Now that Windows XP Service Pack 2 (SP2) is available at Windows Update for online update of both the XP Home Edition and XP Professional Edition platforms, you need to be prepared for the changes you’ll see as a result of the security controls XP SP2 installs and activates by default. A query of Microsoft's XP SP2 Knowledgebase articles posted during the past 2 weeks turned up a laundry list of installation and device-related bugs, information about the affects of the now disabled Alerter and Messenger services, problems related to the enabled firewall, third-party network backup, and other application problems.

Keep in mind that, by default, the Windows Firewall severely restricts inbound traffic to an SP2 system. This restriction might prevent remote management, disrupt peer-to-peer networking, block FTP or Microsoft IIS connectivity, prevent browsing on new integrated installations of XP with SP2 (File and Print Sharing isn't enabled by default), and cause a host of other connectivity problems. You can find instructions for working with Windows Firewall in the Microsoft article "How to configure the Windows Firewall feature in Windows XP Service Pack 2" (

XP SP2 Web Servers
By default, Windows Firewall blocks activity on most ports. To allow native and third-party software to run, you must identify and open the port or ports that each application requires. So, for example, an XP system that you configure as a Web server running IIS and either Microsoft FrontPage Server Extensions or Windows SharePoint Team Services will refuse connections because, by default, the firewall blocks traffic on TCP port 80. To enable access, you must add a rule on the firewall that opens TCP port 80 to incoming traffic. On a related note, if you use an FTP utility alone or in combination with an application such as AutoCAD, you’ll need to open TCP port 21. See the Microsoft article "Web server functionality may not work correctly after you install Windows XP Service Pack 2" ( for details.

NetWorker, VERITAS, and ARCServe Backups
Default Windows Firewall settings prevent network-based backups from successfully attaching to remote SP2 systems. Remote backups initiated by Legato NetWorker, Computer Associates BrightStor ARCServe Backup, and VERITAS BackupExec will be unable to connect to a remote system, possibly reporting “Network path not found” when it tries to locate the remote machine. You need to add your backup software to the list of permitted firewall applications. For more information about this problem, see the Microsoft articles "You cannot use Legato NetWorker to back up a remote computer that is running Windows XP Service Pack 2" (; "You cannot use Computer Associates BrightStor ARCServe Backup 9.0 Manager to back up a Windows XP Service Pack 2-based computer from a remote computer" (; and "You cannot use Veritas Backup Exec to back up a remote Windows XP Service Pack 2-based computer" (

Virus Scanner Problems
You can experience problems with virus-scanning software from several companies, including McAfee, SOURCENEXT, SonicWALL, and Command AntiVirus. These problems, which have a variety of manifestations, including the inability to start the software or system crashes, are more likely to occur with older versions of virus-scanning software. On the laundry list:

· When you attempt to install a version of McAfee Virusscan Professional earlier than version 7.0, the installation will fail on XP SP2 systems with the error message, “Webscanx.exe has encountered a problem and needs to close.” McAfee’s Internet Security Software 4.0 exhibits the same symptoms and must be updated to operate correctly.

· SOURCENEXT’s VirusSecurity2004 uses a non-standard technique to invoke the scanner driver k7sentry.sys. Because the method is no longer valid, SP2 prevents the driver from starting, which effectively disables VirusSecurity's realtime scanning. The official SOURCENEXT Web site ( is currently available only in Japanese.

· SonicWall Complete Anti-Virus software uses a custom service to implement the automatic update feature. Security improvements in SP2 require that all services, native and third party, be installed with run and activate permissions. Because the custom service doesn't use such permissions, SP2 doesn't let the service start, which in turn, causes SonicWALL's update feature to fail in both automatic and manual modes. If you rely on this software to protect your systems, wait to install the SP2 upgrade until SonicWALL modifies the virus scanner to conform to the more restrictive service rules. This problem also causes a new installation of SonicWall to fail on an XP system already upgraded to SP2. You can contact the vendor at

· Anthemium Command AntiVirus 4.62.4 scanning software causes an XP SP2 system to crash with a stop code of 0x0000007f and message text “Bug check Symbolic Name.” Contact the vendor,, for an updated version that is compatible with SP2.

Alcohol CD/DVD Software and Daemon Tools Setup might fail with the error message “Setup cannot copy the file Atapi.sys” when you upgrade a system running Daemon tools or Alcohol CD/DVD software. Both these applications lock the disk driver, which prevents Setup from making a backup copy during the upgrade. To work around this problem, cancel Setup, uninstall the software, and restart the upgrade.

Older versions of Netzero, including versions 4, 3, and 2.2, 3, will fail on SP2 systems with the error message “Netzero has encountered a problem and needs to close…” If you rely on this software for Internet access, upgrade the software before you install SP2. Contact Netzero,, for program updates.

UMAX Scanners If you upgrade an XP system that has a UMAX scanner driver installed, when Setup completes, the system might reboot continuously. To eliminate the problem, restart the machine in Safe Mode with Networking and uninstall the scanner driver. Next, while still in Safe Mode, you need to remove SP2 by running Add/Remove Programs from a command prompt. To do so, open a command prompt and enter


Find Windows XP SP2 in the program list, click remove, and reboot. Assuming you can live without the scanner, you can now safely upgrade to SP2.

OOBE Installations
SP2 might fail to install on some HP systems with the error message “XP Setup is incompatible with this version of windows” when using the Out-of-Box-Experience (OOBE) interface because this method installs the SP1 version of the Recovery Console. You can work around the problem by removing three registry keys before you start the SP2 upgrade. See the Microsoft article "You receive a 'Windows XP Setup is incompatible with this version of Windows' error message when you install Windows XP Service Pack 2 on a Hewlett-Packard computer" ( for details about the registry modifications you need to make.

An OOBE installation doesn't let you start applications until the setup process is complete. When you install SP2 using this method, the screen reader that starts when XP starts and the screen reader that runs when you use a keyboard shortcut don't function. See the Microsoft article "Your screen reader software may not function if you install Windows XP Service Pack 2 by using OOBE" ( for instructions on how to work around this problem.

BootSkin Stardock's BootSkin software changes the appearance of the XP startup screen by using a screen driver that runs during system startup. To avoid a blue screen, turn off BootSkin before you start the upgrade and leave it off until the upgrade is finished and the system restarts. If BootSkin is enabled when SP2 reboots after installation, the machine might crash with a stop code of 0x00000050 and the text PAGE_FAULT_IN_NONPAGED_AREA.

USB Driver Display Problem
A display problem in SP2 incorrectly displays the previous version of USB drivers on the system, even though the drivers have been replaced with newer versions. To correct the display problem, run the Device Manager, select, in turn, each USB device that is reporting an old version of the driver, and click the Update Driver button. After you complete the update for each USB device, Device Manager should display the correct version for each driver.