Symantec blames Microsoft for XP SP3 registry corruption

Security vendor claims it was Microsoft's own code that created the thousands of bogus entries in Window's registry

Symantec last week said it was Microsoft's code that crippled some PCs after upgrades to Windows XP Service Pack 3 (SP3) emptied Device Manager, deleted network connections, and packed the registry with thousands of bogus entries.

"We finally got to the bottom of this last night," said Dave Cole, Symantec's senior director for product management of its consumer software. "All of these problems are related to the same thing, a Microsoft file that created all the garbage entries [in the registry]."

He also said that some of the same symptoms had been acknowledged by Microsoft when users updated to Windows XP SP2 several years ago; Cole referenced a pair of Microsoft support documents to back up his claim.

Two weeks ago, after Microsoft launched Windows XP SP3 on Windows Update, users started reporting that their network cards and previously crafted connections had mysteriously vanished from Windows after updating with the service pack. The Device Manager had been emptied, they said, and Windows' registry, a directory that stores settings and other critical information, had been packed with large numbers of bogus entries.

Most users who posted messages on Microsoft's XP SP3 support forum said that the errant registry keys -- which started with characters such as "$%&" and appeared corrupted at first glance -- were located in sections devoted to settings for Symantec products. Not surprisingly, they quickly pinned blame on the security company.

Earlier this week, Symantec denied that its software was at fault, and instead pointed a finger at Microsoft.

Cole said Symantec engineers had connected the current problem to a Microsoft file named "fixccs.exe." According to information on the Web, fixccs.exe stands for "Fix CCS MaxSubkeyName mismatch," and appears to be part of both XP SP3's and SP2's update packages.

Cole wasn't sure exactly what function fixccs.exe served. "But it caused similar problems with the Device Manager after SP2. It looks like it's reared its head again."

Two Microsoft support documents -- KB893249 and KB914450 -- both describe a problem remarkably similar to what users have reported recently. "After you install Windows XP Service Pack 2 (SP2) on a Windows XP-based computer, the Device Manager window is blank or some devices no longer appear," reads KB893249.

The fixccs.exe file attempts to make changes to the registry, said Cole, but in some cases also adds large numbers of unnecessary keys. When asked why so many users had reported seeing the errant entries in sections reserved for Symantec products, Cole called it "the luck of the draw. We have a fair number of keys in the registry, and we're on a lot of systems. This is not exclusive to Symantec."

Others have noted that too. A user identified as MRFREEZE61, who posted the first message on the Microsoft support forum thread two weeks ago, and later came up with a workaround, said as much today.

"The reported problems are not just limited to those using Symantec products," wrote MRFREEZE61 in a comment added to the original story. "Folks on the forum report this specific registry corruption with no Symantec products installed at all. Some find this corruption in device control set enumerators associated with UPNP (Universal Plug and Play) and other 'legacy devices,' others from users of Avast [Antivirus]."

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about AvastCCSMicrosoftNielsenNortonSymantec

Show Comments
[]