HienKieu 2 Posted July 20, 2017 Share Posted July 20, 2017 Hi everyone, My clients had installed EES ver 6.5.2107.1 three weeks ago, but today, they get a problem with OS Windows 10 x64.. It cannot start and show detail as below: As i see, it related to "epfwwfpr.sys", which is an ESET Personal Firewall.. but follow the last topic, So far, i still not to see a clear solution about this, Can anyone help to share with me how to fixed issue and explain the cause of it?! Thanks in advance! Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted July 20, 2017 Administrators Share Posted July 20, 2017 Hello, We are only aware of one cause of BSOD where epfwwfpr.sys is listed as the culprit. It happens when we receive bad and unexpected data from Windows, most likely due to a bug in WFP. Would it be possible to provide a dump from the crash? Also please clarify if you have ESET Endpoint Antivirus or ESET Endpoint Security installed since the driver in question is included only in Endpoint Antivirus but you wrote that it's Endpoint Security. In order to be able to start Windows in normal mode, start it in safe mode and rename the driver epfwwfpr.sys. Link to comment Share on other sites More sharing options...
HienKieu 2 Posted July 20, 2017 Author Share Posted July 20, 2017 @Marcos Thanks for sharing.. Ohh sorry,i have a mistake, that's Eset Endpoint Antivirus ver 6.5.2107.1.. As you said, it might be to resolved when start in safe mode and rename this driver? Please show me Which paths can i go to rename the driver epfwwfpr.sys? Thanks so much! Link to comment Share on other sites More sharing options...
tmuster2k 22 Posted July 20, 2017 Share Posted July 20, 2017 I also have a customer using ESET Smart Security Windows 10 and getting same BSOD. blue screen/driver irql_not_less_or_equal not less or equal windows 10 failed-epfwwfp.sys = ESET Personal Firewall Driver I would not let me rename or delete the epfw.sys driver because it said it was in use. I was in regular safemode. This is a Lenovo desktop. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted July 20, 2017 Administrators Share Posted July 20, 2017 That's weird because in safe mode neither the ehdrv.sys driver providing self-defense nor ekrn.exe is running so it should be possible to rename the file. @HienKieu I meant the driver C:\Windows\System32\drivers\epfwwfpr.sys. If possible, please provide us with a complete memory dump from a crash so that we can confirm it's the issue that we assume it to be. In the next service release and future versions we plan to add a check for values returned by the OS but since it seems to be caused by a bug in Windows, it will be just a workaround and the issue may recur later or even with other than our software. Link to comment Share on other sites More sharing options...
tmuster2k 22 Posted July 21, 2017 Share Posted July 21, 2017 23 hours ago, Marcos said: That's weird because in safe mode neither the ehdrv.sys driver providing self-defense nor ekrn.exe is running so it should be possible to rename the file. @HienKieu I meant the driver C:\Windows\System32\drivers\epfwwfpr.sys. i was also puzzled that I could not remove this driver in regular safemode. I cannot get logs now as system restore was performed and everything is normal. Link to comment Share on other sites More sharing options...
Recommended Posts