JeremyNicoll

> I have plenty of space on Google Drive so I could put it there and send a download link if that''s any good ? I expect that will work - I use Dropbox in a similar way for sending dumps etc to Emsisoft. Just make sure you don't post the URL in this forum where anyone can see it. Send a PM (personal message) to GT500 - to do that hover over his avatar and then click 'message'.

Since that shows a copyright 2003-2017 information line, surely that's not the most uptodate version of EEK? Where did you get it from? Also what version of Windows is that? Also, this is EEK... and there is a specific part of the forum for EEK problems, where other users of EEK are more likely to see your questions. It's at: https://support.emsisoft.com/forum/55-emsisoft-emergency-kit/

I think that "Settings - General - Guard Settings - Start on Windows Startup" covers that, as if it's on from as early in boot as possible, it's clearly on before anyone logs in.

> So if Windows Firewall isn't an example of security software then what the hell is it doing on our computers It's a standard part of Windows, which everyone has. Implicitly thatwill be tested against - how could they avoid it? > In short, I don't trust Microsoft to protect us at the firewall level. - despite the fact that most (all?) of the other 'firewall' products are just GUI frontends to the underlying Windows facility?

One of the things I wondered about is the way the screen mode changes when a UAC password prompt is presented. Of course I answer those more or less immediately, bit if for some reason something like that was detected, even if very short-lived, it might appear to go on for longer than a few seconds if EAM doesn't see the change back to normal operation as soon as that change happens. We need to know more about how often EAM asks if fullscreen is in effect, and how often once that is the case, it asks to see if normality has been resumed.

> EAM doesn't try to detect fullscreen applications itself, but instead it is periodically asking Windows if a fullscreen application is running How often does it ask? I conducted some experiments [on W8.1] with eg Firefox in fullscreen mode, and EAM didn't see that... but maybe it wasn't like that for long enough. How long do I need to try something that might be a culprit before being likely to see the effect?

Thank-you.

System updated a short time ago, but I see no release details here. What is in Emsisoft Anti-Malware Full 2018.5.0.8686 beta [en-us] OS: Windows 8.1 (Version 6.3, Build 9600, 64-bit Edition)

You upload them to a file-sharing site (or free cloud storage if you have any), then send the URL to Emsisoft (via a private message). Don't post the URL here as anyone could download the dumps and search them for confidential content. To send a private message to GT500, hover over his avatar then click the 'message' link. See GT500's post a few posts back for the names of some file-sharing sites if you don't have a personal favourite.

Hawki - if you have a 'firewall router' between your pc and the internet connection then it might offer bandwidth limiting for either the whole LAN or for specified attached devices.

> It's odd... The trouble is, dumping an OS that's not well is never guaranteed to work because you need some parts of the OS to be working still. I used to work on IBM mainframes where the last-ditch diagnostic collection mechanism was something called a 'standalone dump'. The dump program was booted over the top of the dead system and it, rather than the OS, would then dump all of RAM and the linked contents of page files. The management didn't like standalone dumps being done because they could delay an attemped restart of the dead system by 20-30 minutes.

The 16 GB dump needs to be compressed and sent to Emsisoft so they can try to find out what the problem is. I would suggest you stop experimenting until Emsisoft have had a look at this dump. After you then changed the pagefile size etc did you do a reboot (and it would ideally be a 'cold' one not just a restart) before trying anything else? Maybe if you didn't reboot at that point Windows tried to page some virtual memory and the changed page-file size confused things? Later you said: The Ctrl Scrl Lock did not work. Do you know that the action is to hold down the righthand Ctrl key then press ScrollLock twice? You've had a LOT of hangs etc. Do you, each time you reboot after a hang or BSOD or whatever, run a chkdsk on your disks? Each hang/BSOD can leave file systems in a mess and not checking/repairing them, if they do get in a mess, will possibly make things worse.

It's curious that it restarts after the blue screen, whether or not any dump is taken. > I've tried to manually initiate a crash dump from the keyboard when the a2service crash happens ... I realise this is not a useful post... but the trigger is not meant to manually initiate a crash dump. It is meant to trigger a BSOD. The expected/normal treatment of any BSOD, by the OS, is to take the configured type of dump. The problem you have isn't the trigger, but the dump mechanism, presumably because of that volmgr thing. I don't know what that is (can't see your attached files), but does googling that produce any useful suggestions?

Also... there's no guarantee that any of these changes will /actually/ make the dump happen properly. We don't know why it's not happening properly. Maybe there's a bug in that part of the OS.

You need to read the bit of that MS KB page entited "Automatic memory dump", where - yes - it does say that the pagefile will be automatically sized to suit a dump... but the "Automatic memory dump" option is "intelligent". It sizes the page file for a dump that does not aim to contain all possible detail, on the assumption that normal users (by which I guess they mean programmers of simple application programs) will not want a complete /system/ dump. But in your case it's a /system/ problem, and it's a full system dump that Emsisoft are likely to need. So you need "complete memory dump" and a bigger pagefile. Read the paragraph starting "Kernel memory crash dumps..." and bear in mind it's no use relying on Windows to slowly make the page file bigger so that one day in future the paging file will be big enough. You need to make the page file big enough at the start so that it will hold the dump you need when the problem happens.