Jump to content

BSOD due to ESET v. 11.0.2044.0


Recommended Posts

We have two new Dell Optiplex 7010 machines with 13th-generation i5 chips.

Both machines have started (in the past few days) to experience BSODs, and when looking at Crash Dumps, both machines reference em006_64 as the problematic DLL - which is ESET-related.

Is anyone else seeing this issue or have any level of resolution to this?  Would a roll-back help?  

Link to comment
Share on other sites

  • Administrators

The dump will be probably quite big so you'd better compress it, upload it to a safe location (e.g. OneDrive, Dropbox, etc.) and drop me a private message with a download link.

Link to comment
Share on other sites

Yes, recently I have seen this on a new Dell Windows 11 Pro Latitude laptop, Dell Inspiron and OptiPlex PCs. Still no solution. Using ESET antivirus version 17.0.16.0

Link to comment
Share on other sites

  • Administrators
9 minutes ago, Durango747 said:

Yes, recently I have seen this on a new Dell Windows 11 Pro Latitude laptop, Dell Inspiron and OptiPlex PCs. Still no solution. Using ESET antivirus version 17.0.16.0

Please provide a kernel or better complete memory dump from a crash to determine the cause of the issue. The dumps provided by Cubex Group did not show ESET being the culprit but we're still analyzing them.

Link to comment
Share on other sites

On 4/18/2024 at 11:30 AM, Cubex Group said:

both machines reference em006_64 as the problematic DLL - which is ESET-related.

Em006_64.dll is Eset's anti-stealth; i.e. rootkit scanner, module. Makes sense this might be the source of Win blue screening.

As a temporary workaround, disable Eset anti-stealth option and see if that stops the blue screens.

-EDIT- Looks like Eset removed the ability to disable anti-stealth via GUI option in later versions.

Edited by itman
Link to comment
Share on other sites

  • Administrators
4 hours ago, Chas4 said:

@Marcos Is that an older version of the ESET software installed?

V11.0.2044 is the latest version of ESET Endpoint products for Windows.

4 hours ago, itman said:

-EDIT- Looks like Eset removed the ability to disable anti-stealth via GUI option in later versions.

Not really, it was a redundant setting controlling an obsolete way of hooking that was not supported on modern Windows systems anyways.

Link to comment
Share on other sites

13 hours ago, Durango747 said:

Yes, recently I have seen this on a new Dell Windows 11 Pro Latitude laptop, Dell Inspiron and OptiPlex PCs. Still no solution. Using ESET antivirus version 17.0.16.0

Try the current version 17.1.11.0 instead.

Link to comment
Share on other sites

11 hours ago, Marcos said:

V11.0.2044 is the latest version of ESET Endpoint products for Windows.

I asked as this was the home user versions, so I guess this was just in the wrong forum section

Link to comment
Share on other sites

  • 2 weeks later...

The same issue occurred on our colleagues' - Windows 11 PRO - PC

ESET Endpoint Antivirus 11.0.2044.0

 

PROCESS_NAME:  chrome.exe / Dell.TechHub.D / WmiPrvSE.exe / svchost.exe

SYMBOL_NAME:  em006_64+c28a

MODULE_NAME: em006_64

IMAGE_NAME:  em006_64.dll

BUCKET_ID_FUNC_OFFSET:  c28a

FAILURE_BUCKET_ID:  AV_em006_64!unknown_function

Link to comment
Share on other sites

  • Administrators
25 minutes ago, SBHK-IT said:

The same issue occurred on our colleagues' - Windows 11 PRO - PC

ESET Endpoint Antivirus 11.0.2044.0

 

PROCESS_NAME:  chrome.exe / Dell.TechHub.D / WmiPrvSE.exe / svchost.exe

SYMBOL_NAME:  em006_64+c28a

MODULE_NAME: em006_64

IMAGE_NAME:  em006_64.dll

BUCKET_ID_FUNC_OFFSET:  c28a

FAILURE_BUCKET_ID:  AV_em006_64!unknown_function

That doesn't necessarily mean that the crash was caused by ESET. Please provide a kernel or complete memory crash dump as requested above.

Link to comment
Share on other sites

  • Administrators

Unfortunately those are just minidumps. Please configure Windows to generate kernel dumps as per https://support.eset.com/en/kb380 and reproduce the crash. Then provide the kernel crash dump as well as logs collected with ESET Log Collector.

Does the crash occur also with C:\Windows\System32\drivers\DellBV.sys renamed in safe mode?

 

Link to comment
Share on other sites

I also have a similar problem. The em006_64.dll file generates a BSOD.
Operating System: Windows 11 Pro 23H2
OS Build 22631.3447
Features Windows Feature Experience Pack 1000.22688.1000.0
ESET Internet Security 17.1.11.0

Link to comment
Share on other sites

  • Administrators
22 minutes ago, Conrad71 said:

I also have a similar problem. The em006_64.dll file generates a BSOD.
Operating System: Windows 11 Pro 23H2
OS Build 22631.3447
Features Windows Feature Experience Pack 1000.22688.1000.0
ESET Internet Security 17.1.11.0

That doesn't mean ESET was the culprit. Please configure Windows to generate kernel or complete memory dumps as per https://support.eset.com/en/kb380. Then reboot the machine, reproduce the crash and provide the generated dump in a compressed form for perusal.

Link to comment
Share on other sites

  • Administrators

Unfortunately this is just a minidump which won't help in determining the culprit of BSOD. Please configure Windows to generate kernel or complete memory dumps prior to reproducing the crash.

Link to comment
Share on other sites

Unfortunately, I was wrong... It was working for a day and since today's morning  it all comes back to us. Fresh windbg short report attached.

I am testing right now another option for this specific devices - BIOS update to 1.14 from 2 days back. Will get back to you and let you know after some test period.

dbg-log.txt

EDIT: Anything deeper, like BIOS update, disk firmware update, some program install - makes BSOD. This Antistealth module must be in conflict with Windows 11 PRO (even with latest Windows Update) on this specific Dell device. I've got more computers which are working fine...

Edited by Pan Bambaryla
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...