Jump to content

MMx

ESET Staff
  • Content Count

    34
  • Joined

  • Last visited

  • Days Won

    2

MMx last won the day on February 6 2018

MMx had the most liked content!

Profile Information

  • Gender
    Not Telling
  • Location
    Slovakia

Recent Profile Visitors

543 profile views
  1. Thanks everyone for providing the dumps, using them we now have a theory about what is hapenning and a potential fix. It would be helpful if you could test it. To do that first disable all workarounds (like app verifier, enable startup scan) then download the appropriate zip file attached to this post. If you have a directory called "c:\Program Files\ESET\[product name]\Modules\em005_64" then cleaner_test_dll_64bit is for you. Unpack the file into "c:\Program Files\ESET\[product name]\Modules" (not into the em005_64 subdirectory) with selfdefense disabled and reboot. If you have a directory called "c:\Program Files\ESET\[product name]\Modules\em005_32" then cleaner_test_dll_32bit is for you. Unpack the file into "c:\Program Files\ESET\[product name]\Modules" (not into the em005_32 subdirectory) with selfdefense disabled and reboot. If you have a file called "c:\Program Files\ESET\[product name]\em005_32.dat" then you need to use cleaner_test_dat_32bit.zip. Unpack it into "c:\Program Files\ESET\[product name]\" replacing the existing file with selfdefense disabled and reboot. Then report back if the problem is fixed. cleaner_test_dat_32bit.zip cleaner_test_dll_64bit.zip cleaner_test_dll_32bit.zip
  2. I'd like to clarify Marcos' post. You can find the app verifier installer here 32bit: https://drive.google.com/file/d/1c4wQGJteGQb5EurEmhYaYLcmAqUbAIY-/view?usp=sharing 64bit: https://drive.google.com/file/d/1Sh_Yyp7Ie69dbGqBaitN_Nv5iAzuRdwb/view?usp=sharing Before you are able to use it, you'll have to disable self-defense and reboot. The changes you make will be applied after you click Save in the verifier and restart ekrn by rebooting Windows. You can skip the manual registry import he's describing by extracting and importing the file attached to this post. Dumps will then be created in c:\dumps. Edit: There's one more option that needs to be changed in the app verifier. After you've added ekrn.exe you'll need to expand Basics, right-click Heaps, Properties, and enable UseLFHGuardPages (see attached screenshots). local_dumps_registry.zip
  3. Thank you very much RCK for the dumps, they have been helpful. Unfortunately by the time they were created too many things have gone wrong to figure out what was the primary cause and was just a result. It would be helpful if you (or anybody else) could run the following command as admin as soon as possible after boot procdump -ma -e 1 -n 10 ekrn.exe Then replicate the problem, and send us all the dumps that will be created. Procdump can be downloaded from https://docs.microsoft.com/en-us/sysinternals/downloads/procdump. Edit: Please disable selfdefense and reboot before using the procdump command, otherwise it would fail.
×
×
  • Create New...