pgalos 0 Posted September 30, 2016 Posted September 30, 2016 Hello Windows 7 Prof with SP1 with newest patches, ESET Remote Administrator Agent 6.4.283.0, ESET Endpoint Security 6.4.2014.2. Twice or three times a day user can see BSOD on this machine, and error is always the same: 0x000000f5 (0x000000000000006e, 0xfffffa80049c6880, 0xfffffa80049c6820, 0x0000000000000000). NirSoft Blue Screen View displays drivers found in crash stack: eamonm.sys eamonm.sys+1bc9f fffff880`02c0a000 fffff880`02cdb000 0x000d1000 0x5739d8c7 2016-05-16 16:27:19 ESET Security Amon monitor 6.4.2012.0 ESET C:\Windows\system32\drivers\eamonm.sys fltmgr.sys fltmgr.sys+7012 fffff880`0113a000 fffff880`01186000 0x0004c000 0x4ce7929c 2010-11-20 11:19:24 System operacyjny Microsoft® Windows® Menedżer filtrów systemu plików ###### Microsoft 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft Corporation C:\Windows\system32\drivers\fltmgr.sys ZESFSMF.sys ZESFSMF.sys+5f0d fffff880`011e6000 fffff880`011fb000 0x00015000 0x52f4301e 2014-02-07 03:00:14 Novell ZENworks Endpoint Security Novell ZESM File System Filter Driver 11.3.0.180 Novell, Inc C:\Windows\system32\drivers\ZESFSMF.sys When I disable realtime scanning and application protocol filtering the problem goes away so this is something connected with EES. Any ideas what could be the reason? Regards Pawel
ESET Staff MartinK 384 Posted September 30, 2016 ESET Staff Posted September 30, 2016 Could you also try to disable Novell ZENworks Endpoint Security instead of EES? Seems both products are monitoring filesystem.
Administrators Marcos 5,408 Posted September 30, 2016 Administrators Posted September 30, 2016 At least temporarily rename C:\Windows\system32\drivers\ZESFSMF.sys in safe mode and see if the issue occurs with ESET fully enabled.
pgalos 0 Posted October 5, 2016 Author Posted October 5, 2016 (edited) At least temporarily rename C:\Windows\system32\drivers\ZESFSMF.sys in safe mode and see if the issue occurs with ESET fully enabled. I renamed ZESFSMF.sys two days ago, but there is no improvement. There are still restarts but now system doesn't save dump files! In system event log I can only see that system was restarted without previous clear shutdown. Nazwa dziennika:System Źródło: Microsoft-Windows-Kernel-Power Data: 2016-10-05 00:54:27 Identyfikator zdarzenia:41 Kategoria zadania:(63) Poziom: Krytyczne Słowa kluczowe:(2) Użytkownik: SYSTEM Komputer: h1mromanm Opis: System został uruchomiony ponownie bez uprzedniego czystego zamknięcia. Przyczyną tego błędu może być fakt, że system przestał odpowiadać, uległ awarii lub nastąpiła nieoczekiwana utrata zasilania. Kod XML zdarzenia: <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-77220C37D6B4}" /> <EventID>41</EventID> <Version>2</Version> <Level>1</Level> <Task>63</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000002</Keywords> <TimeCreated SystemTime="2016-10-04T22:54:27.918004200Z" /> <EventRecordID>168858</EventRecordID> <Correlation /> <Execution ProcessID="4" ThreadID="8" /> <Channel>System</Channel> <Computer>h1mromanm</Computer> <Security UserID="S-1-5-18" /> </System> <EventData> <Data Name="BugcheckCode">245</Data> <Data Name="BugcheckParameter1">0x6e</Data> <Data Name="BugcheckParameter2">0xfffffa80049cf880</Data> <Data Name="BugcheckParameter3">0xfffffa80049cf820</Data> <Data Name="BugcheckParameter4">0x0</Data> <Data Name="SleepInProgress">false</Data> <Data Name="PowerButtonTimestamp">0</Data> </EventData> </Event> Now I completely removed ZENWorks Agent from this machine but I don't suppose that it is the problem. We succesfully use this software on about 80 other machines... And one more thing which is important: after a little investigation I suppose that problem started after upgrade EES form verision 6.3.2016 to 6.4.2014.2. Pawel Edited October 5, 2016 by pgalos
Recommended Posts