Jump to content

11.2.49.0 Causes netio.sys BSOD on Win10


Recommended Posts

  • Administrators

I've found Zemana's driver zamguard64.sys loaded. Please at least temporarily uninstall any other 3rd party security software while troubleshooting the issue.

Link to comment
Share on other sites

9 hours ago, Marcos said:

I've found Zemana's driver zamguard64.sys loaded. Please at least temporarily uninstall any other 3rd party security software while troubleshooting the issue.

 

10 hours ago, Marcos said:

Unfortunately, minidumps contain too little information to determine the cause. Please configure Windows to generate complete or at least kernel memory dumps:

https://support.eset.com/kb380/

I've sent you a kernel dump in the PM on Friday the 13th.  I've sent you a link to my google drive where I deposited a rared version of the kernel dump it was 43mb rarered, unrared I think it was 16 gig. 

Edited by GrammatonClerick
Link to comment
Share on other sites

  • Administrators

In the dump I got last time there was a Zemana driver. Please uninstall any other security sw that you have installed and let us know if BSOD still occurs. Also please drop me a private message with ELC logs so that I can check what software you have installed.

Link to comment
Share on other sites

59 minutes ago, Marcos said:

In the dump I got last time there was a Zemana driver. Please uninstall any other security sw that you have installed and let us know if BSOD still occurs. Also please drop me a private message with ESET Log Collector logs so that I can check what software you have installed.

I have won Zemanna on a 3 year giveaway unless you guys give me 3 years of free lic then I will not uninstall that software since the giveaway is over and the code I used has been used so find another way. 

 

I mean honestly the first thing that AV companies blame are competitors why not work together?!  Zemmana like AdGuard like HitmanPro like Malwarebytes is supposed to be an addon so solve the things yourself and don't blame the users for using them.  

Edited by GrammatonClerick
Link to comment
Share on other sites

Also this conflict is not unique to Eset. It has occurred with other AVs and Adguard.

In this posting: https://www.bleepingcomputer.com/forums/t/642645/netiosys-bsod/ , the issue was with AVG. Appears to be traced back to a conflict in WFP. What appears to have worked in this case was :

Quote

Disabled the WFP driver in adguard(cause apparently when enabled it uses a more recent version that is not as stable as the older one, when disabled it uses the classic more stable version of the driver)

Added an exception in avg under software analyser.

Edited by itman
Link to comment
Share on other sites

4 minutes ago, GrammatonClerick said:

I mean honestly the first thing that AV companies blame are competitors why not work together?! 

Here's the issue. Adguard is no longer just an ad blocker. It is a full fledged realtime scanning AV engine also.

The established rule to avoid security software conflicts is never run two AV realtime scanners concurrently.

Link to comment
Share on other sites

  • Administrators

I see also MBAM v3 installed. In particular, mbamchameleon.sys is loaded. As I have already mentioned, there are also drivers zam64.sys and zamguard64.sys. Then there is Adguard's driver adgnetworkwfpdrv.sys too. Another AV's driver is SophosED.sys.

So I suggest:

1, Uninstalling MBAM
2, Uninstalling Adguard
3, Uninstalling Sophos
4, Keeping Zemana but temporarily renaming c:\windows\system32\drivers\zam64.sys and zamguard64.sys.

Link to comment
Share on other sites

Ok as per ITMAN suggestion I've disabled the WFP driver and see if that can help. 

 

edit:

 

Before uninstalling things I will try disabling things that have previously were known to cause issues...if that doesn't work then I will try the uninstall route.

Edited by GrammatonClerick
Link to comment
Share on other sites

42 minutes ago, BALTAGY said:

Here's another BSOD reports from Adguard https://github.com/AdguardTeam/AdguardForWindows/issues/2246

Given this most recent comment, I would say the issue is Adguard:

Quote

ameshkov commented 12 hours ago

@Sorrovv received your minidump, thank you! Meanwhile, an updated driver is likely to come this week (#2246 (comment))

 

 
Edited by itman
Link to comment
Share on other sites

9 minutes ago, itman said:

Given this most recent comment, I would say the issue is Adguard:

 

Yeah I agree I've disabled the WFP and no BSOD yet. 

 

I am glad since I would hate to loose ESET protection.   ESET and ADGUARD is like a MOM and DAD fight during a divorce proceedings in the end whichever you choose you loose. 

Edited by GrammatonClerick
Link to comment
Share on other sites

1 hour ago, Marcos said:

I see also MBAM v3 installed. In particular, mbamchameleon.sys is loaded. As I have already mentioned, there are also drivers zam64.sys and zamguard64.sys. Then there is Adguard's driver adgnetworkwfpdrv.sys too. Another AV's driver is SophosED.sys.

So I suggest:

1, Uninstalling MBAM
2, Uninstalling Adguard
3, Uninstalling Sophos
4, Keeping Zemana but temporarily renaming c:\windows\system32\drivers\zam64.sys and zamguard64.sys.

Yeap my full protection chain until this issue has been:

 

1) ESET IS

2) HITMAN PRO ALERT (SOPHOS)

3) ADGUARD  (WFP now disabled but it was enabled before)

4) Zemmana (On Demand...kind of upset that it loads a driver even though it's on demand...that's really naughty of them)

5) MBAM (kept at version 2 and used rarely i.e. once every few months scan whenever I feel like it...it's a remnant of a past when MBAM was still worth a damn).

Edited by GrammatonClerick
Link to comment
Share on other sites

I will also make this general comment.

I would never use multiple products concurrently that perform SSL protocol scanning. The potential for a decryption/re-encryption "bork" in the browser goes up exponentially with such activity. Let alone the impact on browser speed. Such concurrent activity could make your browser more insecure than if SSL protocol scanning was never employed.

Link to comment
Share on other sites

1 minute ago, itman said:

I will also make this general comment.

I would never use multiple products concurrently that perform SSL protocol scanning. The potential for a decryption/re-encryption "bork" in the browser goes up exponentially with such activity. Let alone the impact on browser speed. Such concurrent activity could make your browser more insecure than if SSL protocol scanning was never employed.

Ok so what would you recommend?  Disable AdGuard SSL scanning or ESET SSL scanning?  I am also running Sophos XG17 UTM but that has disabled SSL scanner and only scans HTTP. 

Link to comment
Share on other sites

3 hours ago, GrammatonClerick said:

Ok so what would you recommend?

Unfortunately, it's a "chicken or the egg" scenario.

If you disable SSL protocol scanning in Adguard, it won't be able to scan for ads on HTTPS web sites I assume. See below comments on Adguard plug-in version. 

This is why I prefer an ad blocking solution that uses tracking protection lists instead like AdBlock. Since I use IE11 as my primary browser, I just use Fanboy's ad and privacy lists. They do a pretty good job on blocking most ads although not all.

The main protection you want is against malicious ads and Eset has you covered on those.

Have you checked out the browser plug-in version of Adguard? https://adguard.com/en/adguard-browser-extension/overview.html . Possible this will check for ads on HTTPS sites after they are decrypted by the browser.

Edited by itman
Link to comment
Share on other sites

  • ESET Insiders

I'm using UBlock with Adguard filters on Firefox and Chrome along with ESET, All working fine here

Link to comment
Share on other sites

Adguard is extremely buggy software on Windows. I had many BSOD on few configurations, and yes - it was Adguard. Adguard Android version is high quality software, but Windows it is different story.

Link to comment
Share on other sites

I had to reinstall Win 10. As such, decided to give Edge browser a trial. Installed the Adguard add-on and appears to be working just fine. Installed the tracking protection lists I want including Github's CoinMiner one for Adguard. Went to a test coin miner web site and Adguard detected it immediately.

What I forgot about though is Adguard is a Russian based company. Depending on how you feel about Russia's recent cyber activities, it would be another reason why one would not allow Adguard to do SSL protocol scanning in the stand-alone version of it.

Link to comment
Share on other sites

On 7/20/2018 at 2:25 PM, itman said:

I had to reinstall Win 10. As such, decided to give Edge browser a trial. Installed the Adguard add-on and appears to be working just fine. Installed the tracking protection lists I want including Github's CoinMiner one for Adguard. Went to a test coin miner web site and Adguard detected it immediately.

What I forgot about though is Adguard is a Russian based company. Depending on how you feel about Russia's recent cyber activities, it would be another reason why one would not allow Adguard to do SSL protocol scanning in the stand-alone version of it.

Yeah It's sad that Geopolitical issues prevent us from having great protection.  I mean the same can be said about Any former Eastern European nation (looking at you ESET) :).  But yeah that's exactly what I asked on MalwareTips.com and was promptly banned by their Mods...no explanation just banned....when I asked them they told me I was banned for "spam" but it's weird that everything was fine until I asked the same question you asked above...i.e. casting doubts about the Russian FSB connection (their new law at the time) to share all the net data with FSB and their Adguard protection of HTTPS i.e. if they would cooperate with FSB if it came to it?   Once that question was asked...ban hammer was issued and all my posts deleted. :)  So there goes the stance of the malwaretips mods....(that was few years ago). 

Edited by GrammatonClerick
Link to comment
Share on other sites

25 minutes ago, GrammatonClerick said:

But yeah that's exactly what I asked on MalwareTips.com and was promptly banned by their Mods...no explanation just banned....when I asked them they told me I was banned for "spam" but it's weird that everything was fine until I asked the same question you asked above

Interesting and at the same time not totally unexpected.

Without getting into specifics some security forums, lets put it as, are not as impartial as one would be believe. There are also vendor bias on those sites including partiality to Microsoft itself that become evident if you spend a lot of time on them as I do. Money does talk as the saying goes. Take it as one of those life experiences we all learn from. 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...