deaf_2_intel_qaeda_hoores

BSOD on Emisoft Emergency Kit, epp.sys

Recommended Posts

Sandboxie had the same issue, when I told sandboxie staff, developers responded telling me Windows Driver Verifier was not compatible with sandboxie, Microsoft MVP dump specialist told me:


That is absurd.

The likely reason that Sandboxie "doesn't work" with Driver Verifier is because Driver Verifier flags the driver as it is probably poorly written and can't pass Driver Verifier's checks.

System up-time was just 43 seconds when Sandboxie was flagged. It also somehow dragged win32k.sys (Microsoft driver) in with it.

Every 3rd party driver should be able to pass Driver Verifier's tests. I in fact believe they do to be digitally signed.

Share this post


Link to post
Share on other sites

Windows Driver Verifier is a debugging tool intended to cause crashes when a driver wouldn't normally cause a crash. This is to facilitate collecting memory dumps that can aid in debugging problems when other methods fail. Drivers are not intended to be used normally while Driver Verifier is enabled.

Share this post


Link to post
Share on other sites

I am receiving BSOD's in windows without driver verifier, one such driver that continues to experience BSOD is Microsoft File System Filter Manager, FltMgr.sys, which emisoft File System Filter depends upon (epp.sys), here is the crash dump:

More info from Microsoft Insider MVPs, who also suggested I remove these unstable drivers that do not pass windows driver verification. In order to be fully compatible and stable, they must pass windows driver verifier.

Until then I will no longer use emisoft emergency kit, and see if the BSOD's disappear. I will keep you posted on my results in the coming days. More info below

1674429252_eppfltmgr.png.0417ba0d67d5a179601af5cdc4bb3830.png
Download Image

Share this post


Link to post
Share on other sites

On Sun 3/17/2019 8:27:32 PM your computer crashed or a problem was reported
crash dump file: C:\Windows\MEMORY.DMP
This was probably caused by the following module: fltmgr.sys (0xFFFFF8012E9941C2)
Bugcheck code: 0x1E (0xFFFFFFFFC0000005, 0xFFFFF8012E9941C2, 0x0, 0x0)
Error: KMODE_EXCEPTION_NOT_HANDLED
file path: C:\Windows\system32\drivers\fltmgr.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Microsoft Filesystem Filter Manager
Bug check description: This indicates that a kernel-mode program generated an exception which the error handler did not catch.
This might be a case of memory corruption. This may be because of a hardware issue such as faulty RAM, overheating (thermal issue) or because of a buggy driver.
The crash took place in a file system driver. Since there is no other responsible driver detected, this could be pointing to a malfunctioning drive or corrupted disk. It's suggested that you run CHKDSK.




On Sun 3/17/2019 8:27:32 PM your computer crashed or a problem was reported
crash dump file: C:\Windows\Minidump\031719-12312-01.dmp
This was probably caused by the following module: fltmgr.sys (0xFFFFF8012E9941C2)
Bugcheck code: 0x1E (0xFFFFFFFFC0000005, 0xFFFFF8012E9941C2, 0x0, 0x0)
Error: KMODE_EXCEPTION_NOT_HANDLED
file path: C:\Windows\system32\drivers\fltmgr.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Microsoft Filesystem Filter Manager
Bug check description: This indicates that a kernel-mode program generated an exception which the error handler did not catch.
This might be a case of memory corruption. This may be because of a hardware issue such as faulty RAM, overheating (thermal issue) or because of a buggy driver.
The crash took place in a file system driver. Since there is no other responsible driver detected, this could be pointing to a malfunctioning drive or corrupted disk. It's suggested that you run CHKDSK.

Share this post


Link to post
Share on other sites

You shouldn't publicly post links to memory dumps. If anyone can download them, they could extract personal information from them.

If you run the following command from an elevated Command Prompt, then it will delete the service that loads the EPP driver:

SC DELETE EPP

To quickly open an elevated Command Prompt on Windows 10 x64 simply right-click on the Start button, select Power Shell (Admin) from the menu, type cmd into Power Shell, and then press Enter on your keyboard. The window will remain blue, however it will execute the Command Prompt inside the Power Shell window, which will allow you to see normal feedback from commandline tools.

Share this post


Link to post
Share on other sites

The version of EPP that comes with EEK is outdated. EEK doesn't need most of the functions of EPP, and thus the version that comes bundled with it hasn't been updated in some time. It's possible that these issues will disappear once we update it.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.