Jump to content

BSOD attributed to ESET


nzmc56

Recommended Posts

Just got a BSOD, windows 10 Pro, 64 bit when going to switch users.  "Who crashed" attributed it to epfwwfp.sys, see below.  Is this an ESET problem or did something else caused ESET to fall over?  How can I tell?

On Sat 7/14/2018 2:17:16 PM your computer crashed or a problem was reported
crash dump file: C:\Windows\MEMORY.DMP
This was probably caused by the following module: epfwwfp.sys (epfwwfp+0x2F43)
Bugcheck code: 0x1E (0xFFFFFFFFC0000005, 0xFFFFF802FD25FC7A, 0x0, 0xFFFFFFFFFFFFFFFF)
Error: KMODE_EXCEPTION_NOT_HANDLED
file path: C:\Windows\system32\drivers\epfwwfp.sys
product: ESET Security
company: ESET
description: ESET Firewall Driver
Bug check description: This indicates that a kernel-mode program generated an exception which the error handler did not catch.
This might be a case of memory corruption. This may be because of a hardware issue such as faulty RAM, overheating (thermal issue) or because of a buggy driver.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: epfwwfp.sys (ESET Firewall Driver, ESET).

 

Link to comment
Share on other sites

What Eset version do you have installed?

What version of Win 10 do you have installed; e.g. 1607, 1803, etc..

Did you recently install new app software or install Win Updates?

 

Link to comment
Share on other sites

2 hours ago, itman said:

What Eset version do you have installed?

11.1.54.0

What version of Win 10 do you have installed; e.g. 1607, 1803, etc..

1803

Did you recently install new app software or install Win Updates?

I've had BSODs and hangs with 1803 in the past and did a clean reinstall of 1803 using Media Creation Tool.  I waited a week before installing ESET and got this BSOD one day later.

Do you use Adguard alongside ESET?

No

 

 

Link to comment
Share on other sites

Appears this one is the culprit:

Quote

0xC0000005: STATUS_ACCESS_VIOLATION

A memory access violation occurred. (Parameter 4 of the bug check is the address that the driver attempted to access.)

https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/bug-check-0x1e--kmode-exception-not-handled

Why Eset's firewall driver would cause it remains to be determined. I would imagine most Eset Win 10 1803 users are using the Home vers.. So the Pro version might be a factor. Did you set up any specialized Windows Defender Exploit Guard mitigations?

Edited by itman
Link to comment
Share on other sites

I just noticed something.

Are you running NOD32 or Internet/Smart Security? If NOD32, I don't know why epfwwfp.sys would be installed since its the Eset firewall driver. Perhaps because NOD32 now has browser script protection?

Link to comment
Share on other sites

  • Administrators

If you have a kernel or complete memory dump from the crash, please upload it to Dropbox, OneDrive, etc. provide me with a download link.

Link to comment
Share on other sites

14 hours ago, itman said:

 Did you set up any specialized Windows Defender Exploit Guard mitigations?

No, I did not

 

Link to comment
Share on other sites

13 hours ago, itman said:

Are you running NOD32 or Internet/Smart Security? If NOD32, I don't know why epfwwfp.sys would be installed since its the Eset firewall driver. Perhaps because NOD32 now has browser script protection?

I'm running nod32.

Link to comment
Share on other sites

4 hours ago, Marcos said:

If you have a kernel or complete memory dump from the crash, please upload it to Dropbox, OneDrive, etc. provide me with a download link.

Marcos, I've uploaded the memory.dmp and a minidump produced at the same time to: https://onedrive.live.com/?id=2DB94D83D2F570EB!284&cid=2DB94D83D2F570EB

Thanks, for looking into this

Link to comment
Share on other sites

Also, this issue has occurred previously; this time on Win 8.1: https://forum.eset.com/topic/10538-eset-personal-firewall-driver-epfwwfpsys-causes-bsod-in-my-win-81-laptop/ .

The solution in that instance was:

Quote

The problem is that L2802_3ParseMacHeader function in wfplwfs Microsoft’s driver does not handle this scenario well which may result in BSOD.

We know of 3 ways how to mitigate this BSOD so far:

  1. Do not use PPPoE connection (use Wifi, or change your cable/dsl modem for a cable/dsl router which will do PPPoE for you)
  2. Do not use programs that might create fragmented IP/UDP. Torrents are well known for creating such packets. Disable UDP in your torrent application if possible. Note that web browsing uses mainly TCP, which is safe.
  3. Use an older Eset product. ESSv9 should be safe since it has its own LWF driver called epfwlwf and does not depend on Microsoft’s wfplwfs.

 

Edited by itman
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...