Definitions\BASHDefs\20220324.011\BHDrvx64.sys
Image name: BHDrvx64.sys
Browse all global symbols functions data
Timestamp: Fri Aug 27 19:19:23 2021 (6129810B)
CheckSum: 001F311C
ImageSize: 001F1000
File version: 12.3.0.69
Product version: 12.3.0.69
File flags: 8 (Mask 3F) Private
File OS: 40004 NT Win32
File type: 3.7 Driver
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Broadcom
ProductName: BASH
InternalName: BashDriver
OriginalFilename: BHDrvx64.sys
ProductVersion: 12.3.0.69
FileVersion: 12.3.0.69
FileDescription: BASH Driver
LegalCopyright: Copyright (c) 2021 Broadcom. All Rights Reserved.

Thanyou.

Cesar Ramiro Beltrán Hernández