Sign in to follow this  
HAWKI

A New and Different Shutdown Warning ?

Recommended Posts

Hi :-)

 

At one point this morning I got a red bordered pop-up warning that Emisoft Protectection had turned off. I did not get a Windows Warning Flag.

 

I use Process Lasso and it keeps a record of all activity respcting the actions of processes on your PC. I checked and it showed that a2guard had in fact terminated for for eighteen seconds and then re-started. I did a manual update this AM, but I can't recall if it was shortly before the shutdown of a2guard but I believe it was. Was this brief shutdown initiated by EMIS for installation of the update?

 

I see a process named WerFault.exe started 11 seconds before a2guard.exe termiinated and that Werfault.exe terminated four seconds before a2guard re-launched. Is WerFault the EMSI update process??

 

Also, how many processes should show for EMIS. I see a2guard.exe listed as a process and I see a2sevice.exe listed as an active service. Is that how it should be?

 

Update--I see now that Werfault.exe. is the Windows Error Reporting App. SO WHAT HAPPENED TO A2GUARD? Does Werfault.exe temporarily disable it? Was Werfault.exe reporting on an error that had caused a2guard to terminate?

Share this post


Link to post
Share on other sites

I see now that Werfault.exe. is the Windows Error Reporting App. SO WHAT HAPPENED TO A2GUARD? Does Werfault.exe temporarily disable it? Was Werfault.exe reporting on an error that had caused a2guard to terminate?

 

The Event Log Shows the Following:

 

"Faulting application name: a2start.exe, version: 9.0.0.4546, time stamp: 0x54351812
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17055, time stamp: 0x532943a3
Exception code: 0xc0000005
Fault offset: 0x0001e20a
Faulting process id: 0x964
Faulting application start time: 0x01cfe5e6cfd8bec8
Faulting application path: C:\PROGRAM FILES (X86)\EMSISOFT INTERNET SECURITY\a2start.exe
Faulting module path: C:\WINDOWS\SYSTEM32\KERNELBASE.dll
Report Id: 9552c7b3-520b-11e4-bed9-4487fcd17048
Faulting package full name:
Faulting package-relative application ID:"

 

Preceeding the Error Entry in the Event Viewer I see severeral information listings saying that the Windos Security  Centrt Could Not Stop Windows Defender. While I see several of these Information Postings about WD, Prior to a2guard.exe shutting down there were four of these WD entried every 2-5 seconds.

 

The other similar entries were mostly sporadic, seperated by hours.

 

I just bought and installed EMIS last night and I see these sporadic entries occurring while I had another security product installed. I also see a few instances of several seconds apart while the other product was installed, so it is not clear that they are the cause of the shut down of a2guard.exe

Share this post


Link to post
Share on other sites

WerFault belongs to the Windows Error Reporting. It's purpose is to gather various information in case a process crashes to report them back to Microsoft. Unfortunately the event viewer entries alone won't allow us to figure out what is causing the crash on your system. We will at least require a mini dump of the crash to get an idea what is going wrong. Instructions on how to set up your system to create such mini dumps can be found here:

http://support.emsisoft.com/topic/3810-how-to-configure-automatic-crash-dumps-in-case-of-application-failures/

Please send the resulting crash dumps via email to [email protected] Please make sure to include a link to this thread to make it easier for me to assign your submission to the correct support thread.

Share this post


Link to post
Share on other sites

No Problem. It has not happenned again. And I use a manual update to have the Action Center properly reflect that EMIS is on for reassurance.

 

BTW: What's the matter with EMIS? You guys are slipping. There is a YouTube reviewer who does extensive detection test reviews. 45 minutes each, solely testing detection. EMIS 9 only detected 99.5% including all VBS Scripts :-)

 

The next closest was 95% and that program could not detect and remove all VBS Scripts. While it could stop their malicious actions, it left them running using valuable CPU time.

 

The new all-in one kid on the block detected 85% and was very weak at detecting VBS Scripts. This reviewer also tests the detection of a program's behavior blocker. The 85% detection includes all detection by it's "improved" behavior blocker - no wonder it won't submit to independant comparative detection tests.

 

Love EMIS 9 for many reasons and feel very comfortable knowing it's installed on my PC. I have active licenses for two other IS Suites but my choice to use is EMIS 9. 

 

Congratz on a great, soon to be award-winning program :-)

 

HAWKI

Share this post


Link to post
Share on other sites

Umm. I may have spoken too soon about it not happening again.

 

I just got a pop up warning that Emisoft Security Had Stopped Working. I immediately shut down my PC.

 

I checked my process log. It shows that a2start.exe started spontaneously and then stopped 47 seconds later. Isn' a2start,exe the scanning engine?

 

a2start.exe shows a2guard.exe as it's parent and a2guard.exe is shownas being Emisoft Anti Malware.

 

I have no scheduled scans.

 

What was that?

 

I have checked back further.

 

a2guard.exe when does that run as an active process?. I see where in a space of 3 seconds it started and stopped 4 times. Does that only run when you open a file or go to a website???

 

These 4 seconds were proceeded by a Werfault.

 

What was that??

Share this post


Link to post
Share on other sites

What occurred in the post immediately above happened again.

 

I had done a full scan overnight. When I closed the scan screen I got a pop up warning thate Emisoft ............ Has Stopped working" giving me the option to "close program.", I'm not sure of the actual wording - if it was Emisoft Security or Emisoft Security Center Stopped working. I had uninstalled my process explorer so I am not able to determine exactly which process,if any, actually turned off.

Share this post


Link to post
Share on other sites

I guess I am going to have to do that.

 

I know it won't help but the windows event viewer say:

 

Faulting application name: a2start.exe, version: 9.0.0.4570, time stamp: 0x543c0095
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17055, time stamp: 0x532943a3
Exception code: 0xc0000005
Fault offset: 0x0001e20a
Faulting process id: 0x6d0
Faulting application start time: 0x01cfe7950b1c5bca
Faulting application path: C:\PROGRAM FILES (X86)\EMSISOFT INTERNET SECURITY\a2start.exe
Faulting module path: C:\WINDOWS\SYSTEM32\KERNELBASE.dll
Report Id: 671fd691-53a4-11e4-bee2-4487fcd17048
Faulting package full name:
 

Share this post


Link to post
Share on other sites

The error just indicates that something inside one of the Windows core DLLs caused a crash by accessing some memory that it wasn't suppose to access. Without the crash dumps though there is nothing I can do for you unfortunately as we aren't able to reproduce that issue on our test systems.

Share this post


Link to post
Share on other sites

I'll try to find the time to do the do the crash dumps but I'm 99% certain the problem is my PC and not EMIS.

 

Used a new driver updater Monday night, totally messed up my PC. Updated drivers slowed my PC to a crawl and some programs would not open at all. What was very aggravating was that the restore of the backup only reinstalled 4 the backed up version of 4 out of the 21 newly installed drivers. Through system restore and reinstalling some programs, including EMIS I was able to get my PC functioning close to normal, though I have noticed a couple of errors in my Windows log about Diskeeper being unable to connect to a missing driver.  Wonderful. Surprisingly the updater comes from a well established software company with a solid reputation.

 

So I am more concerned about the state of my PC than I am with the stability of EMIS.

 

Still feeling very good about having EMIS installed on my PC :-)  PC runs smooth and fast with EMIS and I have a great amount of confidence in it's protection capabilities.

Share this post


Link to post
Share on other sites

I'll do my best to get you the crash dump, but the reason I reinstalled EMIS had nothing to do with EMSI. After the damage done to my system by that lousy driver updater it just made me feel better to do a clean reinstall of EMIS :-)

Share this post


Link to post
Share on other sites

Ummm,

 

What do I do with the registry entries? - where in my registry should I put them? Do you neeed a "full crash dump?"

 

"Windows Vista/2008/7/8:
Since Windows Vista application crashes are no longer handled by Dr. Watson, but by a component called Windows Error Reporting. Unfortunately there is no convenient way to set up Windows Error Reporting, instead you need to change certain registry entries. To make things more convenient, we have provided you with a set of registry files you can import in order to enable mini dumps, full dumps or disable crash dumps completely:-
 

Download Crash Dump registry scripts for Windows Vista, 7, 8, and 8.1

  • Download the above file to your system and unpack it to a location of your choice.
  • The names of the registry files are pretty self explanatory:
  • "enable_mini_crash_dumps.reg" will enable mini crash dumps for all application crashes and is the setting we recommend during testing.
  • "enable_full_crash_dumps.reg" will enable full crash dumps for all application crashes and should only be used after a developer requests a full crash dump.
  • "disable_all_crash_dumps.reg" will disable all crash dump generation and is the Windows default behavior.

The settings become active immediately, no reboot is required. The crash dumps will be stored inside the "CrashDumps" sub-directory of your public profile (usually C:\Users\Public\CrashDumps)."

Share this post


Link to post
Share on other sites

HAWKI  when you run the 'enable_mini_crash_dumps.reg' file it will automagically do all the registry entry settings for you :)

 

Fabian did mention mini dumps in post #3 of this thread, so just choose that one.

 

Don't forget afterwards to run the 'disable_all_crash_dumps.reg'  file when you have finished and have the logs. That will automagically return all the registry settings to the default they were before.

 

You may have to zip the dump files when you send them to Fabian.

Share this post


Link to post
Share on other sites

Stapp already explained everything perfectly :). Mini dump should be enough for the time being. So just double click the enable_mini_crash_dumps.reg file and you are good to go :).

Share this post


Link to post
Share on other sites

Does the crash have to occur while the crash-dump registry entry is installed?

 

Because I couldn't find the crash dump I uninstalled the registrey key and see no Crash Dump Folder under public /user. Is that because I removed the registry entry?

Share this post


Link to post
Share on other sites

Does the crash have to occur while the crash-dump registry entry is installed?

Yes, it does. Otherwise Windows will fallback to the default behavior, which is not write a crash dump.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.