zer0g 0 Posted June 25, 2015 Posted June 25, 2015 (edited) I disabled AMS and loaded the new module... I can't mess around with the system any longer, becaue my clients need to work with it. Edited June 25, 2015 by zer0g
ronnie.barker 0 Posted June 25, 2015 Posted June 25, 2015 We have likely found the cause of the issue in software that directly accesses hardware ports and does mapping in a way that we think is not correct and also according to Microsoft in scenarios when also another driver does mapping in a recommended way this may lead to unpredictable system results. We have made a workaround in Antivirus and antispyware protection module 1162 (currently available on pre-release servers and for all v9 beta users) to prevent this from happening when such drivers are installed. Please confirm or deny that the issue is fixed with Antivirus and antispyware protection module 1462. Should the problem persist, please supply us with a new memory dump (compress it before uploading). Also carry out the following test, if possible: - uninstall v8 and restart the computer - install v8 but don't activate / update it - disabled Advanced memory scanner in the advanced setup -> HIPS - restart the computer - update v8 - let us know if disabling AMS solves the issue. Marco, That number doesn't seem to make sense with any updates I am seeing - how does one get "Antivirus and antispyware protection module 1162"? Ronnie
Administrators Marcos 5,460 Posted June 25, 2015 Administrators Posted June 25, 2015 That number doesn't seem to make sense with any updates I am seeing - how does one get "Antivirus and antispyware protection module 1162"? Sorry, I made a typo. The correct module version is 1462.
Administrators Marcos 5,460 Posted June 25, 2015 Administrators Posted June 25, 2015 I disabled AMS and loaded the new module... I can't mess around with the system any longer, becaue my clients need to work with it. AMS is a crucial protection layer and should always be kept enabled. All I wanted is somebody with spare time for testing to uninstall v8, install it from scratch without activating it and downloading updates, and then disable AMS to see if it makes a difference.
fanstein 0 Posted June 25, 2015 Posted June 25, 2015 (edited) I disabled AMS and loaded the new module... I can't mess around with the system any longer, becaue my clients need to work with it. AMS is a crucial protection layer and should always be kept enabled. All I wanted is somebody with spare time for testing to uninstall v8, install it from scratch without activating it and downloading updates, and then disable AMS to see if it makes a difference. Do you mean the updates of regular update or pre-release? Edited June 25, 2015 by fanstein
Administrators Marcos 5,460 Posted June 25, 2015 Administrators Posted June 25, 2015 Do you mean the updates of regular update or pre-release? Antivirus and antispyware module 1462 that contains a workaround for what we think causes BSOD is currently available on pre-release servers only. If we get no reports of BSODs with it, we will start pushing it gradually to regular update servers soon.
fanstein 0 Posted June 25, 2015 Posted June 25, 2015 Do you mean the updates of regular update or pre-release? Antivirus and antispyware module 1462 that contains a workaround for what we think causes BSOD is currently available on pre-release servers only. If we get no reports of BSODs with it, we will start pushing it gradually to regular update servers soon. I did all the case, 1. regular update + no AMS = no BSOD 2. regular update + AMS = as long as I enable it and press OK, BSOD LOL, and I can't get to desktop any more, have to uninstall it in safe mode 3.pre-release + AMS = no BSOD when I press OK at setting and so far no BSOD I will let you know if I got 0x00000124 again
Administrators Marcos 5,460 Posted June 25, 2015 Administrators Posted June 25, 2015 We have published a KB article about this issue: hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3740.
Abrad 0 Posted June 26, 2015 Posted June 26, 2015 This issue has been occuring for me for the past 3 days - I've an Asus Z87-Pro board with Windows 7 Pro SP1 and AI Suite 3 running. While I have had several BSODs, mainly my system just freezes totally within 5 minutes of boot. My system had been up and down using hibernation for approx 10 days without full reboot prior to this. Like other users, Eset had been running without problems in this machine for 18 months. I've disabled all new Windows GWX components from within the Task Scheduler and disabled all CEIP tasks to see if any MS X10 changes have impacted but crashes continued to occur. Following the instructions from Marcos, I've uninstalled Eset, re-installed with 'Activate Later', enabled pre-release updates, disabled HIPS and AMS. Then I activated to receive updates, verified from the Help->About Smart Security 8 that the module was version 1462. Rebooted and system froze within 5 minutes. I'm back to square 1 with Eset disabled from Msconfig...
tmuster2k 22 Posted June 26, 2015 Posted June 26, 2015 This issue has been occuring for me for the past 3 days - I've an Asus Z87-Pro board with Windows 7 Pro SP1 and AI Suite 3 running. While I have had several BSODs, mainly my system just freezes totally within 5 minutes of boot. My system had been up and down using hibernation for approx 10 days without full reboot prior to this. Like other users, Eset had been running without problems in this machine for 18 months. I've disabled all new Windows GWX components from within the Task Scheduler and disabled all CEIP tasks to see if any MS X10 changes have impacted but crashes continued to occur. Following the instructions from Marcos, I've uninstalled Eset, re-installed with 'Activate Later', enabled pre-release updates, disabled HIPS and AMS. Then I activated to receive updates, verified from the Help->About Smart Security 8 that the module was version 1462. Rebooted and system froze within 5 minutes. I'm back to square 1 with Eset disabled from Msconfig... Having the same issue with multiple customers. Also went through all the steps to get Pre-Release updates and unchecked "AMS". Was ok until reboot and crashes within 4minutes. Only way I can have these systems up and running with ESET is to rename ehdrv.sys to .old and leave the whole HIPS module disabled.
Administrators Marcos 5,460 Posted June 26, 2015 Administrators Posted June 26, 2015 Please supply us with fresh memory dumps if you encounter BSOD with Antivirus and antispyware module 1462 installed. If you have one ready, compress it, upload it to a safe location and pm me the download link.
itman 1,805 Posted June 26, 2015 Posted June 26, 2015 (edited) Here is something to check out on this issue. Windows Updates for June offered an Intel microcode optional update: https://support.microsoft.com/en-us/kb/3064209 . It was dated 6/19/2015. Most of the posts on these BSODs started after that date. Would be curious to see if people having issues with Eset SS or NOD32 have installed this update. -EDIT- Known problems with this update: hxxp://www.sevenforums.com/windows-updates-activation/373250-recent-windows-update-kb3064209-causes-windows-7-not-boot.html Edited June 26, 2015 by itman
tmuster2k 22 Posted June 26, 2015 Posted June 26, 2015 Please supply us with fresh memory dumps if you encounter BSOD with Antivirus and antispyware module 1462 installed. If you have one ready, compress it, upload it to a safe location and pm me the download link. Since some of these other systems are not BSOD but just locking up there is no memory dump being placed in the root of C. Would we follow the steps outlined in : hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN380&actp=search&viewlocale=en_US&searchid=1435331385212 to create a manual memory dump. We would do the CTRL and SCROLL lock after user login before freeze?
Abrad 0 Posted June 26, 2015 Posted June 26, 2015 @Marcos As I am experiencing freezes/lockups as opposed to BSODs, I don't think I have any memory dumps to forward. If you think a manual memory dump (a couple of minutes after boot, say) would be useful, let me know and I'll try to schedule. WRT to windows updates, these were the last updates installed: Description FixComments HotFixID InstallDate InstalledBy InstalledOn Name ServicePackInEffect Status Update KB2952664 NT AUTHORITY\SYSTEM 6/22/2015 Security Update KB3033890 NT AUTHORITY\SYSTEM 6/22/2015 Update KB3054476 NT AUTHORITY\SYSTEM 6/22/2015 Security Update KB3057839 NT AUTHORITY\SYSTEM 6/22/2015 Security Update KB3058515 NT AUTHORITY\SYSTEM 6/22/2015 Security Update KB3059317 NT AUTHORITY\SYSTEM 6/22/2015 Update KB3068708 NT AUTHORITY\SYSTEM 6/22/2015 Failed Update:Security Update for Windows 7 for x64-based Systems (KB3063858)Installation date: 22/06/2015 15:30Installation status: FailedError details: Code 8024200DUpdate type: Important I've installed the hotfix for failed patch above (kb947821) so my system should be fully updated. Prior to this, the last Windows update (excluding Defender definitions) was May 21.
SwansonAssoc 0 Posted June 26, 2015 Posted June 26, 2015 Hi Marcos, I have AntiVirus on a Gigabyte motherboard and have the App Center installed. I renamed the Program Files/ESET folder in safe mode, restarted in normal mode, renamed the ESET folder back to the original name, uninstalled, restarted, reinstalled, restarted, changed to the pre-release updates and updated, and restarted to test. Everything worked well. I also ran a smart scan last night and it worked well. I never did turn of the advanced memory scan. --Thanks,--Robert
Administrators Marcos 5,460 Posted June 26, 2015 Administrators Posted June 26, 2015 Please let me know if anybody with a Gigabyte motherboard is still having issues despite having the latest Antivirus and antispyware module 1462 installed. I've just successfully reproduced BSOD with such MB upon launching System Information Viewer, however, after updating from pre-release servers I was unable to reproduce the crash any more. So it seems that the latest module solves the issues with Gigabyte motherboards at least. If you experience freezes, please generate a complete memory dump manually. When done, compress it, upload it to a safe location and pm me the download link. We highly appreciate your willingness to co-operate with us on this matter which will hopefully bear its fruit soon as we hope.
tmuster2k 22 Posted June 26, 2015 Posted June 26, 2015 Please let me know if anybody with a Gigabyte motherboard is still having issues despite having the latest Antivirus and antispyware module 1462 installed. I've just successfully reproduced BSOD with such MB upon launching System Information Viewer, however, after updating from pre-release servers I was unable to reproduce the crash any more. So it seems that the latest module solves the issues with Gigabyte motherboards at least. If you experience freezes, please generate a complete memory dump manually. When done, compress it, upload it to a safe location and pm me the download link. We highly appreciate your willingness to co-operate with us on this matter which will hopefully bear its fruit soon as we hope. The manual memory dump is not working. I do the RIGHT CONTROL and SCROLL lock after making key in reg and doesn't do anything.
Henduluin 1 Posted June 26, 2015 Author Posted June 26, 2015 (edited) Sorry about the delay on my part, I've been rather busy. Just tried installing the 1462 module and re-installing the Gigabyte App Center. No BSOD on boot, so there's definitely progress there. I'll keep both installed for now and see if it holds up over the weekend. Here is something to check out on this issue. Windows Updates for June offered an Intel microcode optional update: https://support.microsoft.com/en-us/kb/3064209 . It was dated 6/19/2015. Most of the posts on these BSODs started after that date. Would be curious to see if people having issues with Eset SS or NOD32 have installed this update. Just cheked, I personally do not have that installed, so at least for me that wasn't the culprit.*Update* So, my PC has been running for a good 14 hours now with the 1462 module installed together with the gigabyte app center, and everything works smoothly. No BSODs, no performance issues, just smooth sailing all the way. So the problem seems fixed. Edited June 27, 2015 by Henduluin
Ohwellian 0 Posted June 28, 2015 Posted June 28, 2015 Hi, Having the same issue with 8.0.312.0 Pre-Release update 1462. Motherboard is a ASUS Z87 Sabertooth. All Windows Critical, Important and optional updates installed. System freezes without a BSOD, but freezes keyboard and mouse inputs. No indicators of compromise using multiple scanners, Malwarebytes, TDSKiller, ESET Rescue, etc. Uninstalled ESET and system runs fine. I am now scanning with Loki for IOC's. I plan to upload a BSOD dump after the loki scan completes. I will keep you posted. Thanks to all for the help so far.
fanstein 0 Posted June 28, 2015 Posted June 28, 2015 After a few days of use, no BSOD anymore with update 11857P, for the record, I am using Gigabyte G1.Sniper Z87 motherborad, thank you Marcos.
pizzly 0 Posted June 29, 2015 Posted June 29, 2015 (edited) I uninstalled the Gigabyte APP Center a couple days ago and running ESET Smart Security without Blue Screens- Is it safe to download the latest ESET SS and re-install the Gigabyte APP Center yet? Edited June 29, 2015 by pizzly
Ohwellian 0 Posted July 2, 2015 Posted July 2, 2015 Hi, I have returned and have explored the system and found that no Minidump file were created since 11/2014. Attempting to determine why. Boot Drive is SSD settings for BSOD dump are in effect. So I don't have BSOD dump. I do have a DM Log Collector Zip File. Size=4.2Mb. I have not reinstalled ESET Smart Security 8. I am running Lastest Updated Windows Defender and MS Firewall and a fully licensed and updated Malwarebytes Premium. Ohwellian-BSOD_ESET.zip
Ohwellian 0 Posted July 2, 2015 Posted July 2, 2015 Hi, I have returned and have explored the system and found that no Minidump file were created since 11/2014. 2nd File. I hope this can be attached below. msinfo32-Ohwellian.zip
Ohwellian 0 Posted July 3, 2015 Posted July 3, 2015 Thanks to the folks with the Gigabyte MoBo App Center Products and MoBo'sHi,I persisted with fixing this myself from the "Man" knows better than "Machine" standpoint. I took a lesson from Pizzly and Fanstein. Uninstalled the following: ASUS Sabertooth Z87 Apps. -- Removal completed successfully.AI Suite III, ASUS Product Register Program, ASUS Product Register Program, Asus Fan Control Service, Asus WebStorage Windows ServiceI reinstalled ESET 2014 from the CD with the downloaded update that gets Smart Security 8.0.312, AV Signature is 11881 (20150702) 6:15 PM (MST-7)I am running on ESET 8.0.312, So far all is well.As far as I can surmise something killed the Win8.1 of making BSOD dumps and also rendered the system incapable of running an ESET startup scan. 11/2014.The ASUS geo-location of code writers manufacturers with malware are suspect.Oh Well. Now more scans are needed and I do need the FAN Control back.Need to find out why dumps did not occur too,
larssmith 0 Posted July 3, 2015 Posted July 3, 2015 I was having this problem as well -- but installing KB2664888-v2 fixed the problem. Win 7 x64 Gigabyte G1.Sniper.H6 I do have Gigabyte App Center installed
Recommended Posts