Ayush

Member
  • Content Count

    13
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Ayush

  • Rank
    Member

Contact Methods

  • Website URL
    http://www.emsisoft.com

Profile Information

  • Gender
    Male
  • Location
    India
  1. tech4tech, please rest assured that we make it a point to run all the drivers under verifier before releasing the product. It is only this particular scenario that the verifier complains about. So, please dont worry about it.
  2. This is perfectly normal and we had figured this in very early phase of the development of the driver. If you are interested in the technical details please read below. Technical details: A new verifier check was introduced in Windows 7/ 2008 R2 which complained about using user mode handles in kernel mode functions. This is a good check since a lot of developers end up passing user mode handles in incorrect process context and end up messing. But for functions like ObReferenceObjectByHandle (which are widely used for getting a kernel mode object equivalent of a user mode handle), this is perfectly fine if we do it in correct process context. We have made sure that we dont do anything in incorrect context. But the verifier does not does this check "intelligently" and hence ends up complaining.
  3. Yes, that is correct. Additionally it seems that the pagefile is not located on the boot volume. Going to do a remote session with Clipper and try to look at the environment and getting kernel memory dump.
  4. Please increase it to make it MORE than 4096 MB. I suggest make it 4608 MB for now (note that the minimum size should be 4608). Also, once this is done, then use the BellaVista utility to configure your machine for complete dump. Then redo the test and collect the memory.dmp file.
  5. Hi Clipper, The problem seems to be that the paging file is either not present on your system or is smaller than the size of your physical RAM. That could be a reason of for the corrupted memory dump file. Can you please check the size of your pagefile in system properties? If it is currently set to a size lower than that of the amount of RAM installed on your system, please set its size atleast to the size of your physical memory plus 1 MB. As an example, if your system has 1 GB of RAM, set the pagefile size minimum to 1GB + 1MB. Or You can simply set it to 1.5 times of your RAM to avoid all these calculations. Once this is configured, please redo the test and generate a crash dump.
  6. Are you able to copy the c:\windows\memory.dmp file to a different directory? If yes, then can you please copy the file to a different location and see if the compression works fine without hanging. What happens if you uninstall McAfee and then run EAM 6? In other words, does the system crash even if you have EAM as the ONLY security software installed on the system?
  7. H_D, I think JsnJack meant to say that EAM is working fine at his end. I had requested him to run the test multiple times so that he is sure that things are working fine. The crash dump in .7z format was uploaded by Clipper. That file has a problem. Let's wait for Clipper's reply.
  8. I tried downloading the file twice; extracted it and only to find out that the dump file was partially corrupted.
  9. Hi Clipper, I have started the download. It will take a while. Will get back to you by tomorrow regarding this issue.
  10. That is good news. Can you please try to run the scan couple of times to ensure that the problem is not present anymore.
  11. Hi jsnjack/ Clipper! Can you please provide the "full memory dump" of your system? Please refer to the instructions at http://support.emsisoft.com/topic/3809-how-to-configure-automatic-memory-dumps-in-case-of-blue-screens/ Once you enable that, try to reproduce the issue. If the crash occurs, you will notice a memory.dmp file in c:\Windows directory. This file be a bit big based on the size of your computer memory. Please compress it with WinRar/ WinZip and upload it. Just to ensure that memory.dmp contains relevant data, you can check the modified timestamp in the file property and it should be roughly the same time as the time when your computer crashed.
  12. Couple of questions (considering both Malware defender and Emsisoft are running): 1. Does Malware defender detect anything in this scenario? 2. Can you please post the output of fltmc command? Goto run->cmd.exe->fltmc
  13. Hi Lynx, The images you have attached show the expected sizes. You have accurately noticed that the size of the file in the cache folder is greater. And this is expected. Please drop me a PM with your emsisoft address for details.