laopa

fwndis64.sys and repeated BSOD Crashes with WIN 7 64 PC & Laptop

Recommended Posts

Hi,

 

For the last month or so I have been having repeated BSOD experiences with both my PC and my child's Laptop. After weeks of searching forums on the web I found a Windows Hotfix related to the crashes and Emsisoft Internet Security.

 

I ran the hot fix and the BSOD seemed to have gone away.

 

Now this morning 01-01-2015 they are back with a vengeance.

 

I noticed that there has been an update of a number of Emsisoft Internet Security Files dated 01/01/2015 and when I ran WhoCrashed (Resplendence Freeware) the culprit again turned out to be Emsisoft Firewall - fwdis64.sys.

 

I am back to where I started. Great New Years Present from Emsisoft.

 

Surely Emsisoft is aware of this issue and yet they fail to fix it!!!!

 

In fact in own my case, and I assume others, they have reintroduced the problem again.

 

I have disabled Emsisoft Internet Security in Services and am relying on Windows Defender and Windows Firewall.

 

HELP!!!!!

 

laopa

Share this post


Link to post
Share on other sites

I am experiencing the same error fwdis64.sys after Emsisoft updated today. My computer was stuck in a bsod loop until I was able to safe boot and use emsiclean to forcefully remove it. Please help

 

Protection software: Shadow defender, Sandboxie, Emsisoft Internet Security and Appguard

 

Running windows 8.1 64-bit

Share this post


Link to post
Share on other sites

Hi,

 

If you can tell me how to do that, via instructions meant for a four year old, I would be very happy to.

 

I tried including the WhoCrashed (Resplendence Freeware) Report which clearly identified 

fwndis64.sys

as the BSOD cause but your Forum does not seem to like Facts.

 

laopa

Share this post


Link to post
Share on other sites

Hi,

 

The Post that was Deleted, also mentioned that I tried un-installing and then re-installing MS Hot Fix KB2958399 but all that did was get EIS (Emsisoft Internet Security) Firewall to Enable then we were back to repeated BSOD Crashes.

 

Never, ever, had this problem when running Anti Malware & Online Armor as separate software packages!

 

Maybe forwards is really backwards.

 

I have always been very cautious about "we can do everything" bloat-ware.

 

Anyway HELP!!

 

laopa

Share this post


Link to post
Share on other sites

I also have the same problem. last year after using 3 years in a row without any problem the Online Armor and Malware separate I renewed my license to Internet Security combined

since then I am least to say not happy

 

first last year I had the problem of constant blue screens where I suddenly needed to apply a hotfix I never needed before

 

now again this morning, maybe after an update, already 3 x BSOD

 

System Information (local)

windows version: Windows 7 Service Pack 1, 6.1, build: 7601
windows dir: C:\Windows
Hardware: P17SM-A , Notebook
CPU: GenuineIntel Intel® Core i7-4710MQ CPU @ 2.50GHz Intel586, level: 6
8 logical processors, active mask: 255
RAM: 17091944448 total



 

Crash Dump Analysis

Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.

On Thu 1-1-2015 10:53:30 GMT your computer crashed
crash dump file: C:\Windows\Minidump\010115-8018-01.dmp
This was probably caused by the following module: fwndis64.sys (0xFFFFF8800F4036A2)
Bugcheck code: 0xD1 (0xFFFFFAB185FA1CB4, 0x2, 0x0, 0xFFFFF8800F4036A2)
Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\drivers\fwndis64.sys
product: Emsisoft Firewall SDK
company: Emsisoft GmbH
description: Emsisoft Firewall Engine
Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: fwndis64.sys (Emsisoft Firewall Engine, Emsisoft GmbH).
Google query: Emsisoft GmbH DRIVER_IRQL_NOT_LESS_OR_EQUAL



On Thu 1-1-2015 10:53:30 GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: fwndis64.sys (fwndis64+0x36A2)
Bugcheck code: 0xD1 (0xFFFFFAB185FA1CB4, 0x2, 0x0, 0xFFFFF8800F4036A2)
Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\drivers\fwndis64.sys
product: Emsisoft Firewall SDK
company: Emsisoft GmbH
description: Emsisoft Firewall Engine
Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: fwndis64.sys (Emsisoft Firewall Engine, Emsisoft GmbH).
Google query: Emsisoft GmbH DRIVER_IRQL_NOT_LESS_OR_EQUAL



On Thu 1-1-2015 10:45:43 GMT your computer crashed
crash dump file: C:\Windows\Minidump\010115-8221-01.dmp
This was probably caused by the following module: fwndis64.sys (0xFFFFF88004D4A6A2)
Bugcheck code: 0xD1 (0xFFFFFA981F37DB4C, 0x2, 0x0, 0xFFFFF88004D4A6A2)
Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\drivers\fwndis64.sys
product: Emsisoft Firewall SDK
company: Emsisoft GmbH
description: Emsisoft Firewall Engine
Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: fwndis64.sys (Emsisoft Firewall Engine, Emsisoft GmbH).
Google query: Emsisoft GmbH DRIVER_IRQL_NOT_LESS_OR_EQUAL




 

Conclusion

3 crash dumps have been found and analyzed. A third party driver has been identified to be causing system crashes on your computer. It is strongly suggested that you check for updates for these drivers on their company websites. Click on the links below to search with Google for updates for these drivers:

fwndis64.sys (Emsisoft Firewall Engine, Emsisoft GmbH)

If no updates for these drivers are available, try searching with Google on the names of these drivers in combination the errors that have been reported for these drivers and include the brand and model name of your computer as well in the query. This often yields interesting results from discussions from users who have been experiencing similar problems.
 

Share this post


Link to post
Share on other sites

maybe you could check better before giving out the new updates

now I can spend my free day in helping wife and 2 kids with their laptops let alone my own one

Share this post


Link to post
Share on other sites

and again

4th time within an hour. nice. I can forget in playing online games today

bigger problem for tomorrow. anybody knows how to get work done at the office when crashing laptop 4 to 5 times in an hour?

 

 

 

On Thu 1-1-2015 11:09:53 GMT your computer crashed
crash dump file: C:\Windows\Minidump\010115-7971-01.dmp
This was probably caused by the following module: fwndis64.sys (0xFFFFF88010163B2A)
Bugcheck code: 0xD1 (0xFFFFFA811907E01B, 0x2, 0x0, 0xFFFFF88010163B2A)
Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\drivers\fwndis64.sys
product: Emsisoft Firewall SDK
company: Emsisoft GmbH
description: Emsisoft Firewall Engine
Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: fwndis64.sys (Emsisoft Firewall Engine, Emsisoft GmbH).
Google query: Emsisoft GmbH DRIVER_IRQL_NOT_LESS_OR_EQUAL
 

Share this post


Link to post
Share on other sites

Hi.

 

Have to agree.

 

 

Crash Dump Analysis
Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.

On Thu 01-January-2015 2:06:49 GMT your computer crashed
crash dump file: C:\Windows\Minidump\010115-22323-01.dmp
This was probably caused by the following module: fwndis64.sys (0xFFFFF88002D656A2)
Bugcheck code: 0xD1 (0xFFFFFA8BBB4F86F4, 0x2, 0x0, 0xFFFFF88002D656A2)
Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\drivers\fwndis64.sys
product: Emsisoft Firewall SDK
company: Emsisoft GmbH
description: Emsisoft Firewall Engine
Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: fwndis64.sys (Emsisoft Firewall Engine, Emsisoft GmbH).
Google query: Emsisoft GmbH DRIVER_IRQL_NOT_LESS_OR_EQUAL



On Thu 01-January-2015 2:06:49 GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: fwndis64.sys (fwndis64+0x36A2)
Bugcheck code: 0xD1 (0xFFFFFA8BBB4F86F4, 0x2, 0x0, 0xFFFFF88002D656A2)
Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\drivers\fwndis64.sys
product: Emsisoft Firewall SDK
company: Emsisoft GmbH
description: Emsisoft Firewall Engine
Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: fwndis64.sys (Emsisoft Firewall Engine, Emsisoft GmbH).
Google query: Emsisoft GmbH DRIVER_IRQL_NOT_LESS_OR_EQUAL



On Wed 31-December-2014 23:41:02 GMT your computer crashed
crash dump file: C:\Windows\Minidump\010115-21262-01.dmp
This was probably caused by the following module: fwndis64.sys (0xFFFFF8800423F6A2)
Bugcheck code: 0xD1 (0xFFFFFAA8E5E51C54, 0x2, 0x0, 0xFFFFF8800423F6A2)
Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\drivers\fwndis64.sys
product: Emsisoft Firewall SDK
company: Emsisoft GmbH
description: Emsisoft Firewall Engine
Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: fwndis64.sys (Emsisoft Firewall Engine, Emsisoft GmbH).
Google query: Emsisoft GmbH DRIVER_IRQL_NOT_LESS_OR_EQUAL



On Wed 31-December-2014 23:32:04 GMT your computer crashed
crash dump file: C:\Windows\Minidump\010115-21044-01.dmp
This was probably caused by the following module: fwndis64.sys (0xFFFFF8800417F6A2)
Bugcheck code: 0xD1 (0xFFFFFABEE159B7A8, 0x2, 0x0, 0xFFFFF8800417F6A2)
Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\drivers\fwndis64.sys
product: Emsisoft Firewall SDK
company: Emsisoft GmbH
description: Emsisoft Firewall Engine
Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: fwndis64.sys (Emsisoft Firewall Engine, Emsisoft GmbH).
Google query: Emsisoft GmbH DRIVER_IRQL_NOT_LESS_OR_EQUAL



Conclusion
4 crash dumps have been found and analyzed. A third party driver has been identified to be causing system crashes on your computer. It is strongly suggested that you check for updates for these drivers on their company websites. Click on the links below to search with Google for updates for these drivers:

fwndis64.sys (Emsisoft Firewall Engine, Emsisoft GmbH)

If no updates for these drivers are available, try searching with Google on the names of these drivers in combination the errors that have been reported for these drivers and include the brand and model name of your computer as well in the query. This often yields interesting results from discussions from users who have been experiencing similar problems.


Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.

 

 

 

It is time to FIX THIS Emsisoft!

 

laopa

Share this post


Link to post
Share on other sites

I had already crash 5 now

within 1 hour!!!!

 

when they don't have a fix soon I want to change back my combined program for the 2 old ones online armor and anti-malware for the next 2 years

 

I already regret my decision for renewing my license for this combined one, I want a trouble free software, not this where I can't even work normally

Share this post


Link to post
Share on other sites

I don't want to apply hotfixes I didn't need anytime before

just trouble free software without having to install all kind of s*** I didn't need all 4 years I used the laptops in house before

Share this post


Link to post
Share on other sites

Oh yes u're right. I still got the bluescreens.I cant even boot in normal mode, my pc didnt even load the desktop and it got the bluescreen

I used the bluescreenviewer
 

==================================================
Dump File         : 010115-29328-01.dmp
Crash Time        : 01.01.2015 13:29:39
Bug Check String  : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x000000d1
Parameter 1       : fffffa81`0a338a9c
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000000
Parameter 4       : fffff880`06b5db2a
Caused By Driver  : fwndis64.sys
Caused By Address : fwndis64.sys+3b2a
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+75bc0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\010115-29328-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 275.480
Dump File Time    : 01.01.2015 13:31:07
==================================================

Share this post


Link to post
Share on other sites

I hope so

but I hope that we won't have any of these problems again

otherwise I will contact sales or support to get my old system back instead of this

I have been running the separate versions on 5 different systems the past years without any problem

now with this combined one this already the second problem within 2 weeks after installing it, all 5 laptops here have the same problem now

Share this post


Link to post
Share on other sites

hi. the same problem. the first blue screen this morning. Analyze minidump:

 

Microsoft ® Windows Debugger Version 6.12.0002.633 AMD64
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\010115-4804-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.18409.amd64fre.win7sp1_gdr.140303-2144
Machine Name:
Kernel base = 0xfffff800`02c55000 PsLoadedModuleList = 0xfffff800`02e98890
Debug session time: Thu Jan   1 10:36:47.437 2015 (UTC + 3:00)
System Uptime: 0 days 0:15:39.280
Loading Kernel Symbols
...............................................................
................................................................
..........................
Loading User Symbols
Loading unloaded module list
......
*******************************************************************************
*                                                                                     *
*                           Bugcheck Analysis                                        *
*                                                                                     *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {fffffab8d1767c40, 2, 0, fffff880044066a2}

Unable to load image fwndis64.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for fwndis64.sys
*** ERROR: Module load completed but symbols could not be loaded for fwndis64.sys
*** ERROR: Symbol file could not be found.   Defaulted to export symbols for ndis.sys - 
Probably caused by : fwndis64.sys ( fwndis64+36a2 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                                     *
*                           Bugcheck Analysis                                        *
*                                                                                     *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.   This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: fffffab8d1767c40, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff880044066a2, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80002f02100
fffffab8d1767c40 

CURRENT_IRQL:   2

FAULTING_IP: 
fwndis64+36a2
fffff880`044066a2 8b4130            mov      eax,dword ptr [rcx+30h]

CUSTOMER_CRASH_COUNT:   1

DEFAULT_BUCKET_ID:   VISTA_DRIVER_FAULT

BUGCHECK_STR:   0xD1

PROCESS_NAME:   System

TRAP_FRAME:   fffff8800a2e4e20 -- (.trap 0xfffff8800a2e4e20)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff8800a2e4fe8 rbx=0000000000000000 rcx=fffffab8d1767c10
rdx=fffffa800dcb102c rsi=0000000000000000 rdi=0000000000000000
rip=fffff880044066a2 rsp=fffff8800a2e4fb0 rbp=fffffa800ef55020
r8=fffff8800a2e50d8   r9=fffff8800a2e50c8 r10=000000000000f070
r11=fffffa800ef55000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0          nv up ei ng nz na pe nc
fwndis64+0x36a2:
fffff880`044066a2 8b4130            mov      eax,dword ptr [rcx+30h] ds:d030:fffffab8`d1767c40=????????
Resetting default scope

LAST_CONTROL_TRANSFER:   from fffff80002cca169 to fffff80002ccabc0

STACK_TEXT:   
fffff880`0a2e4cd8 fffff800`02cca169 : 00000000`0000000a fffffab8`d1767c40 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`0a2e4ce0 fffff800`02cc8de0 : 00000000`00000000 00000000`00000000 fffff880`0150ed00 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`0a2e4e20 fffff880`044066a2 : 00000000`00000002 fffff880`014b427e fffffa80`0e5151a0 fffff880`014fab67 : nt!KiPageFault+0x260
fffff880`0a2e4fb0 00000000`00000002 : fffff880`014b427e fffffa80`0e5151a0 fffff880`014fab67 fffffa80`0ef558ec : fwndis64+0x36a2
fffff880`0a2e4fb8 fffff880`014b427e : fffffa80`0e5151a0 fffff880`014fab67 fffffa80`0ef558ec 00000000`00000400 : 0x2
fffff880`0a2e4fc0 00000000`0000000e : 00000000`00000000 fffffa80`0e519c60 00000000`00000004 fffffa80`0dcb1020 : ndis!NdisDprAllocatePacketNonInterlocked+0x76e
fffff880`0a2e5050 00000000`00000000 : fffffa80`0e519c60 00000000`00000004 fffffa80`0dcb1020 00000000`00000048 : 0xe


STACK_COMMAND:   kb

FOLLOWUP_IP: 
fwndis64+36a2
fffff880`044066a2 8b4130            mov      eax,dword ptr [rcx+30h]

SYMBOL_STACK_INDEX:   3

SYMBOL_NAME:   fwndis64+36a2

FOLLOWUP_NAME:   MachineOwner

MODULE_NAME: fwndis64

IMAGE_NAME:   fwndis64.sys

DEBUG_FLR_IMAGE_TIMESTAMP:   549f77ba

FAILURE_BUCKET_ID:   X64_0xD1_fwndis64+36a2

BUCKET_ID:   X64_0xD1_fwndis64+36a2

Followup: MachineOwner
---------

0: kd> lmvm fwndis64
start               end                   module name
fffff880`04403000 fffff880`0447c000    fwndis64 T (no symbols)             
    Loaded symbol image file: fwndis64.sys
    Image path: fwndis64.sys
    Image name: fwndis64.sys
    Timestamp:         Sun Dec 28 06:23:38 2014 (549F77BA)
    CheckSum:          000862BB
    ImageSize:         00079000
    Translations:      0000.04b0 0000.04e4 0409.04b0 0409.04e4

Share this post


Link to post
Share on other sites

been working with this laptop since 11:40 this morning

now it is 16:50 and had a total of 46 BSOD

 

anyone who can tell me when there will be a solution for this? tomorrow is a working day, I can't work with a system that crashes about 9 x per hour

Share this post


Link to post
Share on other sites

been working with this laptop since 11:40 this morning

now it is 16:50 and had a total of 46 BSOD

 

anyone who can tell me when there will be a solution for this? tomorrow is a working day, I can't work with a system that crashes about 9 x per hour

I'm disable Emsisoft Internet Security and stopping process (Start-->Control Panel-->administ tools-->services-->Emsisoft Protection Service)

Share this post


Link to post
Share on other sites

All logs are useless. We will need the actual dump file. These dumps in general are pretty useless unless you have the proper symbol files to decode the information in them. So I would appreciate it if you could submit the actual dump file (not a report based on the dump file) to [email protected]

 

The dump files can be found in the C:\Windows\Minidump directory. Just copy them to your Desktop and attach them to an email.

Share this post


Link to post
Share on other sites

I'm disable Emsisoft Internet Security and stopping process (Start-->Control Panel-->administ tools-->services-->Emsisoft Protection Service)

 

surfing without protection is more or less like suicide in my opinion

I just don't understand why this file has been changed in something worse

Share this post


Link to post
Share on other sites

Quick update: We found and fixed the cause of the problem. It only affects specific systems and network configurations that are actively using IPv6. An update is already available. We are also rebuilding the setups at the moment to include the fixed driver in case you uninstalled already and want to reinstall again. I will let you know once the setup files have been updated.

 

Sorry for the inconvenience this particular issue may have caused.

Share this post


Link to post
Share on other sites

Quick update: We found and fixed the cause of the problem. It only affects specific systems and network configurations that are actively using IPv6. An update is already available. We are also rebuilding the setups at the moment to include the fixed driver in case you uninstalled already and want to reinstall again. I will let you know once the setup files have been updated.

 

Sorry for the inconvenience this particular issue may have caused.

NIce.

Share this post


Link to post
Share on other sites

It's an emergency fix, so the version number didn't change. We only adjusted the firewall related drivers. Easiest way to check whether you have the update is to just run the update manually. If it doesn't download anything, you have it already. You can also change the version number of the fwndis64.sys file inside the C:\Windows\System32\Drivers directory. If it is version 1.0.0.622 you have the fixed version of the driver.

Share this post


Link to post
Share on other sites

OK, thanks, all is OK on this machine, last 20 minutes no BSOD, 1 or 2 should have been 'normal' last couple of hours

tomorrow I will be updating the other laptops here

Share this post


Link to post
Share on other sites

Hi Guys,

I am just wondering if I am having the same issues, I have had a series of BSOD and don't know why. I reinstalled using the latest download installer and it didn't ask me to apply any fixes so I am not sure whats causing this. Attached are the minidump files. Any help would be greatly appreciated.

010215-13384-01.dmp

Share this post


Link to post
Share on other sites

Hi,

Looks like a lot happened whilst I was asleep.

The only way I could operate my PC yesterday was to Disable EIS in Services and then Enable Windows Defender and Windows Firewall to give my system some protection.

As of this morning I have uninstalled and reinstalled EIS twice. Could not apply or find any updates because as soon as I Enabled EIS (Services) I got multiple BSODs.

So after the first uninstall and reinstall I got EIS back but no Internet Connection.

After the second uninstall and reinstall and subsequent Update? EIS seems to be working and I have an Internet Connection back.

Given the dozens of hours I have spent with my PC and my kids Laptop over the last nearly two months of two different, but in the end similar, Episodes of BSOD related to EIS and it seems its Firewall Component, I would not rate the program as overly user friendly and certainly no where near as stable as the combination of Online Armor and Anti-Malware that I used for years.

Interesting that a number of forum Emsisoft Staff show that they are still using Anti-Malware and I presume Online Armor?

Have to also admit that, after happily using Emsisoft Security Software (Online Armor & Anti-Malware) for many years, one more Episode of BDOS with EIS and I will not be renewing my Licenses coming up in March 2015.

Disappointed does not cover it.

laopa

Share this post


Link to post
Share on other sites

Thanks Iaopa...I think it was the Emsisoft....fwwfp764.sys is what it found which linked to a page which says emsisoft.... it was first seen on 2/12/14 which was the day I started to get BSOD....a couple of other people have suggested going back to the version number that we were at before all this started. The big problem I think is that it took a while for me to get any leads on the cause...I am guessing there are a lot of people out there who are getting these and have no idea why...Having said that I am going to stick with it.... Thanks for the help

 

Threft

Share this post


Link to post
Share on other sites

Hi Threft,

 

Good that you worked it out.

 

I only found a reference to "WhoCrashed" after looking at dozens of forums trying to figure out why the BSOD started on my PC and my Kids Laptop weeks and weeks ago.

 

I have replaced the RAM in both machines and the HDD in the Laptop plus my External HDD on the PC, all as a consequence of these constant BSOD issues, false leads to fixes, and trying to track down the cause.

 

Stumbled on the first "MS hot fix" after weeks of trying everything. Applied that "hotfix", got a copy of "whocrashed" and have been keeping an eye on both systems ever since.

 

Then this disaster of the EIS update of 31st Dec/01Jan 2015 brought it all back.

 

What is really worrying to me and seems to you, is that there are no doubt many others out there, who are having this problem and have not lucked on to the link between the BSOD and their Emsisoft Software.

 

Emsisoft has NOT been proactive about letting users/customers know about the BSOD problem and solutions at all.

 

I get regular "self congratulatory" articles and "scary malware threats" notices in my EIS on a daily, if not weekly basis.

 

NOT ONE mention of this BSOD issue though. 

 

Someone at Emsisoft needs to attend an "Issues Management" Training Course so that they can get on the "front foot" over these issues and keep their users/customers both fully informed and happy.

 

The dangers of saying nothing far out way the short term issue of admitted a problem that can be fixed.

 

Those represented on this Forum can only be a very tiny proportion of Emsisoft and EIS users, whilst all the others out there, are no doubt pulling their hair out and wondering what the heck to do about their constantly crashing systems.

 

Just put BSOD into a search engine and I bet the first thing that pops up is not related to EIS ... mostly about Windows.

 

Get your act together Emsisoft!

 

Frustrated!

 

laopa

Share this post


Link to post
Share on other sites

Hi Guys,

I am just wondering if I am having the same issues, I have had a series of BSOD and don't know why. I reinstalled using the latest download installer and it didn't ask me to apply any fixes so I am not sure whats causing this. Attached are the minidump files. Any help would be greatly appreciated.

Hello Threft,

 

The crash you attached the dump for was caused by the netio.sys driver, not fwwfp764.sys.

 

This is an issue confirmed by MS and there is a hotfix available.

 

Please see the MS KB article at:

https://support.microsoft.com/kb/2958399

Share this post


Link to post
Share on other sites

Interesting that a number of forum Emsisoft Staff show that they are still using Anti-Malware and I presume Online Armor?

People rarely keep those information updated. I know some still have Windows XP as their operating system although I know they switched months ago. For the most part people just set those information once when they register but never bother to update them ever again. That being said, I know that none of our current employees is using Online Armor at the moment. They either use EAM + Windows Firewall or EIS.

 

Stumbled on the first "MS hot fix" after weeks of trying everything. Applied that "hotfix", got a copy of "whocrashed" and have been keeping an eye on both systems ever since.

WhoCrashed is a very limited tool to be honest. The biggest issue is that in order to make sense of the information contained inside a minidump file you will need additional information stored in so-called "symbol files". These symbol files essentially contain crucial information about where functions and variables are stored within the binary file that can then be used to properly restore the state of the thread causing the bluescreen. Without these symbol files trying to figuring out what caused a blue screen often comes down to guessing. Take the latest dump attached by Threft for example. According to WhoCrashed the crash is caused by "ntoskrnl.exe":

rw2H85u.png

Now let's take a look at that dump with a different tool that is able to use our symbol files:

BQzREcU.png

Thanks to the symbol files the later tool figured out the real culprit for the crash, which is netio.sys. In fact Thresh has been missing the netio.sys hotfix from Microsoft. WhoCrashed however would have sent you in the opposite direction and on to a wild goose chase.

 

Then this disaster of the EIS update of 31st Dec/01Jan 2015 brought it all back.

Sorry, I don't call less then 0.01% of all users that did update having an issue with an update a disaster. Do I get that you are upset because this particular bug affected you? Sure. But hyperbole isn't helpful.

 

What is really worrying to me and seems to you, is that there are no doubt many others out there, who are having this problem and have not lucked on to the link between the BSOD and their Emsisoft Software.

We do have access to Microsoft crash statistics. You may have noticed that Windows tries to report crashes to Microsoft and Microsoft then provides these crash dumps to software companies like us to help us improve our products. Windows Error Reporting received reports from less than 10 users so far and since the update is already out for a while I don't expect that number to increase significantly.

 

Emsisoft has NOT been proactive about letting users/customers know about the BSOD problem and solutions at all.

We updated you and everyone else who opened a support case with us in your support request on every step of the way and provided a fix within a few hours after we became aware of the problem.

 

NOT ONE mention of this BSOD issue though.

There is no point in spamming our users with news about potential bugs that don't even affect them. Would you want to receive constant popups about bugs someone reported no matter whether or not you are affected by it?

 

Those represented on this Forum can only be a very tiny proportion of Emsisoft and EIS users, whilst all the others out there, are no doubt pulling their hair out and wondering what the heck to do about their constantly crashing systems.

That is pure speculation and not supported by any of our data. Given the cause of the bug is a problem in parsing IPv6 and the fact that in order for the bug to occur you need to have functioning IPv6 in your network which is still exceptionally rare for home users, it is unlikely that a lot of users would run into this particular issue. That is further supported by the relatively small number of support requests we received via the forum and email as well as the Microsoft crash statistics.

Share this post


Link to post
Share on other sites

since we have glass fiber here in July 2014 our internet provider put us on IPv6

more IP addresses here for us in home but also better security online

 

anyway, all 5 laptops are running without problems since this morning

 

for me the problem solving that it had to be EIS was simple

running this new laptop for 2 months without any downtime, not even a second. renewed my license (OA + AM) but changed to EIS. within few days after there was an update for EIS and pop up which said to reboot laptop

after that within 10 minutes BSOD, that is no coincidence so for me the search last year December was simple

when this problem happened I also had a EIS update, reboot laptop to finish and within 3 minutes the first of many BSOD

 

let's hope that this doesn't happen again

Share this post


Link to post
Share on other sites

Hi PeterNauta

 

This last incident was unfortunate, but I think a lot of the testers like me don't yet have ipv6.  Me thinks you would be a welcome addition to the test group, as you do have it.  Might consider it.

 

Pete

Share this post


Link to post
Share on other sites

when I wouldn't use my laptop for my webshop when at home I would consider that, but I can't have any problems in beta testing

 

only thing I can do is report problems immediately when it is there

Share this post


Link to post
Share on other sites

Hi,

 

I really do not want get into a to and fro argument here and end up getting banned for speaking up, PLUS I recognize the hard work of all the Emsisoft Staff and yourself (FW) plus Members on the Forum but a lot of your replies are just standard "self justification and head in sand" stuff.

 

However since FW took the time to selectively dissect my input and then "dump" on me I feel I need to say something.

 

 

 

Sorry, I don't call less then 0.01% of all users that did update having an issue with an update a disaster. Do I get that you are upset because this particular bug affected you? Sure. But hyperbole isn't helpful.

 

How could you possibly have calculated this number????? You have no idea how many of your users/customer have the BSOD problem and are wandering around on the Net looking for an answer.

 

 

 

WhoCrashed is a very limited tool to be honest.

 

As a "non technical" person I found the program very useful in pointing me in at least one direction to look for an answer.

 

 

Seemingly so did Member PeterNauta, who's numerous posts in the thread I started, are full of WhoCrahsed Reports, and who your Global Moderator (Peter2150)  is now asking to be a "beta tester".

 

 

Hi PeterNauta

 

This last incident was unfortunate, but I think a lot of the testers like me don't yet have ipv6.  Me thinks you would be a welcome addition to the test group, as you do have it.  Might consider it.

 

Pete

 

 

 

 

 

Now let's take a look at that dump with a different tool that is able to use our symbol files:

BQzREcU.png

 

Glad to here there are more sophisticated tools out there. How would a "non technical" person like me get hold of this software/freeware?

 

 

 

Given the cause of the bug is a problem in parsing IPv6 and the fact that in order for the bug to occur you need to have functioning IPv6 in your network which is still exceptionally rare for home users, it is unlikely that a lot of users would run into this particular issue. 

 

FYI I run a Fritz.Box 7490 Dual Band Router with IPv6 functioning.

 

 

 

We updated you and everyone else who opened a support case with us in your support request on every step of the way and provided a fix within a few hours after we became aware of the problem.

 

I sent in a direct email to Emsisoft for Tech Support / Help Desk and have not heard one thing back yet.

 

 

 

There is no point in spamming our users with news about potential bugs that don't even affect them. Would you want to receive constant popups about bugs someone reported no matter whether or not you are affected by it?

 

As a user/customer, who over the last couple of months has spent dozens of hours and hundreds of $$$ trying to fix these EIS Firewall related BSDO on two machines - Yes I would!

 

Emsisoft has no problem in spamming me about other matters of interest to them.

 

 

Anyway enough of that.

 

I would like to thanks all those who have helped me solve my problems at this time and will be back to the Forum when and if necessary.

 

I however stick to the assertion that Emsisoft could learn something positive from this exercise in how better to communicate and serve its users/customers.

 

laopa

Share this post


Link to post
Share on other sites

I really do not want get into a to and fro argument here and end up getting banned for speaking up

There is no reason to ban anyone.

How could you possibly have calculated this number?????

Based on the amount of user support requests we got (3 via email, 8 people in the forum), the number of Microsoft crash reports (13 to be more precise), and how many users updated to the new version. The percentage is higher then 0.01% though. I mistakenly took the number of update downloads, but EAM downloads the file as well without using it and we specifically only care about EIS. The actual percentage based on EIS downloads alone is 0.2%. Still far from the disaster you try to paint it to be.

You have no idea how many of your users/customer have the BSOD problem and are wandering around on the Net looking for an answer.

In general the blue screen clearly spells out which driver is causing the BSOD:

7sJfzGH.png

post-25668-0-32781700-1420134574.jpg

Searching for the driver name in any of the major search engines spits out this very thread as the very first search result. Is it possible that people may still not know what the cause is? Sure. But given that the error clearly points out the faulty driver it is unlikely that there are thousands of people wandering around not knowing why their system bluescreened as you try to suggest.

 

Glad to here there are more sophisticated tools out there. How would a "non technical" person like me get hold of this software/freeware?

The software is WinDbg and is part of the Windows Driver Kit and Windows Software Development Kit. The software however isn't the problem. Even if you have the software, you still won't have the symbols necessary to decode those minidumps properly as vendors usually don't provide their symbol files for download. WinDbg is also notoriously difficult to use. That being said, there are a few websites that allow you upload your minidump and that return you the !analysis results for the minidump. One of these websites can be found here:

http://www.osronline.com/page.cfm?name=analyze

It's not perfect, since most likely symbols for some drivers will be missing, but it is more reliable as WhoCrashed mostly due to the fact that it at least uses the Microsoft symbols.

 

FYI I run a Fritz.Box 7490 Dual Band Router with IPv6 functioning.

So you are one of the lucky 5% who have an IPv6 capable internet connection :).

 

I sent in a direct email to Emsisoft for Tech Support / Help Desk and have not heard one thing back yet.

I checked the Helpdesk right now. Your email was received on 01 January 2015 01:25 and it was replied to by Arthur on 01 January 2015 12:23. Can you please check your spam folder to make sure the mail hasn't been filtered out by accident?

  

Emsisoft has no problem in spamming me about other matters of interest to them.

If you feel we are spamming you, I suggest you disable the news popups under "Settings"/"Notifications".

Share this post


Link to post
Share on other sites

All hands to the Battlements - Barbarians at the Gate - Barbarians = Users/Customers with questions!

 

 

 

post-25668-0-32781700-1420134574.jpg

 

 

Didn't get this on PC or Laptop - my bad - my fault of course!

 

 

 

So you are one of the lucky 5% who have an IPv6 capable internet connection

 

I love your ability to invent numbers/statistics to suit your arguments and apply them in such a sarcastic tone,

 

 

 

Based on the amount of user support requests we got (3 via email, 8 people in the forum), the number of Microsoft crash reports (13 to be more precise), and how many users updated to the new version. The percentage is higher then 0.01% though. I mistakenly took the number of update downloads, but EAM downloads the file as well without using it and we specifically only care about EIS. The actual percentage based on EIS downloads alone is 0.2%. Still far from the disaster you try to paint it to be.

 

That is TOTAL Analytical Rubbish! It takes NO consideration of the number of users/customers who have NO IDEA that their BSOD are related to Emsisoft EIS. So if they don't know it is your fault makes it OK???? Even in your limited and somewhat bent view you managed to up the "incidence" from 0.01% to 0.2% - that's like a 20 times increase. Cool!

 

 

 

 

 

"There are three kinds of lies: lies, damned lies, and statistics." - Ref* FW

 

 

 

 

If you feel we are spamming you, I suggest you disable the news popups under "Settings"/"Notifications". 

 

That was not my point and you know it!

 

 

 

I checked the Helpdesk right now. Your email was received on 01 January 2015 01:25 and it was replied to by Arthur on 01 January 2015 12:23. Can you please check your spam folder to make sure the mail hasn't been filtered out by accident?
  

 

Nothing at my end but let me guess --- that would also be my fault, again!

 

 

 

The software is WinDbg and is part of the Windows Driver Kit and Windows Software Development Kit. The software however isn't the problem. Even if you have the software, you still won't have the symbols necessary to decode those minidumps properly as vendors usually don't provide their symbol files for download. WinDbg is also notoriously difficult to use. That being said, there are a few websites that allow you upload your minidump and that return you the !analysis results for the minidump. One of these websites can be found here:

 

I'll let "stapp" know that I should not bother to follow his/her advice to look at WinDbg.

 

 

Save your efforts, we all know there are holes in the bucket - just fix them and stop telling us about the benefits of doing nothing!

 

laopa

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.