So I saw a strange one today and got to exercise my noodle. An XP SP3 system where all windows drivers including mass (USBSTOR.SYS) suddenly appear unsigned. So, install a printer or pop in a thumb drive, and you get to click “Continue” a gazillion times. As if XP on a production Dell Optiplex 330 in 2012 isn’t lame enough. Long story short the issue was the cryptographic service and the edb.log file. Here’s how to fix it if it ever happens to you:
I found out about this problem after remotely pushing Symantec Endpoint Protection 12.1 managed client to an XP workstation via the network. After the system rebooted at the end of the installation, it appeared offline. Couldn’t be pinged and when I got onto the physical workstation it seemed like the entire network stack was out of whack.
Double clicking Symantec Endpoint protection revealed that the Firewall was was “malfunctioning”
So I tried uninstalling Symantec…got a failed error message and the product did not uninstall. Next I tried CleanWipe from Symantec (which is supposed to uninstall Symantec EP manually) – it also failed to uninstall Symantec EP.
Luckily, however I noticed the issue with unsigned drivers when plugging in my thumb drive with CleanWipe on it. After following the procedure below, I was able to uninstall and re-install Symantec EP using Add/Remove Programs.
To fix issues with Windows XP complaining that each driver is unsigned (MS KB822798):
[step 1] Navigate to %WINDIR%\System32\CatRoot2\ and locate the file edb.log
[step 2] Click start->run and type services.msc to open the system services dialog, then click OK.
[step 3] Stop the Cryptographic Services service.
[step 4] Rename edb.log to edb.old.
[step 5] Start the Cryptographic Services service.