Ipbor 0 Report post Posted April 11 Hi, I am getting very frequent crashes and BSODs when surfing the internet and watching youtube,downloading files. For really unknown reason, computer goes into BSOD with tcpip.sys error. can EAM cause such a conflict ?Windows help agents told me some antivirus tend to conflict with the tcpip.sys driver i've uploaded dmp file:- please help im very noob 041120-26125-01.dmp Quote Share this post Link to post Share on other sites
GT500 787 Report post Posted April 14 EAM uses a WFP (Windows Filtering Platform) driver as part of its Web Protection. If you disable the Surf Protection and then restart the computer, then network traffic won't be filtered, and this will allow you to determine if EAM has anything to do with the crashes. Here's how to disable the Web Protection: Right-click on the little Emsisoft icon in the lower-right corner of the screen (to the left of the clock). Go to Protection status. Select Disable Web Protection. You can turn it back on the same way. Quote Share this post Link to post Share on other sites
haydn 0 Report post Posted May 11 Im getting the same issue, i nearly did a win10 reset until i saw a tech say check your anti virus, i have disabled Web Protection for Emsisoft but still have Malwarebytes protection who i see had the same tcpip.sys BSOD issues but they appear to have solved it Quote Share this post Link to post Share on other sites
MJmusicguy 5 Report post Posted May 11 I myself have been seeing the same error since 2020.4.1 and ive been a active contributor to the FP section and customer for nearly 3 years now never had a concern until recently Quote Share this post Link to post Share on other sites
GT500 787 Report post Posted May 12 @haydn and @MJmusicguy just to confirm, the crashes stopped completely for both of you after disabling Web Protection and restarting your computers? What versions of Windows did this happen on? 32-bit or 64-bit? Did the crashes usually happen when you were doing something specific (browsing the Internet, watching online videos, playing online games, using a VPN, etc)? What sort of network adapters are you using to connect to the Internet (ethernet/hardwired, wireless, USB cellular/mobile broadband card, etc)? Quote Share this post Link to post Share on other sites
haydn 0 Report post Posted May 12 Iwasted hours reinstalling drivers uninstalling certain software, installing BSOD software paying for update driver software i didn't need, i got reimbursed. but thats not the point how much do you get into loosing hours of your life trying to figure out a problem Emsisoft should never have inflicted on its subscribers, i now have web protection disabled, and use only Malwarebytes Premium (only paying a one off payment for) who incidentally had the same issue last year, looking through the forums but have developed a patch, im seriously looking at ending Emsisoft subscription when the contract ends and yes i havent had a BSOD since web protection disabled Quote Share this post Link to post Share on other sites
MJmusicguy 5 Report post Posted May 12 @GT500 Correct in my case its windows 10 pro 64 @haydn Understand how you feel but for me I chose Emsi for ethics and leading Ransomware protection do for me long term its better to help fix a issue then to switch Quote Share this post Link to post Share on other sites
GT500 787 Report post Posted May 13 @haydn and @MJmusicguy could we get FRST logs from both of you? You can find instructions for downloading and running FRST at the following link:https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/ Note: When FRST checks the Windows Firewall settings, Emsisoft Anti-Malware's Behavior Blocker will quarantine it automatically. This can be avoided by clicking "Wait, I think this is safe" in the notification that is displayed while FRST is scanning. Quote Share this post Link to post Share on other sites
MJmusicguy 5 Report post Posted May 13 @GT500sent logs in a pm 1 Quote Share this post Link to post Share on other sites
GT500 787 Report post Posted May 14 @haydn and @MJmusicguy does the following file exist on your computers? C:\Windows\MEMORY.DMP Would it be possible to compress/archive this file with something like 7-Zip or WinRar and send it to me privately? If you have to use a third-party file sharing service, then please use a password when compressing the file, and send me the password privately. Quote Share this post Link to post Share on other sites
GT500 787 Report post Posted May 14 Another question; did either of you have Firefox open when the crashes happened? It may be a long shot, but @stapp forwarded me this link, so I figured it was worth asking just in case:https://www.wilderssecurity.com/threads/mozilla-firefox.388154/page-35#post-2917135 Quote Share this post Link to post Share on other sites
MJmusicguy 5 Report post Posted May 14 i didnt but i do have Firefox installed i use Vivaldi as my main browser Quote Share this post Link to post Share on other sites
GT500 787 Report post Posted May 15 If Firefox wasn't running when the crashes happened then it's most likely not involved in them. Any MEMORY.DMP files? That's what we'll need more than anything else to figure out what happened. Debug logs probably wouldn't hurt either, but you'd have to let the crash happen again to get those. Quote Share this post Link to post Share on other sites
MJmusicguy 5 Report post Posted May 15 @GT500 do not know if you got them but sent new farbar logs directlu after the event yesterday and i can try and collecy a dump if instructed with best method Quote Share this post Link to post Share on other sites
GT500 787 Report post Posted May 16 14 hours ago, MJmusicguy said: @GT500 do not know if you got them but sent new farbar logs directlu after the event yesterday and i can try and collecy a dump if instructed with best method I'm not as concerned about the FRST logs (they would only show me relevant info if the system had crashed recently enough). As for a memory dump, first you'll need to verify some Windows settings. Please follow the instructions below to ensure that your computer is set to save crash dumps: Hold down the Windows key (the one with the Windows logo on it, usually between the Ctrl and Alt keys) and hold down the 'R' key to open the Run dialog. Type in "control system" and click 'OK'. On the left, click on "Advanced system settings". In the "Startup and Recovery" section, click on the 'Settings' button. Please ignore the "System Startup" and "System Failure" sections. In the "Write debugging information" section, please change the first option to "Complete memory dump" (it may say something like "Small memory dump", "Kernel memory dump", or "Automatic memory dump"). The "Dump file" field should say "%SystemRoot%\MEMORY.DMP" which means that it will save the dump as MEMORY.DMP in your Windows folder (usually "C:\Windows"). If it does not say "%SystemRoot%\MEMORY.DMP" then please change it so that it does. Make sure that "Overwrite any existing file" is selected. Click the 'OK' button, and restart your computer to save the changes. Once you've verified those settings, I recommend making sure your pagefile is set to be larger than the amount of RAM in your computer, otherwise the memory dump will fail to save. There are instructions for editing the pagefile/virtual memory settings at the following link:https://www.tenforums.com/tutorials/77692-manage-virtual-memory-pagefile-windows-10-a.html Quote Share this post Link to post Share on other sites
MJmusicguy 5 Report post Posted May 18 @GT500 I have trouble understanding the page file bit that said i have 64gb of ram also the issue with loging this is it can go weeks even months without frigging the 2nd set of farbar logs where actually taken directly after the forced rboot after the orignal mini dump so do look at that second set Quote Share this post Link to post Share on other sites
JeremyNicoll 73 Report post Posted May 19 @MJmusicguy - when the OS dumps, it has to write a copy of everything in the in-use memory, to disk. It's not safe on a system that's hurt to use usual files for that (the file system may be in a mess because of whatever has gone wrong) so the OS instead writes the info to the pagefile (which is a private file only ever used by the OS). When the OS is rebooted the dump data inside the pagefile is then copied out and put into C:\WINDOWS\MEMORY.DMP It follows that the pagefile needs to be big enough to hold a LOT of data. You maybe don't normally have a very large pagefile, but to allow this dump process to work you'll have to make a big one. On the webage about pagefile changes, do you see the screenshot at "F" in section 6? Follow the instructions to get to the same place on your system and screenshot it or make notes of what it says - how many drives, what sort of pagefiles any of them have, and tell us what the values are. Don't change anything for now, just Cancel out of that pane. Quote Share this post Link to post Share on other sites
GT500 787 Report post Posted May 19 16 hours ago, MJmusicguy said: @GT500 I have trouble understanding the page file bit that said i have 64gb of ram Did @JeremyNicoll's explanation make sense, or do you need me to write instructions? Quote Share this post Link to post Share on other sites
MJmusicguy 5 Report post Posted May 25 @GT500 got a 15 gb dump now what? Quote Share this post Link to post Share on other sites
GT500 787 Report post Posted May 26 9 hours ago, MJmusicguy said: @GT500 got a 15 gb dump now what? Use 7-Zip to compress it:https://www.7-zip.org/ You may need to copy the file to your Desktop so that 7-Zip can access it. Once you've done that, right-click on the file, go to the 7-Zip menu, and select "Add to archive" and be sure to use the following settings for compression (I recommend adding a password that you can send me privately): Download Image Quote Share this post Link to post Share on other sites
GT500 787 Report post Posted May 26 Once you've done that, you can use a file sharing service such as WeTransfer (they used to allow files up to 2 GB for free):https://wetransfer.com/ There's a button to the left of the "Transfer" button on WeTransfer that opens the advanced options, allowing you to select to generate a download link you can send in a private message along with the 7z archive's password. Quote Share this post Link to post Share on other sites
MJmusicguy 5 Report post Posted May 26 @GT500 its just barely over the limit Quote Share this post Link to post Share on other sites
JeremyNicoll 73 Report post Posted May 26 7 hours ago, MJmusicguy said: @GT500 its just barely over the limit If you have a Dropbox (as I do) or similar account with another cloud storage provider you could upload it there and send GT500 a personal message (hover over his avatar to here to see the option) telling him the URL. That's how I normally do this. I also ask Emsi to let me know when they've grabbed it so I can delete the file from my Dropbox. Quote Share this post Link to post Share on other sites
GT500 787 Report post Posted May 27 13 hours ago, MJmusicguy said: @GT500 its just barely over the limit When selecting the compression options in 7-Zip there's one called Split to volumes, bytes located in the lower left. If you select 1000M from the dropdown it will split the 7z archive into multiple 1 GB files, and then you can upload them separately and send me the links. Quote Share this post Link to post Share on other sites
GT500 787 Report post Posted June 9 I've just been told that this is being caused by the Web Protection in Malwarebytes' software, at least in the case of @MJmusicguy. Does everyone else experiencing this have Malwarebytes installed? Quote Share this post Link to post Share on other sites
MJmusicguy 5 Report post Posted June 14 @GT500 thats both great and unfortunate news so lets assume that is the cause anything either party can do to ensure this gets resolved properly ? you still have contacts over there right? if so i fully concecent to the sharing of data to aid in product harmony Quote Share this post Link to post Share on other sites
GT500 787 Report post Posted June 16 I'll ask QA if anyone has plans to contact Malwarebytes. Quote Share this post Link to post Share on other sites
GT500 787 Report post Posted June 19 I apologize for it taking a couple of days, but someone at Malwarebytes has been contacted. Quote Share this post Link to post Share on other sites
MJmusicguy 5 Report post Posted June 19 @GT500 is a solution expected soon? also do i get a metal for this one sometimes i feel like people cant be bothered but I make any effort I can to help male products better 1 Quote Share this post Link to post Share on other sites
GT500 787 Report post Posted June 20 12 hours ago, MJmusicguy said: @GT500 is a solution expected soon? All I've been told thus far is that the issue has been forwarded to their QA team. I don't know anything more than that for the moment. 12 hours ago, MJmusicguy said: also do i get a metal for this one sometimes i feel like people cant be bothered but I make any effort I can to help ma[k]e products better I can give your post a little trophy, and add a little extra time to your license key for helping us debug this. Quote Share this post Link to post Share on other sites
