Jump to content

Latest update BSOD.


Synthfoster

Recommended Posts

After ESET auto install latest update I got instant BSOD.

eamonm.sys 

were able to boot into windows thanks to windows bootoption to disable early launch of anti-malware.

had to delete everything in regedit that had anything to do with ESET Security and then delete all folders and files.

tried to install NOD again but the same.

 

have now deleted everything again and now my pc runs as normal.

Link to comment
Share on other sites

  • Administrators

Please configure Windows to generate complete memory or active memory dumps (Windows 10) as per https://support.eset.com/en/kb380-how-do-i-generate-a-memory-dump-manually and reproduce BSOD. After a reboot, compress the memory dump and supply it to ESET for perusal to determine the root cause of the issue. The fact that eamonm.sys is listed in the dump doesn't necessarily mean it's the culprit.

Link to comment
Share on other sites

Hello,

I have exactly the same problem.I've updated Eset Security to the latest version and instant BSOD.I've restarted and the same.

I've uninstalled Eset in Safe mode and no BSOD.Installed Eset again and BSOD.Clearly the product is causing the problem.

Link to comment
Share on other sites

Beginning to wonder if these are Win 10 Secure Boot enabled devices and the boot process is "hiccuping"  on the reappearance in ver. 13.1.16 of hash error for Eset's AMSI .dll:

Eset_eamsi.png.6f3dceaa3a1debc06ed1029e7d67bb38.png

 

 

Edited by itman
Link to comment
Share on other sites

Hello,

I have exactly the same problem.I've updated Eset Security to the latest version and instant BSOD.I've restarted and the same.

I've uninstalled Eset in Safe mode and no BSOD.Installed Eset again and BSOD continued.

Windows 10 works fine when boot with Special options F8 then Disable earlier startup of anti malware protection.

eamonm.sys is a root cause of BSOD.

 

Edited by Gyan
Link to comment
Share on other sites

In regards to the original posting reference to disabling early launch anti-malware driver via boot startup option, a quick review on what it does:

Quote

In Windows 10 / 8, Microsoft has implemented Early Launch Anti-Malware (ELAM) protection which can check the integrity of system files and prevent malicious drivers or programs from starting very early in the boot process. The well documented sticky keys exploit lets you escalate privilege from Windows login screen, but it is no longer working because of ELAM.

However, if a driver is classified as malware by ELAM because it is malicious or a false positive, it may prevent your system from booting. To solve this issue, you may need to temporarily turn off ELAM so that you can either update your antivirus software or remove the problematic malware driver. In this tutorial we’ll show you a simple way to temporarily disable Early Launch Anti-Malware protection in Windows 10 / 8.

https://www.top-password.com/blog/disable-early-launch-anti-malware-protection-in-windows/

Since the majority of Eset ver. 13.1.16 upgraded devices have no issues in this regard, it would appear that on a few select Eset installations its ELAM driver is detecting an existing driver as malicious. The key to resolution is to find out which driver is being detected as malicious.

One way to do this is to enable Win 10 boot logging as follows: https://www.windowscentral.com/how-enable-boot-log-windows-10. Reboot. Then using Notepad, print the ntbtlog.txt file located in C:\Windows. Now install Eset ver. 13.1.16. Reboot. PC should blue screen at boot time. At this time, you can either boot into Win 10 recovery environment and disable ELAM, or boot into safe boot. Then again uninstall Eset. When you do get Win 10 successfully rebooted, again print out ntbtlog.txt. Now compare the two printouts. From the bottom of the printout, work upward till you find the boot log section with entries associated with the blue screen. The last driver shown in that section will be the last driver successfully loaded. Now find that driver on the earlier ntbtlog.txt printout. The next driver listed on the earlier printout should be the driver Eset ELAM processing refused to load and aborted the Win 10 boot.

Edited by itman
Link to comment
Share on other sites

37 minutes ago, itman said:

In regards to the original posting reference to disabling early launch anti-malware driver via boot startup option, a quick review on what it does:

https://www.top-password.com/blog/disable-early-launch-anti-malware-protection-in-windows/

Since the majority of Eset ver. 13.1.16 upgraded devices have no issues in this regard, it would appear that on a few select Eset installations its ELAM driver is detecting an existing driver as malicious. The key to resolution is to find out which driver is being detected as malicious.

eamonm.sys is a root cause of BSOD

Link to comment
Share on other sites

  • Administrators

Thanks, the cause is the same. It's a bug that has  been fixed recently and will be included in the next hotfix or service build.

Link to comment
Share on other sites

  • Administrators
9 minutes ago, Purpleroses said:

I have that message in my event viewer.  But my computer boots up and does not give me a BSOD.  So do I have to worry about this?

If your system doesn't crash into BSOD then you are not affected by the issue discussed in this topic.

Link to comment
Share on other sites

13 minutes ago, Purpleroses said:

So do I have to worry about this?

No. Eamsi.dll is still being loaded into select Win processes Eset monitors by this. Also, this would not cause a BSOD at boot time since the .dll injection is done subsequent to that.

Edited by itman
Link to comment
Share on other sites

I also believe that this issue has nothing to do with eamonm.sys. It is highly unlikely that Eset's ELAM processing would refuse to load its own driver. Even if it did, eamonm.sys is not a critical OS driver. A boot-time blue screen would not occur from not loading it.

Now if eamonm.sys was corrupted in some way, that could cause a boot-time blue screen. But a subsequent uninstall/reinstall of Eset should have corrected this. However if Eset uninstaller tool run in Safe mode was not deployed, it is possible the corrupted eamonm.sys driver remained in the Win driver directory. And a reinstall did not replace it since it already existed?

Edited by itman
Link to comment
Share on other sites

Ahh, so it's not just me and my Windows 10 build 19041.153.  Experienced the same BSOD issue, had to run a restore to get things working again.  Currently running without ESET as I removed 100% using Revo Uninstaller. Now struggling with Comodo Internet Security (sorry, had to run something) to carry me though until the DEV's sort things out. 

Link to comment
Share on other sites

  • Administrators
17 hours ago, itman said:

Now if eamonm.sys was corrupted in some way, that could cause a boot-time blue screen.

This not not true. A corruption theoretically caused to eamonm.sys would not cause BSOD; the driver would not load in such case and that would be all. I must say that I don't recall a single case when the driver in question was corrupted, e.g. due to a disk failure.

Link to comment
Share on other sites

  • ESET Insiders
On 3/22/2020 at 1:10 AM, Marcos said:

Please supply me with c:\windows\memory.dmp, ideally in a compressed form.

Hello, here is my memory dump, getting the same error code & BSOD since 13.1.16.0 released, already I have to format & clean install my windows 2 times for this issue, not anymore, am reverting to the old version for now. if any solution is available or any uodated Eset product module is available let me know, never faced any system related crashing or any other serious issue like BSOD with ESET for last 10yrs in my experience, this is the first time that eset giving me trouble.

 

Link to comment
Share on other sites

5 hours ago, Marcos said:

A corruption theoretically caused to eamonm.sys would not cause BSOD; the driver would not load in such case and that would be all.

FYI: https://www.techinpost.com/blue-screen-driver-corrupted-expool-windows-bsod-pc-error-issue/ .

However:

Quote

Causes of Blue Screen DRIVER_CORRUPTED_EXPOOL Windows Error:

An error has various links, and many things affect your PC, so it’s complicated to say that this resulted in the failure of Blue screen Driver Corrupted Expool Windows or is the prime reason for it. So, we have listed the most common causes of this issue, and the reason for yours could be the 1st as well as the last one of it. Pay attention and try them all. The following are the main causes of the blue screen Driver_Corrupted_Expool error.

  • Incorrect configuration, corrupted, or old device drivers. (common)
  • A recent software change may have damaged the Windows
  • Virus or malware attack has damaged the Windows system files or the Windows OS-related files.
  • Conflict within the drivers after installing new
  • Damaged or deleted system files after the installation of software or drivers that are related to the Windows Operating System.
  • A damaged hard disk caused the blue screen error 0xC5.
  • Blue Screen DRIVER_CORRUPTED_EXPOOL STOP error caused due to the memory (RAM) corruption.
  • Error DRIVER CORRUPTED EXPOOL blue screen can also be caused by different hardware, driver, firmware, or some software issues.

 

Edited by itman
Link to comment
Share on other sites

For those whom have received this boot screen due to eamonm.sys, someone opened another thread that they were getting,  Bug Check 0x3B: SYSTEM_SERVICE_EXCEPTION, from it: https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/bug-check-0x3b--system-service-exception .

Is this what is being displayed on your blue screen?

Link to comment
Share on other sites

1 hour ago, itman said:

For those whom have received this boot screen due to eamonm.sys, someone opened another thread that they were getting,  Bug Check 0x3B: SYSTEM_SERVICE_EXCEPTION, from it: https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/bug-check-0x3b--system-service-exception .

Is this what is being displayed on your blue screen?

ohh, yaa this is the Exception when i got BSOD. Installation of ESET Internet Security 13.1.16.0 version won't make any problem but updating its modules of 155MB  makes BSOD. 

Now I have Disabled earlier Launch of  anti malware protection to boot my windows and using Microsoft Security

Link to comment
Share on other sites

2 minutes ago, Gyan said:

Now I have Disabled earlier Launch of  anti malware protection to boot my windows and using Microsoft Security

I assume you mean you're using Windows Defender. As such, you want to keep "Launch of anti malware protection" enabled so the WD ELAM driver loads. With Eset uninstalled, there will be no launching of its ELAM driver at boot time.

Link to comment
Share on other sites

Now this is a strange one.

I enabled Driver Verifier to scan all drivers loaded at boot time. PC slowed to a crawl at boot time but there was zip issues with any of Eset's drivers. Now none of Eset's stub .dll drivers showed as loaded. But I beleive ekrn.exe loads those into kernel space subsequent to boot time.

So I am leaning toward an issue with recent Win Updates which are causing blue screens on a limited number of select Win 10 devices regardless of AV installed. Appears whatever those updates did is not "playing well" with select Eset drivers loading at boot time.

Edited by itman
Link to comment
Share on other sites

6 minutes ago, itman said:

I assume you mean you're using Windows Defender. As such, you want to keep "Launch of anti malware protection" enabled so the WD ELAM driver loads. With Eset uninstalled, there will be no launching of its ELAM driver at boot time.

I don't want my ESET to be uninstalled. WD is working fine. ESET's driver eamonm.sys causing BSOD. Disable earlier Launch of anti malware protection to boot my laptop is temporary.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...