Jump to content

eamonm.sys BSOD - Stop code: SYSTEM_THREAD_EXCEPTION NOT HANDLED


Recommended Posts

Have a Windows 10 computer that was running 8.0.2028.0 at a remote site and it BSOD'd this AM with the above exception. Upgraded EAV to 8.1.2031 and the BSOD's continue. 

Windows 10 edition is 21H1, build 19043.1083

It's an AMD Ryzen 3 Pro 1200 based HP EliteDesk 705 G3. 

Most recent updates, installed 2021-07-07:

- Servicing Stack 10.0.19041.1081

- KB5004945

- KB5003537

 

If I open a browser, this seems to trigger the crash (I'm on the computer remotely at the moment). 

Address is eamonm.sys+6200. Bug Check code is 0x1000007e

I uninstalled the product, and now it is not crashing. I can launch a browser and all is well. 

 

Not experiencing this on other systems, most of them are Intel based, this may be the only AMD one in the building. 

Edited by OVERKILL
Link to comment
Share on other sites

3 hours ago, Marcos said:

Please provide the memory dump from a crash as well as logs collected with ESET Log Collector. You can drop me a private message with download links.

OK, I can get those for you tomorrow. Will the logs be collectable with the product uninstalled or do I need to reinstall it and get it to crash again? 

Link to comment
Share on other sites

I was getting the same thing on a PC (Intel) this morning but it seems to have stopped now.

It was a System Thread Exception Not Handled BSOD with eamonm.sys the cause according to Bluescreenview.

It's not doing it now though, so maybe an update fixed it?

 

Link to comment
Share on other sites

  • Administrators
6 hours ago, OVERKILL said:

OK, I can get those for you tomorrow. Will the logs be collectable with the product uninstalled or do I need to reinstall it and get it to crash again? 

Since we need a kernel or complete memory dump from a crash, it's necessary to install ESET again and reproduce the crash. Please check if you didn't enable scanning of network drives in the real-time protection setup; we recommend keeping it disabled not only because it can cause BSOD with the current version of ESET under certain circumstances.

Link to comment
Share on other sites

7 hours ago, Marcos said:

Since we need a kernel or complete memory dump from a crash, it's necessary to install ESET again and reproduce the crash. Please check if you didn't enable scanning of network drives in the real-time protection setup; we recommend keeping it disabled not only because it can cause BSOD with the current version of ESET under certain circumstances.

Settings were default, so if that option isn't on by default, it wasn't enabled. I'm trying to coordinate gaining access to the computer again (she's using it presently with the product uninstalled) and will collect the requested information when possible. 

Link to comment
Share on other sites

I've been experiencing this issue as well and am about to rebuild the affected PC.

Sorry Marcos but I don't have the time to get you guys any crash dumps, I have limited time to get this machine back up and running.

BSOD in eamon.sys, seems to happen on file access.  It persistently worsened throughout the day yesterday to the point that the machine was unuseable for the most part.

This is a Win10 box on 20H2, 9th gen i7, 8gb RAM, nvme ssd, domain enviro running the most current version of Endpoint Security.

It seems to have been caused by the emergency patch for the print spooler vulnerability.  Any time I tried uninstalling the update it would result in a BSOD.  Attempting to uninstall from ESMC/ERA/Protect/whatever its called today was resulting in a BSOD as well.  I was able to manually uninstall ESET locally on the box; it reported back correctly and then I ran an install task.  Everything completed without issue and I made it through the initial scan.  Handed the machine back over to the user and blammo - BSOD.

I did also before reinstalling ESET manage to get the update removed then reapplied through WSUS with all active components of ESET temporarily disabled and this did not remedy the problem either.

I'm going to go reimage that box now, i'm out of solutions for the limited time I have to deal with this.

Link to comment
Share on other sites

I'll add to the reports.  After updating windows with KB5004945 my system will run from 30 seconds to 3-4 minutes.  Trying to get anything done will result in a bug check "System Thread exception not handled"  .  This includes trying "System Restore" from within windows.  It's necessary to do it from the bluescreen troubleshooting window.

The address is listed as eamonm.sys +6200 as previously reported

Deleting the update via system restore removes the problem.  Re-installing the update caused the BSOD to repeat with the same eamonm.sys+6200 address.  Removing the update again restores normal behavior. 

I would submit to others that rebuilding the PC is not required unless there are no system restore points available.

I've paused updates until this issue is resolved.

Link to comment
Share on other sites

Attached is a minidump file from the last crash.  The full dump is about 1GB and I can't upload that one.

I renamed it to "<>.txt" as <>.dmp is not allowed (pretty silly since that's what you need).  You'll need to rename it to <>.dmp.

 

070821-10234-01.txt

Link to comment
Share on other sites

  • Administrators

Please upload the complete dump to a safe location (OneDrive, Dropbox, Wetransfer.com, etc.) and drop me a personal message with a download link.

Link to comment
Share on other sites

39 minutes ago, Marcos said:

Please upload the complete dump to a safe location (OneDrive, Dropbox, Wetransfer.com, etc.) and drop me a personal message with a download link.

Just sent you a PM with a link to the full DMP file from the remote workstation. 

Link to comment
Share on other sites

2 hours ago, mmsoar said:

I'll add to the reports.  After updating windows with KB5004945 my system will run from 30 seconds to 3-4 minutes.  Trying to get anything done will result in a bug check "System Thread exception not handled"  .  This includes trying "System Restore" from within windows.  It's necessary to do it from the bluescreen troubleshooting window.

The address is listed as eamonm.sys +6200 as previously reported

Deleting the update via system restore removes the problem.  Re-installing the update caused the BSOD to repeat with the same eamonm.sys+6200 address.  Removing the update again restores normal behavior. 

I would submit to others that rebuilding the PC is not required unless there are no system restore points available.

I've paused updates until this issue is resolved.

I can confirm that KB5004945 caused the Eamonn.sys bsod.  I uninstalled this update and the issue is gone.

Link to comment
Share on other sites

Just now, JoolzD said:

I think this is related to Windows update KB5004945.  Try uninstalling that and see if it fixes it.

Yes, I had another machine this AM crashing too, uninstalling the two updates from the 7th fixed the issue, so it appears to be an issue between one of those updates (listed in the OP) and EAV

Link to comment
Share on other sites

  • Administrators

Please provide one more memory dump, however, prior to reproducing the crash run the following as administrator and reboot the machine:
verifier /standard /driver eamonm.sys

After reproducing BSOD and rebooting the machine, run as administrator and reboot the machine:
verifier /reset

Compress the memory dump, upload it to a safe location and drop me a personal message with a download link.

If possible, check if you can reproduce the crash with consumer products EAV/EIS/ESSP v14.2.

Link to comment
Share on other sites

Marcos,

I did start a separate topic about this ...

 

 

Will PM you now the links to the "Complete Memory Dump" and "Eset Log Collector" files.

Link to comment
Share on other sites

  • Administrators
3 hours ago, Mwh65 said:

Will PM you now the links to the "Complete Memory Dump" and "Eset Log Collector" files.

In this case the crash is caused by HIPS. Does uninstalling the recent Printingnightmare Windows upates make a difference? Since no substantial changes have been made to HIPS for a long time developers assume the issue could be caused by the recent Windows updates.

Link to comment
Share on other sites

Just a FYI on this issue.

I am running Win 10 x(64) 21H1 on an old AMD Phenom 6 core system. I am using EIS ver. 14.2.19 and applied the KB5004945 patch and have no issues as a result of its installation. Of note is this is a BIOS vs. UEFI system.

This leads to the conclusion that the problem lies with Eset Endpoint versions. Odd since Eset Endpoint features are pretty much the same as the retail versions.

Link to comment
Share on other sites

Well at this point I've removed the Eset Endpoint Antivirus so the manager of the business can get his work done today without it causing a BSOD.

 

To confirm are you referring to the KB5004945 patch released by Microsoft?

Link to comment
Share on other sites

Of note; in my situation I had also identified KB5004945 as the culprit and attempted removal, however nearly every attempt was resulting in a BSOD as the uninstall neared completion until I finally managed to get it through somehow.

I then reapplied the update via WSUS which resulted in the BSOD's recurring.

This issue affected only one of ~50 identical machines.

Link to comment
Share on other sites

This appears to only be affecting version 8 of Eset Endpoint Security. The company manager is the only one with version 8 on it, the other 7 installations are running 7.3.2051.0 and none of them are having issues. Currently trying to convince the manager to let me get at his PC to try with version 7.3.2051.0

Link to comment
Share on other sites

  • Administrators
7 minutes ago, Mwh65 said:

This appears to only be affecting version 8 of Eset Endpoint Security. The company manager is the only one with version 8 on it, the other 7 installations are running 7.3.2051.0 and none of them are having issues. Currently trying to convince the manager to let me get at his PC to try with version 7.3.2051.0

Please try to get a new memory dump but run verifier as per my instructions above prior to reproducing the crash.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...