nzmc56 0 Posted July 14, 2018 Share Posted July 14, 2018 Just got a BSOD, windows 10 Pro, 64 bit when going to switch users. "Who crashed" attributed it to epfwwfp.sys, see below. Is this an ESET problem or did something else caused ESET to fall over? How can I tell? On Sat 7/14/2018 2:17:16 PM your computer crashed or a problem was reported crash dump file: C:\Windows\MEMORY.DMP This was probably caused by the following module: epfwwfp.sys (epfwwfp+0x2F43) Bugcheck code: 0x1E (0xFFFFFFFFC0000005, 0xFFFFF802FD25FC7A, 0x0, 0xFFFFFFFFFFFFFFFF) Error: KMODE_EXCEPTION_NOT_HANDLED file path: C:\Windows\system32\drivers\epfwwfp.sys product: ESET Security company: ESET description: ESET Firewall Driver Bug check description: This indicates that a kernel-mode program generated an exception which the error handler did not catch. This might be a case of memory corruption. This may be because of a hardware issue such as faulty RAM, overheating (thermal issue) or because of a buggy driver. A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: epfwwfp.sys (ESET Firewall Driver, ESET). Link to comment Share on other sites More sharing options...
itman 1,749 Posted July 14, 2018 Share Posted July 14, 2018 What Eset version do you have installed? What version of Win 10 do you have installed; e.g. 1607, 1803, etc.. Did you recently install new app software or install Win Updates? Link to comment Share on other sites More sharing options...
Azure Phoenix 11 Posted July 14, 2018 Share Posted July 14, 2018 Do you use Adguard alongside ESET? Link to comment Share on other sites More sharing options...
nzmc56 0 Posted July 14, 2018 Author Share Posted July 14, 2018 2 hours ago, itman said: What Eset version do you have installed? 11.1.54.0 What version of Win 10 do you have installed; e.g. 1607, 1803, etc.. 1803 Did you recently install new app software or install Win Updates? I've had BSODs and hangs with 1803 in the past and did a clean reinstall of 1803 using Media Creation Tool. I waited a week before installing ESET and got this BSOD one day later. Do you use Adguard alongside ESET? No Link to comment Share on other sites More sharing options...
itman 1,749 Posted July 14, 2018 Share Posted July 14, 2018 (edited) Appears this one is the culprit: Quote 0xC0000005: STATUS_ACCESS_VIOLATION A memory access violation occurred. (Parameter 4 of the bug check is the address that the driver attempted to access.) https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/bug-check-0x1e--kmode-exception-not-handled Why Eset's firewall driver would cause it remains to be determined. I would imagine most Eset Win 10 1803 users are using the Home vers.. So the Pro version might be a factor. Did you set up any specialized Windows Defender Exploit Guard mitigations? Edited July 14, 2018 by itman Link to comment Share on other sites More sharing options...
itman 1,749 Posted July 14, 2018 Share Posted July 14, 2018 I just noticed something. Are you running NOD32 or Internet/Smart Security? If NOD32, I don't know why epfwwfp.sys would be installed since its the Eset firewall driver. Perhaps because NOD32 now has browser script protection? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted July 15, 2018 Administrators Share Posted July 15, 2018 If you have a kernel or complete memory dump from the crash, please upload it to Dropbox, OneDrive, etc. provide me with a download link. Link to comment Share on other sites More sharing options...
nzmc56 0 Posted July 15, 2018 Author Share Posted July 15, 2018 14 hours ago, itman said: Did you set up any specialized Windows Defender Exploit Guard mitigations? No, I did not Link to comment Share on other sites More sharing options...
nzmc56 0 Posted July 15, 2018 Author Share Posted July 15, 2018 13 hours ago, itman said: Are you running NOD32 or Internet/Smart Security? If NOD32, I don't know why epfwwfp.sys would be installed since its the Eset firewall driver. Perhaps because NOD32 now has browser script protection? I'm running nod32. Link to comment Share on other sites More sharing options...
nzmc56 0 Posted July 15, 2018 Author Share Posted July 15, 2018 4 hours ago, Marcos said: If you have a kernel or complete memory dump from the crash, please upload it to Dropbox, OneDrive, etc. provide me with a download link. Marcos, I've uploaded the memory.dmp and a minidump produced at the same time to: https://onedrive.live.com/?id=2DB94D83D2F570EB!284&cid=2DB94D83D2F570EB Thanks, for looking into this Link to comment Share on other sites More sharing options...
itman 1,749 Posted July 15, 2018 Share Posted July 15, 2018 (edited) Also, this issue has occurred previously; this time on Win 8.1: https://forum.eset.com/topic/10538-eset-personal-firewall-driver-epfwwfpsys-causes-bsod-in-my-win-81-laptop/ . The solution in that instance was: Quote The problem is that L2802_3ParseMacHeader function in wfplwfs Microsoft’s driver does not handle this scenario well which may result in BSOD. We know of 3 ways how to mitigate this BSOD so far: Do not use PPPoE connection (use Wifi, or change your cable/dsl modem for a cable/dsl router which will do PPPoE for you) Do not use programs that might create fragmented IP/UDP. Torrents are well known for creating such packets. Disable UDP in your torrent application if possible. Note that web browsing uses mainly TCP, which is safe. Use an older Eset product. ESSv9 should be safe since it has its own LWF driver called epfwlwf and does not depend on Microsoft’s wfplwfs. Edited July 15, 2018 by itman Link to comment Share on other sites More sharing options...
Recommended Posts