11.2.49.0 Causes netio.sys BSOD on Win10

[GrammatonClerick 2]

Mine updated to 11.2.49.0 yesterday and since then I am getting random BSOD

 

Minidump attached

071318-36343-01.txt

[Marcos 5,074]

Unfortunately, minidumps contain too little information to determine the cause. Please configure Windows to generate complete or at least kernel memory dumps:

https://support.eset.com/kb380/

[Marcos 5,074]

I've found Zemana's driver zamguard64.sys loaded. Please at least temporarily uninstall any other 3rd party security software while troubleshooting the issue.

[GrammatonClerick 2]

9 hours ago, Marcos said:

I've found Zemana's driver zamguard64.sys loaded. Please at least temporarily uninstall any other 3rd party security software while troubleshooting the issue.

 

10 hours ago, Marcos said:

Unfortunately, minidumps contain too little information to determine the cause. Please configure Windows to generate complete or at least kernel memory dumps:

https://support.eset.com/kb380/

I've sent you a kernel dump in the PM on Friday the 13th.  I've sent you a link to my google drive where I deposited a rared version of the kernel dump it was 43mb rarered, unrared I think it was 16 gig. 

Edited July 16, 2018 by GrammatonClerick

[Marcos 5,074]

In the dump I got last time there was a Zemana driver. Please uninstall any other security sw that you have installed and let us know if BSOD still occurs. Also please drop me a private message with ELC logs so that I can check what software you have installed.

[GrammatonClerick 2]

59 minutes ago, Marcos said:

In the dump I got last time there was a Zemana driver. Please uninstall any other security sw that you have installed and let us know if BSOD still occurs. Also please drop me a private message with ESET Log Collector logs so that I can check what software you have installed.

I have won Zemanna on a 3 year giveaway unless you guys give me 3 years of free lic then I will not uninstall that software since the giveaway is over and the code I used has been used so find another way. 

 

I mean honestly the first thing that AV companies blame are competitors why not work together?!  Zemmana like AdGuard like HitmanPro like Malwarebytes is supposed to be an addon so solve the things yourself and don't blame the users for using them.  

Edited July 16, 2018 by GrammatonClerick

[itman 1,659]

Also this conflict is not unique to Eset. It has occurred with other AVs and Adguard.

In this posting: https://www.bleepingcomputer.com/forums/t/642645/netiosys-bsod/ , the issue was with AVG. Appears to be traced back to a conflict in WFP. What appears to have worked in this case was :

Quote

Disabled the WFP driver in adguard(cause apparently when enabled it uses a more recent version that is not as stable as the older one, when disabled it uses the classic more stable version of the driver)

Added an exception in avg under software analyser.

Edited July 16, 2018 by itman

[itman 1,659]

4 minutes ago, GrammatonClerick said:

I mean honestly the first thing that AV companies blame are competitors why not work together?! 

Here's the issue. Adguard is no longer just an ad blocker. It is a full fledged realtime scanning AV engine also.

The established rule to avoid security software conflicts is never run two AV realtime scanners concurrently.

[itman 1,659]

Here's another Adguard conflict; this time with Kaspersky: https://malwaretips.com/threads/kaspersky-causing-netio-sys-bsod.68366/

[BALTAGY 32]

Here's another BSOD reports from Adguard https://github.com/AdguardTeam/AdguardForWindows/issues/2246

[Marcos 5,074]

I see also MBAM v3 installed. In particular, mbamchameleon.sys is loaded. As I have already mentioned, there are also drivers zam64.sys and zamguard64.sys. Then there is Adguard's driver adgnetworkwfpdrv.sys too. Another AV's driver is SophosED.sys.

So I suggest:

1, Uninstalling MBAM
2, Uninstalling Adguard
3, Uninstalling Sophos
4, Keeping Zemana but temporarily renaming c:\windows\system32\drivers\zam64.sys and zamguard64.sys.

[GrammatonClerick 2]

Ok as per ITMAN suggestion I've disabled the WFP driver and see if that can help. 

 

edit:

 

Before uninstalling things I will try disabling things that have previously were known to cause issues...if that doesn't work then I will try the uninstall route.

Edited July 16, 2018 by GrammatonClerick

[itman 1,659]

42 minutes ago, BALTAGY said:

Here's another BSOD reports from Adguard https://github.com/AdguardTeam/AdguardForWindows/issues/2246

Given this most recent comment, I would say the issue is Adguard:

Quote

ameshkov commented 12 hours ago

@Sorrovv received your minidump, thank you! Meanwhile, an updated driver is likely to come this week (#2246 (comment))

 

 

Edited July 16, 2018 by itman

[GrammatonClerick 2]

9 minutes ago, itman said:

Given this most recent comment, I would say the issue is Adguard:

 

Yeah I agree I've disabled the WFP and no BSOD yet. 

 

I am glad since I would hate to loose ESET protection.   ESET and ADGUARD is like a MOM and DAD fight during a divorce proceedings in the end whichever you choose you loose. 

Edited July 16, 2018 by GrammatonClerick

[GrammatonClerick 2]

1 hour ago, Marcos said:

I see also MBAM v3 installed. In particular, mbamchameleon.sys is loaded. As I have already mentioned, there are also drivers zam64.sys and zamguard64.sys. Then there is Adguard's driver adgnetworkwfpdrv.sys too. Another AV's driver is SophosED.sys.

So I suggest:

1, Uninstalling MBAM
2, Uninstalling Adguard
3, Uninstalling Sophos
4, Keeping Zemana but temporarily renaming c:\windows\system32\drivers\zam64.sys and zamguard64.sys.

Yeap my full protection chain until this issue has been:

 

1) ESET IS

2) HITMAN PRO ALERT (SOPHOS)

3) ADGUARD  (WFP now disabled but it was enabled before)

4) Zemmana (On Demand...kind of upset that it loads a driver even though it's on demand...that's really naughty of them)

5) MBAM (kept at version 2 and used rarely i.e. once every few months scan whenever I feel like it...it's a remnant of a past when MBAM was still worth a damn).

Edited July 16, 2018 by GrammatonClerick

[itman 1,659]

I will also make this general comment.

I would never use multiple products concurrently that perform SSL protocol scanning. The potential for a decryption/re-encryption "bork" in the browser goes up exponentially with such activity. Let alone the impact on browser speed. Such concurrent activity could make your browser more insecure than if SSL protocol scanning was never employed.

[GrammatonClerick 2]

1 minute ago, itman said:

I will also make this general comment.

I would never use multiple products concurrently that perform SSL protocol scanning. The potential for a decryption/re-encryption "bork" in the browser goes up exponentially with such activity. Let alone the impact on browser speed. Such concurrent activity could make your browser more insecure than if SSL protocol scanning was never employed.

Ok so what would you recommend?  Disable AdGuard SSL scanning or ESET SSL scanning?  I am also running Sophos XG17 UTM but that has disabled SSL scanner and only scans HTTP. 

[itman 1,659]

3 hours ago, GrammatonClerick said:

Ok so what would you recommend?

Unfortunately, it's a "chicken or the egg" scenario.

If you disable SSL protocol scanning in Adguard, it won't be able to scan for ads on HTTPS web sites I assume. See below comments on Adguard plug-in version. 

This is why I prefer an ad blocking solution that uses tracking protection lists instead like AdBlock. Since I use IE11 as my primary browser, I just use Fanboy's ad and privacy lists. They do a pretty good job on blocking most ads although not all.

The main protection you want is against malicious ads and Eset has you covered on those.

Have you checked out the browser plug-in version of Adguard? https://adguard.com/en/adguard-browser-extension/overview.html . Possible this will check for ads on HTTPS sites after they are decrypted by the browser.

Edited July 16, 2018 by itman

[BALTAGY 32]

I'm using UBlock with Adguard filters on Firefox and Chrome along with ESET, All working fine here

[p0k3m0n 1]

Adguard is extremely buggy software on Windows. I had many BSOD on few configurations, and yes - it was Adguard. Adguard Android version is high quality software, but Windows it is different story.

[itman 1,659]

I had to reinstall Win 10. As such, decided to give Edge browser a trial. Installed the Adguard add-on and appears to be working just fine. Installed the tracking protection lists I want including Github's CoinMiner one for Adguard. Went to a test coin miner web site and Adguard detected it immediately.

What I forgot about though is Adguard is a Russian based company. Depending on how you feel about Russia's recent cyber activities, it would be another reason why one would not allow Adguard to do SSL protocol scanning in the stand-alone version of it.

[GrammatonClerick 2]

On 7/20/2018 at 2:25 PM, itman said:

I had to reinstall Win 10. As such, decided to give Edge browser a trial. Installed the Adguard add-on and appears to be working just fine. Installed the tracking protection lists I want including Github's CoinMiner one for Adguard. Went to a test coin miner web site and Adguard detected it immediately.

What I forgot about though is Adguard is a Russian based company. Depending on how you feel about Russia's recent cyber activities, it would be another reason why one would not allow Adguard to do SSL protocol scanning in the stand-alone version of it.

Yeah It's sad that Geopolitical issues prevent us from having great protection.  I mean the same can be said about Any former Eastern European nation (looking at you ESET) :).  But yeah that's exactly what I asked on MalwareTips.com and was promptly banned by their Mods...no explanation just banned....when I asked them they told me I was banned for "spam" but it's weird that everything was fine until I asked the same question you asked above...i.e. casting doubts about the Russian FSB connection (their new law at the time) to share all the net data with FSB and their Adguard protection of HTTPS i.e. if they would cooperate with FSB if it came to it?   Once that question was asked...ban hammer was issued and all my posts deleted. :)  So there goes the stance of the malwaretips mods....(that was few years ago). 

Edited July 22, 2018 by GrammatonClerick

[itman 1,659]

25 minutes ago, GrammatonClerick said:

But yeah that's exactly what I asked on MalwareTips.com and was promptly banned by their Mods...no explanation just banned....when I asked them they told me I was banned for "spam" but it's weird that everything was fine until I asked the same question you asked above

Interesting and at the same time not totally unexpected.

Without getting into specifics some security forums, lets put it as, are not as impartial as one would be believe. There are also vendor bias on those sites including partiality to Microsoft itself that become evident if you spend a lot of time on them as I do. Money does talk as the saying goes. Take it as one of those life experiences we all learn from.