Facing issues with BSOD on PC

[Ipbor]

Hi,

I am getting very frequent crashes and BSODs when surfing the internet and watching youtube,downloading files. For really unknown reason, computer goes into BSOD with tcpip.sys error.

can EAM cause such a conflict ?Windows help agents told me some antivirus tend to conflict with the tcpip.sys driver

i've uploaded dmp file:-

please help im very noob 

 

 

 

 

041120-26125-01.dmp

[GT500]

EAM uses a WFP (Windows Filtering Platform) driver as part of its Web Protection. If you disable the Surf Protection and then restart the computer, then network traffic won't be filtered, and this will allow you to determine if EAM has anything to do with the crashes.

Here's how to disable the Web Protection:

1. Right-click on the little Emsisoft icon in the lower-right corner of the screen (to the left of the clock).
2. Go to Protection status.
3. Select Disable Web Protection.

You can turn it back on the same way.

[haydn]

Im getting the same issue, i nearly did a win10 reset until i saw a tech say check your anti virus, i have disabled Web Protection for Emsisoft but still have Malwarebytes protection who i see had the same tcpip.sys BSOD issues but they appear to have solved it

[MJmusicguy]

I myself have been seeing the same error since 2020.4.1 and ive been a active contributor to the FP section and customer for nearly 3 years now never had a concern until recently  

[GT500]

@haydn and @MJmusicguy just to confirm, the crashes stopped completely for both of you after disabling Web Protection and restarting your computers?

What versions of Windows did this happen on? 32-bit or 64-bit? Did the crashes usually happen when you were doing something specific (browsing the Internet, watching online videos, playing online games, using a VPN, etc)? What sort of network adapters are you using to connect to the Internet (ethernet/hardwired, wireless, USB cellular/mobile broadband card, etc)?

[haydn]

Iwasted hours reinstalling drivers uninstalling certain software, installing BSOD software paying for update driver software i didn't need, i got reimbursed. but thats not the point how much do you get into loosing hours of your life trying to figure out a problem Emsisoft should never have inflicted on its subscribers, i now have web protection disabled, and use only Malwarebytes Premium (only paying a one off payment for) who incidentally had the same issue last year, looking through the forums but have developed a patch, im seriously looking at ending Emsisoft subscription when the contract ends and yes i havent had a BSOD since web protection disabled 

[MJmusicguy]

@GT500 Correct in my case its windows 10 pro 64 @haydn Understand how you feel but for me I chose Emsi for ethics and leading Ransomware protection do for me long term its better to help fix a issue then to switch  
 

[GT500]

@haydn and @MJmusicguy could we get FRST logs from both of you? You can find instructions for downloading and running FRST at the following link:
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

Note: When FRST checks the Windows Firewall settings, Emsisoft Anti-Malware's Behavior Blocker will quarantine it automatically. This can be avoided by clicking "Wait, I think this is safe" in the notification that is displayed while FRST is scanning.

[MJmusicguy]

@GT500sent logs in a pm 

[GT500]

@haydn and @MJmusicguy does the following file exist on your computers?

C:\Windows\MEMORY.DMP

Would it be possible to compress/archive this file with something like 7-Zip or WinRar and send it to me privately? If you have to use a third-party file sharing service, then please use a password when compressing the file, and send me the password privately.

[GT500]

Another question; did either of you have Firefox open when the crashes happened?

It may be a long shot, but @stapp forwarded me this link, so I figured it was worth asking just in case:
https://www.wilderssecurity.com/threads/mozilla-firefox.388154/page-35#post-2917135

[MJmusicguy]

i didnt but i do have Firefox installed i use Vivaldi as my main browser

[GT500]

If Firefox wasn't running when the crashes happened then it's most likely not involved in them.

Any MEMORY.DMP files? That's what we'll need more than anything else to figure out what happened. Debug logs probably wouldn't hurt either, but you'd have to let the crash happen again to get those.

[MJmusicguy]

@GT500 do not know if you got them but sent new farbar logs directlu after the event yesterday and i can try and collecy a dump if instructed with best method  

[GT500]

14 hours ago, MJmusicguy said:

@GT500 do not know if you got them but sent new farbar logs directlu after the event yesterday and i can try and collecy a dump if instructed with best method  

I'm not as concerned about the FRST logs (they would only show me relevant info if the system had crashed recently enough).

As for a memory dump, first you'll need to verify some Windows settings. Please follow the instructions below to ensure that your computer is set to save crash dumps:

1. Hold down the Windows key (the one with the Windows logo on it, usually between the Ctrl and Alt keys) and hold down the 'R' key to open the Run dialog.
2. Type in "control system" and click 'OK'.
3. On the left, click on "Advanced system settings".
4. In the "Startup and Recovery" section, click on the 'Settings' button.
5. Please ignore the "System Startup" and "System Failure" sections.
6. In the "Write debugging information" section, please change the first option to "Complete memory dump" (it may say something like "Small memory dump", "Kernel memory dump", or "Automatic memory dump").
7. The "Dump file" field should say "%SystemRoot%\MEMORY.DMP" which means that it will save the dump as MEMORY.DMP in your Windows folder (usually "C:\Windows"). If it does not say "%SystemRoot%\MEMORY.DMP" then please change it so that it does.
8. Make sure that "Overwrite any existing file" is selected.
9. Click the 'OK' button, and restart your computer to save the changes.

Once you've verified those settings, I recommend making sure your pagefile is set to be larger than the amount of RAM in your computer, otherwise the memory dump will fail to save. There are instructions for editing the pagefile/virtual memory settings at the following link:
https://www.tenforums.com/tutorials/77692-manage-virtual-memory-pagefile-windows-10-a.html

[MJmusicguy]

@GT500 I have trouble understanding the page file bit that said i have 64gb of ram

also the issue with loging this is it can go weeks even months without frigging the  2nd set of farbar logs where actually taken directly after the forced rboot after the  orignal mini dump so do look at that second set

[JeremyNicoll]

@MJmusicguy  - when the OS dumps, it has to write a copy of everything in the in-use memory, to disk.  It's not safe on a system that's hurt to use usual files for that (the file system may be in a mess because of whatever has gone wrong) so the OS instead writes the info to the pagefile (which is a private file only ever used by the OS).  When the OS is rebooted the dump data inside the pagefile is then copied out and put into C:\WINDOWS\MEMORY.DMP

It follows that the pagefile needs to be big enough to hold a LOT of data.   You maybe don't normally have a very large pagefile, but to allow this dump process to work you'll have to make a big one.

On the webage about pagefile changes, do you see the screenshot at  "F" in section 6?    Follow the instructions to get to the same place on your system and screenshot it or make notes of what it says - how many drives, what sort of pagefiles any of them have, and tell us what the values are.  Don't change anything for now, just Cancel out of that pane.

[GT500]

16 hours ago, MJmusicguy said:

@GT500 I have trouble understanding the page file bit that said i have 64gb of ram

Did @JeremyNicoll's explanation make sense, or do you need me to write instructions?

[MJmusicguy]

@GT500 got a 15 gb dump now what?

[GT500]

9 hours ago, MJmusicguy said:

@GT500 got a 15 gb dump now what?

Use 7-Zip to compress it:
https://www.7-zip.org/

You may need to copy the file to your Desktop so that 7-Zip can access it. Once you've done that, right-click on the file, go to the 7-Zip menu, and select "Add to archive" and be sure to use the following settings for compression (I recommend adding a password that you can send me privately):

[GT500]

Once you've done that, you can use a file sharing service such as WeTransfer (they used to allow files up to 2 GB for free):
https://wetransfer.com/

There's a button to the left of the "Transfer" button on WeTransfer that opens the advanced options, allowing you to select to generate a download link you can send in a private message along with the 7z archive's password.

[MJmusicguy]

@GT500 its just barely over the limit 

[JeremyNicoll]

7 hours ago, MJmusicguy said:

@GT500 its just barely over the limit 

If you have a Dropbox (as I do) or similar account with another cloud storage provider you could upload it there and send GT500 a personal message (hover over his avatar to here to see the option) telling him the URL.  That's how I normally do this. I also ask Emsi to let me know when they've grabbed it so I can delete the file from my Dropbox.

[GT500]

13 hours ago, MJmusicguy said:

@GT500 its just barely over the limit 

When selecting the compression options in 7-Zip there's one called Split to volumes, bytes located in the lower left. If you select 1000M from the dropdown it will split the 7z archive into multiple 1 GB files, and then you can upload them separately and send me the links.

[GT500]

I've just been told that this is being caused by the Web Protection in Malwarebytes' software, at least in the case of @MJmusicguy. Does everyone else experiencing this have Malwarebytes installed?

[MJmusicguy]

@GT500 thats both great and unfortunate news so lets assume that is the cause anything either party can do to ensure   this gets resolved properly   ? you still have contacts over there right?  if so i fully concecent to the sharing of data to aid in product harmony 

[GT500]

I'll ask QA if anyone has plans to contact Malwarebytes.

[GT500]

I apologize for it taking a couple of days, but someone at Malwarebytes has been contacted.

[MJmusicguy]

@GT500 is a solution expected soon? also do i get a metal for this one sometimes i feel like people cant  be bothered but I make any effort I can to help male products better  

[GT500]

12 hours ago, MJmusicguy said:

@GT500 is a solution expected soon?

All I've been told thus far is that the issue has been forwarded to their QA team. I don't know anything more than that for the moment.

 

12 hours ago, MJmusicguy said:

also do i get a metal for this one sometimes i feel like people cant  be bothered but I make any effort I can to help ma[k]e products better

I can give your post a little trophy, and add a little extra time to your license key for helping us debug this.