Jump to content

ESET Smart Security causing false 0x00000124 BSODs?


Recommended Posts

The fact that BSOD occurs with ESET installed doesn't necessarily mean that ESET is the culprit. We know of a handsome of Microsoft bugs that cause crash when properly designed ESET's drivers are loaded. Microsoft has already addressed several such issues. Let's refrain from making conclusions before the issue is thoroughly investigated by ESET's engineers and the actual culprit is found.

 

Do you have software from Gigabyte installed?

ESET is the buggy software. I have the same Blue Screens and haven't updated Windows in weeks, and it started yesterday after ESET Virus Defs updated-

After 2 hours on the phone with ESET this morning they said it's an ESET module or Virus update from ESET-

Let's not be so quick to bplay the blame game and point the finger at Microsoft-

Link to comment
Share on other sites

Blue Screens with ESET are happening presently not only with Gigabyte boards, but with ASUS boards too, just peruse the forums ar overclock.net...an ESET issue, on Gigabyte and ASUS boards, and who knows what other boards-

It's an ESET problem-

Link to comment
Share on other sites

  • Administrators

ESET is the buggy software. I have the same Blue Screens and haven't updated Windows in weeks, and it started yesterday after ESET Virus Defs updated-

 

With all due respect, I must fully disagree with this statement. ESET's products are reliable, have to pass in-depth QA pre-release tests and users have always been satisfied with top-notch products that ESET has delivered.

 

After 2 hours on the phone with ESET this morning they said it's an ESET module or Virus update from ESET.

This information is misleading and was probably provided by a local support personnel who didn't know anything about the actual cause of the issue. ESET hasn't released any faulty module or update that could cause BSOD. Also the fact that dumps showed hardware failure suggests that ESET cannot be the culprit as ESET's drivers cannot cause hardware failures.

 

It's an ESET problem

Again, I must disagree. We have analyzed the dumps provided and they do not show ESET being the culprit. We are going to contact the makers of the problematic software and offer them our assistance in pinpointing the problematic code in their software that has been triggering BSOD on certain systems.
Link to comment
Share on other sites

I have this strange behavior since yesterday. Win7 Ultimate 64bit, Asus Mainboard. System freezes after 3-5 Minutes without a crash. Deinstalling Asus AI Suite doesn't help. Installed Win 8.1 Pro, same problem. Without ESET the System runs rock solid.

Link to comment
Share on other sites

Anyone that automaticaly installs drivers is out of their minds. Disable those programs. That includes Windows Update.

Drivers that are usually safe are video and nic.

Edited by ken1943
Link to comment
Share on other sites

Having this same issue.  I hope this gets worked out because I use the App Center as a software fan controller and have been pretty happy with it.

Link to comment
Share on other sites

  • Administrators

Having this same issue.  I hope this gets worked out because I use the App Center as a software fan controller and have been pretty happy with it.

 

First you could try updating APP Center to the latest version to see if the problem persist. If so, try uninstalling it and replacing it with SpeedFan or another application for controlling fans until the maker of the application fixes it. As wrote above, we're going to contact them and will be happy to assist them with pinpointing the problematic code.

Link to comment
Share on other sites

I have this strange behavior since yesterday. Win7 Ultimate 64bit, Asus Mainboard. System freezes after 3-5 Minutes without a crash. Deinstalling Asus AI Suite doesn't help. Installed Win 8.1 Pro, same problem. Without ESET the System runs rock solid.

 

I bet it's a Z97 chipset board.  I had this problem as well.  Here's a solution I posted in the NOD32 forum:

 

 

Update:

 

After uninstalling NOD32 AV, I tried installing BitDefender.  BSOD, same error:

 

Stop 0x00000101 "A clock interrupt was not received on a secondary processor within the allocated time interval"

 

So, this made me curious and I decided to update my AI Suite software (as per Marcos' suggestion.)  The newer version from Feb 2015 got halfway through and blew up on the USB driver install - BSOD again, this time a different error that disappeared too quickly for me to see it. Booted to Safe Mode, windows logs were not helpful so I tried rebooting to Normal mode.  BSOD again, this time showing "asmtxhci.sys" as the culprit.  Back to Safe Mode and looked it up - it's the Asmedia USB driver.  As I couldn't get back to normal mode because of insta-BSOD on login, I ran a system restore to before the AI Suite installation.  That worked and I got my desktop back.  So I download the latest driver for Asmedia USB (v116230) install it without issue, then try installing the AI Suite again.  This time, no crash, no problem.

 

I tried again to reinstall BitDefender.  No problem, installed fine.  Uninstalled it and tried to reinstall ESET NOD32 AV.  It fails but because it didn't uninstally properly, so I get the uninstaller app and deal with that.  Reboot again and install NOD32 AV without issue.

 

30 minutes and so far so good.

 

I hope this is helpful.

Edited by grinr
Link to comment
Share on other sites

Also having same issue with several customers but they do not have Gigabyte App Center type software or unnec drivers. 

Problem: After logging into user account, with ESET Smart Security fully enabled the system will BSOD or hard lockup. 

Steps Taken: 

1. Uninstalled ESS in SafeMode. 

2. Installed ESS and selected "Activate Later" to bypass VSD and module updates. 

3. System ran fine with no BSOD or lockup. 

4. Activated and updated ESET and system ran fine. 

5. Rebooted and system BSOD. 

6. Booted to safemode and navigated to system32\drivers and renamed ehdrv.sys to .old and rebooted system. 

7. System is fine with : HIPS, Self Defense, Advanced Memory Scanner, and Exploit blocker disabled. 

 

It appears that after the activation of ESS which updated the HIPS module the system BSOD's. Not sure how to narrow down which specific option in HIPS may be causing it because after EHDRV.sys is renamed the only option that appears in advanced setup IS HIPS. HIPS shows its enabled in adv setup but the MAIN setup windows does show disabled with RED dot on HIPS. 

Link to comment
Share on other sites

  • Administrators

It appears that after the activation of ESS which updated the HIPS module the system BSOD's. Not sure how to narrow down which specific option in HIPS may be causing it because after EHDRV.sys is renamed the only option that appears in advanced setup IS HIPS. HIPS shows its enabled in adv setup but the MAIN setup windows does show disabled with RED dot on HIPS. 

 

Let's try temporarily disabling Advanced memory scanner to confirm that it helps. Of course, it wouldn't mean that AMS is responsible for the crash as it basically dumps a process running in memory and reading other process' memory is a standard operation that cannot cause issues.

Link to comment
Share on other sites

Hello, I have same issue, using AppCentre, ESS 8, Intel I5-4460, started BSODing at monday. Safe mode runs OK, deleting ekrn.exe (first thing that came to my mind after I found it in minidump) did solve the issue. Reinstall of ESET helped for about an hour, then the story repeats, today I will try to uninstall AppCentre.
 

BUGCHECK_STR:  0x124_GenuineIntel
 
CUSTOMER_CRASH_COUNT:  1
 
DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT
 
PROCESS_NAME:  ekrn.exe
Link to comment
Share on other sites

  • Administrators

Our investigation revealed that it's possible to crash the operating system using legitimate API functions to read other process' memory when problematic software is installed. We have implemented an experimental workaround which is included in the Antivirus and antispyware protection module 1461 that has been put on pre-release update servers. Please switch to pre-release updates so that the new version of the module is installed and try to reproduce the crash. We look forward to hearing about your findings.

Link to comment
Share on other sites

Hi Marcos,

On my Windows 7 64 bit machine, in "System Configuration", I can not have ESET start.  I turn on ESET, hit apply, and the change is rejected.  I tell it to start normally, hit apply, and the change is rejected.  I went to services and tried to start the ESET service and I got "Access is denied.".  When I go to the start menu and run ESET, I get a message about not being able to communicate with the kernel.  How do I restart ESET and change the update option and update the computer, while avoiding the BSOD?

--Thanks,

--Robert

Link to comment
Share on other sites

  • Administrators

On my Windows 7 64 bit machine, in "System Configuration", I can not have ESET start.  I turn on ESET, hit apply, and the change is rejected.  I tell it to start normally, hit apply, and the change is rejected.  I went to services and tried to start the ESET service and I got "Access is denied.".  When I go to the start menu and run ESET, I get a message about not being able to communicate with the kernel.  How do I restart ESET and change the update option and update the computer, while avoiding the BSOD?

 

Does following this advice resolve the issue?

Link to comment
Share on other sites

Our investigation revealed that it's possible to crash the operating system using legitimate API functions to read other process' memory when problematic software is installed. We have implemented an experimental workaround which is included in the Antivirus and antispyware protection module 1461 that has been put on pre-release update servers. Please switch to pre-release updates so that the new version of the module is installed and try to reproduce the crash. We look forward to hearing about your findings.

OMG....I can't tell how frustrating I am, I have this 0x00000124 BSODs problem two days ago, my computer keep randomly BSOD, first I though it is a hardware problem and took me two days try to solve it.

Until, I notice every time I got a BSOD, NOD32 give a notice for updating the database and I can finally confirm it is the NOD32 give me this BSOD as I manually update the database and BSOD comes up, then I start to find any forum that talks about nod32 BSOD problem....

And your solution work! I reinstall the whole software, change it to update the pre-release version and cross my finger as I hit the update buttom and no BSOD after update

I really hope you guys can do better with the software, have a computer that BSOD every 1 hour is really frustrating.....but, thanks for the solution after all, at least my computer went normal again

(and I am sorry for my English too, it is not my first language)  

Link to comment
Share on other sites

@Marcos

I got the same problem with a Gigabyte mainboard Z97 running Win 7 SP1 Pro, fully patched Win, drivers and latest bios . Without starting the ESET Service, the system runs fine. However, starting the service kills the system with a 0x124 BSOD..

How do i enable pre-release update servers without the service?

Any other solution than reinstalling ESET NOD32?

Link to comment
Share on other sites

Our investigation revealed that it's possible to crash the operating system using legitimate API functions to read other process' memory when problematic software is installed. We have implemented an experimental workaround which is included in the Antivirus and antispyware protection module 1461 that has been put on pre-release update servers. Please switch to pre-release updates so that the new version of the module is installed and try to reproduce the crash. We look forward to hearing about your findings.

Hello, Marcos. The only way I can access the ESET GUI is by renaming ehdrv in safemode and then rebooting. If I rename that file and then go into normal mode and do pre-release updates will it not update that module since I renamed the ehdrv which disabled HIPS?

Link to comment
Share on other sites

NOPE, sorry, my computer went crazy again, after being normal for about four hour, because before I do the pre-release update, my computer can't run normally for more than one hour without BSOD, but 0x00000124 BSOD happen again, I am now uninstall the ESS and see my computer will went crazy or not.... :(

Link to comment
Share on other sites

  • Administrators

Did Pre-Release updates and still having same issue with BSOD.

 

Could you please upload a new memory dump from BSOD and drop me a pm with a download link?

Link to comment
Share on other sites

I have had a similar problem.  BSOD repeating every few minutes.  I really don't have time to deal with this.  I followed the instructions on ESET and manually removed, then re-installed ESET NOD 32 but it didn't help.  I did another uninstall and I'm running on MSE right now. (Which I don't feel too comfortable with.)  I also used the eset tool to scan for a zero day virus but it turned out negative.

 

I hope this problem get's resolved soon because I really want to re-install ESET.  I also hope that ESET will notify users when it's safe to re-install.

 

There has not been a problem with my Dell Inspiron running W8.1.

 

Link to comment
Share on other sites

  • Administrators

We have likely found the cause of the issue in software that directly accesses hardware ports and does mapping in a way that we think is not correct and also according to Microsoft in scenarios when also another driver does mapping in a recommended way this may lead to unpredictable system results. We have made a workaround in Antivirus and antispyware protection module 1162 (currently available on pre-release servers and for all v9 beta users) to prevent this from happening when such drivers are installed.

 

Please confirm or deny that the issue is fixed with Antivirus and antispyware protection module 1162.

 

Should the problem persist, please supply us with a new memory dump (compress it before uploading). Also carry out the following test, if possible:

- uninstall v8 and restart the computer

- install v8 but don't activate / update it

- disabled Advanced memory scanner in the advanced setup -> HIPS

- restart the computer

- update v8

- let us know if disabling AMS solves the issue.

Link to comment
Share on other sites

@Marcos

 

I have just applied your suggested steps and i can confirm that everything is working now. Even after a few reboots, the system does no longer boot in a BSOD

Link to comment
Share on other sites

  • Administrators

@Marcos

 

I have just applied your suggested steps and i can confirm that everything is working now. Even after a few reboots, the system does no longer boot in a BSOD

 

Great to hear that :) Was it just the new module that helped or you disabled Advanced memory scanner as well? If it works without disabling AMS, that would be great.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...