JeremyNicoll

a2start crashed starting custom scan

Recommended Posts

Again.   FFS.

Win 8.1, 64-bit.   Last reported (albeit with a beta) three weeks ago.  This is a newer version of a2start and the exception offset is different from last time, so maybe a different cause.  Who knows?  Not me.

As last time, restarting a2start and doing the exact same things (indeed the same things I always do to start a custom scan), it worked.   I suppose I should be 'grateful' for that.

 

I have PMed @GT500  with the location of the dump, debug logs, eventlog records etc.

Share this post


Link to post
Share on other sites
On 6/20/2020 at 5:34 AM, JeremyNicoll said:

I have PMed @GT500  with the location of the dump, debug logs, eventlog records etc.

One of our developers asked me for a crash dump for this issue. Assuming you have one, could you go ahead and ZIP it, and send it to me?

Share this post


Link to post
Share on other sites
17 hours ago, JeremyNicoll said:

I only have the small dump that I already sent.

OK. If it happens again and you have a full application crash dump, then let me know.

Share this post


Link to post
Share on other sites

For info, really...

I finally got around to changing the registry keys concerned so that application dumps will be 'full' ones (ie as detailed as possible).   I know you've got .reg files that make that change for those who wish it, and nominate   %PUBLIC%\CrashDumps     rather than the Windows default of:    %LOCALAPPDATA%\CrashDumps    as the place to which dumps will be written.   There's clearly a small risk (with the %PUBLIC% location) that - on a system with multiple users - someone unauthorised could read a dump created on behalf of another user.   Maybe you should highlight that?

I took ages to set this up because I also read in detail around the subject of "Windows Error Reporting" (which is the bit of Windows in which support for different types of user dump is implemented), and wrote notes for myself about all of this.  For these dump options, see:   https://docs.microsoft.com/en-us/windows/win32/wer/collecting-user-mode-dumps

My eye was caught by the text that says that the nominated location only applies to dumps from applications being run /by users/, ie not dumps from services.  It says that service dumps will be elsewhere and does not give a full list of those locations ... except that they'll be somewhere inside %WINDIR%.   In a command prompt opened with Admin authority, the command:

dir /b /s %WINDIR%\*.dmp*

will search through all the possible places that might contain such dumps and list where they are.  I found 24 dumps I didn't know existed... mostly pretty old.    Some of them were from a2service.exe ... and those (here anyway) were in:   C:\Windows\System32\config\systemprofile\AppData\Local\CrashDumps\          None of the folders containing service dumps are (on Win 8.1 anyway) able to be opened in File Explorer unless you have Admin authority.

The other places (not explicitly listed as possibilities in that MS document) in which I found service dumps were:

C:\Windows\LiveKernelReports\WATCHDOG\
C:\Windows\LiveKernelReports\WinsockAFD\
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\CrashDumps\

Share this post


Link to post
Share on other sites

 I just updated to the new stable updates this afternoon. A few hours later, I realized while working on the computer that the Emsisoft dashboard window was completely gone, including its taskbar icon, and I couldn't make it reappear even by trying to restart the program.  I realized that the Emsisoft programs were still visible in Process Explorer, but there was no CPU associated with them. I was upset, as I had just been on my banking website. I cut my internet connection and shut down all Emsisoft programs from Process Explorer, except for a2start, which I was told I did not have permission to access. I rebooted the computer, and everything started up fine.

I was delighted after initially updating this afternoon that the CPU revving problem with a2start seemed to be gone after many, many months of seeing the problem, but the apparent crash afterward is of concern.

So far so good on the reboot, but I am watching the taskbar closely.
 

Edited by bluescreen
clarified original message

Share this post


Link to post
Share on other sites

I'm not an expert on knowing where to look.  However, in the Windows Logs, under "System," there is an entry at 6:06pm saying, "The Emsisoft Protection Service service terminated unexpectedly.  It has done this 1 time(s).   The following corrective action will be taken in 0 milliseconds:  Restart the service."  

Two seconds later, there is an entry saying that the same service is running.   (I did not see anything restart before the reboot, though--the dashboard window never reappeared, and I may not have been watching CPU closely then.)

Also under "System" at 6:09:28 PM, there is an entry saying "The Emsisoft WSC Integration Service service terminated unexpectedly.  It has done this 1 time(s)."

Under "Application,"  there are about 13 entries for "Restart Manager" between 5:59:02 and 5:58:52 PM, all saying things like Starting Session 1 or Ending Session 1.   I don't know what this refers to, and it may be totally unrelated to this episode.  I just mention it because the timing is close to when I noticed the original problem and before I rebooted the computer.

Under "Administrative Events,"   "The previous system shutdown at 6:12:14 PM...w.as unexpected."  (I think this was right after I held down the power button.)

Under "Security" at 6:12:55pm.  "Audit events have been dropped by the transport."  (maybe just becuse of reboot?)

 

Actually, I suspect these log entries are from when I was trying to shut down the service using Process Explorer.  I am pretty sure I noticed the problem with the missing dashboard right around 6pm, not this late.    So there may not be event log mentions of when this actually happened. 

 

Sorry...I doubt any of this helps.   I just wanted to put my experience on the record, though.   Everything is still running well and quietly (no CPU revving) since I rebooted. 

Share this post


Link to post
Share on other sites

@bluescreen  You might be able to tell from EAM's logs (assuming they survived uptodate across the termination), or failing that date & time stamps on its updated program files, precisley when the new version got installed.  If the 'System' Eventlog records that mention services terminating are at the same time, maybe it is just one of those things - an update that didn't go as planned.  But if the times are different then the contents of the System Termination log records might be useful.  If you click on each one there'll be a "Copy" button in the pane that opens, that will let you copy its contents here.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.