Jump to content

ESET Smart Security causing false 0x00000124 BSODs?


Recommended Posts

  • Replies 112
  • Created
  • Last Reply

We have likely found the cause of the issue in software that directly accesses hardware ports and does mapping in a way that we think is not correct and also according to Microsoft in scenarios when also another driver does mapping in a recommended way this may lead to unpredictable system results. We have made a workaround in Antivirus and antispyware protection module 1162 (currently available on pre-release servers and for all v9 beta users) to prevent this from happening when such drivers are installed.

 

Please confirm or deny that the issue is fixed with Antivirus and antispyware protection module 1462.

 

Should the problem persist, please supply us with a new memory dump (compress it before uploading). Also carry out the following test, if possible:

- uninstall v8 and restart the computer

- install v8 but don't activate / update it

- disabled Advanced memory scanner in the advanced setup -> HIPS

- restart the computer

- update v8

- let us know if disabling AMS solves the issue.

 

Marco,

 

That number doesn't seem to make sense with any updates I am seeing - how does one get "Antivirus and antispyware protection module 1162"?

 

Ronnie

Link to post
Share on other sites
  • Administrators
That number doesn't seem to make sense with any updates I am seeing - how does one get "Antivirus and antispyware protection module 1162"?

 

Sorry, I made a typo. The correct module version is 1462.

Link to post
Share on other sites
  • Administrators

I disabled AMS and loaded the new module... I can't mess around with the system any longer, becaue my clients need to work with it.

 

AMS is a crucial protection layer and should always be kept enabled. All I wanted is somebody with spare time for testing to uninstall v8, install it from scratch without activating it and downloading updates, and then disable AMS to see if it makes a difference.

Link to post
Share on other sites

 

I disabled AMS and loaded the new module... I can't mess around with the system any longer, becaue my clients need to work with it.

 

AMS is a crucial protection layer and should always be kept enabled. All I wanted is somebody with spare time for testing to uninstall v8, install it from scratch without activating it and downloading updates, and then disable AMS to see if it makes a difference.

 

Do you mean the updates of regular update or pre-release?

Link to post
Share on other sites
  • Administrators

Do you mean the updates of regular update or pre-release?

 

Antivirus and antispyware module 1462 that contains a workaround for what we think causes BSOD is currently available on pre-release servers only. If we get no reports of BSODs with it, we will start pushing it gradually to regular update servers soon.

Link to post
Share on other sites

 

Do you mean the updates of regular update or pre-release?

 

Antivirus and antispyware module 1462 that contains a workaround for what we think causes BSOD is currently available on pre-release servers only. If we get no reports of BSODs with it, we will start pushing it gradually to regular update servers soon.

 

I did all the case, 

1. regular update + no AMS = no BSOD 

2. regular update + AMS = as long as I enable it and press OK, BSOD LOL, and I can't get to desktop any more, have to uninstall it in safe mode

3.pre-release + AMS = no BSOD when I press OK at setting and so far no BSOD

 

I will let you know if I got 0x00000124 again

Link to post
Share on other sites

This issue has been occuring for me for the past 3 days - I've an Asus Z87-Pro board with Windows 7 Pro SP1 and AI Suite 3 running. While I have had several BSODs, mainly my system just freezes totally within 5 minutes of boot. My system had been up and down using hibernation for approx 10 days without full reboot prior to this. Like other users, Eset had been running without problems in this machine for 18 months.

 

I've disabled all new Windows GWX  components from within the Task Scheduler and disabled all CEIP tasks to see if any MS X10 changes have impacted but crashes continued to occur.

 

Following the instructions from Marcos, I've uninstalled Eset, re-installed with 'Activate Later', enabled pre-release updates, disabled HIPS and AMS. Then I activated to receive updates, verified from the Help->About Smart Security 8 that the module was version 1462.

 

Rebooted and system froze within 5 minutes. I'm back to square 1 with Eset disabled from Msconfig...

Link to post
Share on other sites

This issue has been occuring for me for the past 3 days - I've an Asus Z87-Pro board with Windows 7 Pro SP1 and AI Suite 3 running. While I have had several BSODs, mainly my system just freezes totally within 5 minutes of boot. My system had been up and down using hibernation for approx 10 days without full reboot prior to this. Like other users, Eset had been running without problems in this machine for 18 months.

 

I've disabled all new Windows GWX  components from within the Task Scheduler and disabled all CEIP tasks to see if any MS X10 changes have impacted but crashes continued to occur.

 

Following the instructions from Marcos, I've uninstalled Eset, re-installed with 'Activate Later', enabled pre-release updates, disabled HIPS and AMS. Then I activated to receive updates, verified from the Help->About Smart Security 8 that the module was version 1462.

 

Rebooted and system froze within 5 minutes. I'm back to square 1 with Eset disabled from Msconfig...

Having the same issue with multiple customers. Also went through all the steps to get Pre-Release updates and unchecked "AMS". Was ok until reboot and crashes within 4minutes. Only way I can have these systems up and running with ESET is to rename ehdrv.sys to .old and leave the whole HIPS module disabled. 

Link to post
Share on other sites
  • Administrators

Please supply us with fresh memory dumps if you encounter BSOD with Antivirus and antispyware module 1462 installed. If you have one ready, compress it, upload it to a safe location and pm me the download link.

Link to post
Share on other sites

Here is something to check out on this issue.

 

Windows Updates for June offered an Intel microcode optional update: https://support.microsoft.com/en-us/kb/3064209 . It was dated 6/19/2015. Most of the posts on these BSODs started after that date. Would be curious to see if people having issues with Eset SS or NOD32 have installed this update.

 

-EDIT- Known problems with this update: hxxp://www.sevenforums.com/windows-updates-activation/373250-recent-windows-update-kb3064209-causes-windows-7-not-boot.html

Link to post
Share on other sites

Please supply us with fresh memory dumps if you encounter BSOD with Antivirus and antispyware module 1462 installed. If you have one ready, compress it, upload it to a safe location and pm me the download link.

Since some of these other systems are not BSOD but just locking up there is no memory dump being placed in the root of C. Would we follow the steps outlined in :   hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN380&actp=search&viewlocale=en_US&searchid=1435331385212      to create a manual memory dump. We would do the CTRL and SCROLL lock after user login before freeze?  

Link to post
Share on other sites

@Marcos

As I am experiencing freezes/lockups as opposed to BSODs, I don't think I have any memory dumps to forward. If you think a manual memory dump (a couple of minutes after boot, say) would be useful, let me know and I'll try to schedule.

 

WRT to windows updates, these were the last updates installed:

Description      FixComments  HotFixID   InstallDate  InstalledBy            InstalledOn  Name  ServicePackInEffect  Status 
Update                        KB2952664               NT AUTHORITY\SYSTEM    6/22/2015                                      
Security Update               KB3033890               NT AUTHORITY\SYSTEM    6/22/2015                                      
Update                        KB3054476               NT AUTHORITY\SYSTEM    6/22/2015                                      
Security Update               KB3057839               NT AUTHORITY\SYSTEM    6/22/2015                                      
Security Update               KB3058515               NT AUTHORITY\SYSTEM    6/22/2015                                      
Security Update               KB3059317               NT AUTHORITY\SYSTEM    6/22/2015                                      
Update                        KB3068708               NT AUTHORITY\SYSTEM    6/22/2015                                      

Failed Update:
Security Update for Windows 7 for x64-based Systems (KB3063858)
Installation date: ‎22/‎06/‎2015 15:30
Installation status: Failed
Error details: Code 8024200D
Update type: Important

 

I've installed the hotfix for failed patch above (kb947821) so my system should be fully updated.

 

Prior to this, the last Windows update (excluding Defender definitions) was May 21.

Link to post
Share on other sites

Hi Marcos,

 

I have AntiVirus on a Gigabyte motherboard and have the App Center installed.

 

I renamed the Program Files/ESET folder in safe mode, restarted in normal mode, renamed the ESET folder back to the original name, uninstalled, restarted, reinstalled, restarted, changed to the pre-release updates and updated, and restarted to test.  Everything worked well.  I also ran a smart scan last night and it worked well.  I never did turn of the advanced memory scan.

 

--Thanks,
--Robert

Link to post
Share on other sites
  • Administrators

Please let me know if anybody with a Gigabyte motherboard is still having issues despite having the latest Antivirus and antispyware module 1462 installed. I've just successfully reproduced BSOD with such MB upon launching System Information Viewer, however, after updating from pre-release servers I was unable to reproduce the crash any more. So it seems that the latest module solves the issues with Gigabyte motherboards at least.

 

If you experience freezes, please generate a complete memory dump manually. When done, compress it, upload it to a safe location and pm me the download link.

 

We highly appreciate your willingness to co-operate with us on this matter which will hopefully bear its fruit soon as we hope.

Link to post
Share on other sites

Please let me know if anybody with a Gigabyte motherboard is still having issues despite having the latest Antivirus and antispyware module 1462 installed. I've just successfully reproduced BSOD with such MB upon launching System Information Viewer, however, after updating from pre-release servers I was unable to reproduce the crash any more. So it seems that the latest module solves the issues with Gigabyte motherboards at least.

 

If you experience freezes, please generate a complete memory dump manually. When done, compress it, upload it to a safe location and pm me the download link.

 

We highly appreciate your willingness to co-operate with us on this matter which will hopefully bear its fruit soon as we hope.

The manual memory dump is not working. I do the RIGHT CONTROL and SCROLL lock after making key in reg and doesn't do anything.

Link to post
Share on other sites

Sorry about the delay on my part, I've been rather busy.

 

Just tried installing the 1462 module and re-installing the Gigabyte App Center. No BSOD on boot, so there's definitely progress there. I'll keep both installed for now and see if it holds up over the weekend.

 

Here is something to check out on this issue.

 

Windows Updates for June offered an Intel microcode optional update: https://support.microsoft.com/en-us/kb/3064209 . It was dated 6/19/2015. Most of the posts on these BSODs started after that date. Would be curious to see if people having issues with Eset SS or NOD32 have installed this update.

 

Just cheked, I personally do not have that installed, so at least for me that wasn't the culprit.


*Update*

 

So, my PC has been running for a good 14 hours now with the 1462 module installed together with the gigabyte app center, and everything works smoothly. No BSODs, no performance issues, just smooth sailing all the way. So the problem seems fixed.

Link to post
Share on other sites

Hi,

Having the same issue with 8.0.312.0 Pre-Release update 1462.

Motherboard is a ASUS Z87 Sabertooth.

All Windows Critical, Important and optional updates installed.

System freezes without a BSOD, but freezes keyboard  and mouse inputs.

No indicators of compromise using multiple scanners, Malwarebytes, TDSKiller, ESET Rescue, etc.

 

Uninstalled ESET and system runs fine.

I am now scanning with Loki for IOC's.

 

I plan to upload a BSOD dump after the loki scan completes.

I will keep you posted.

 

Thanks to all for the help so far.

Link to post
Share on other sites

I uninstalled the Gigabyte APP Center a couple days ago and running ESET Smart Security without Blue Screens-

 

Is it safe to download the latest ESET SS and re-install the Gigabyte APP Center yet?

Link to post
Share on other sites

Hi, I have returned and have explored the system and found that no Minidump file were created since 11/2014. Attempting to determine why.

Boot Drive is SSD settings for BSOD dump are in effect. So I don't have BSOD dump.

 

I do have a DM Log Collector Zip File.

Size=4.2Mb.

 

I have not reinstalled ESET Smart Security 8.

I am running Lastest Updated Windows Defender and MS Firewall and a fully licensed and updated Malwarebytes Premium.

Ohwellian-BSOD_ESET.zip

Link to post
Share on other sites

Thanks to the folks with the Gigabyte MoBo App Center Products and MoBo's

Hi,
I persisted with fixing this myself from the "Man" knows better than "Machine" standpoint. I took a lesson from Pizzly and Fanstein. Uninstalled the following: ASUS Sabertooth Z87 Apps. -- Removal completed successfully.

AI Suite III, ASUS Product Register Program, ASUS Product Register Program, Asus Fan Control Service, Asus WebStorage Windows Service

I reinstalled ESET 2014 from the CD with the downloaded update that gets Smart Security 8.0.312, AV Signature is 11881 (20150702) 6:15 PM (MST-7)

I am running on ESET 8.0.312, So far all is well.

As far as I can surmise something killed the Win8.1 of making BSOD dumps and also rendered the system incapable of running an ESET startup scan. 11/2014.
The ASUS geo-location of code writers manufacturers with malware are suspect.

Oh Well. Now more scans are needed and I do need the FAN Control back.
Need to find out why dumps did not occur too,

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...