BSOD - INSPECT.sys CIS 3.12.111745.560 (XP 32bit)

[Guest]

[2072]

Hello,

I just got this BSOD:

STOP: 0x0000008E  ( 0xC0000005, 0xB7BCE798, 0xAB0225E4, 0X0000000 )
INSPECT.SYS adress: B7BCE798 base at B7BC2000 datestamp 4AB127FC

I was not doing anything unusual at the time, the computer was idle, apart from heavy P2P activity using uTorrent but I'm doing this all the time since several months... so as I said nothing unusual.

CIS version: 3.12.111745.560
windows XP 32bit up to date

antivirus disabled
firewall in safe mode
Defence+ in clean PC mode.

Other security software: PeerBlock 1.0

no minidump available because pagefiles.sys isn't on C:

[kail]

Please check for a Mini Dump (DMP file) under \Windows\Minidump and add it here if you have one for the BSOD, it will help the developers identify the problem. Thanks.

[2072]

I checked and there is none because my swap isn't on C:\

I'll add a small swap on the system drive, maybe it'll be sufficient for minidumps...

[kail]

Yes, that's the way around that under XP. Vista is a different story.

[2072]

I've tried to create a Comodo configuration report using https://forums.comodo.com/help_for_v3/comodo_firewall_pro_configuration_reporting_script-t20950.0.html
but it crashes on step two (I've reported the error on the thread).

See the partial attached report.

[kail]

Hmm.. I suspect it maybe a CIS version compatibility issue. I couldn't help but notice that it's not been updated in over a year (I'm fairly sure the registry structure might have changed since then) and main Mod concerned is not currently active.

[EricJH]

Try a previous version of the script. I remember that did the trick for me a year ago.

[C00ller]

Please check for a Mini Dump (DMP file) under \Windows\Minidump and add it here if you have one for the BSOD, it will help the developers identify the problem. Thanks.

I have the same BSOD as above:

inspect.sys 0x0000008e (0xc0000005, 0xb7c3b798, 0xae4a85d0, 0x00000000

CIS 3.11.108364.552
Windows XP SP2 32bit

Antivirus NOD32 enabled
Firewall in safe mode
Defence+ in safe mode

BSOD happens when I'm starting uTorrent (but not every time)

minidump attached

[2072]

It just happened again:

0xc0000005, 0xb7bce798, 0xa38f85e4, 0x00000000
INSPECT.SYS  0xb7bce798 base at 0xb7bc2000 datestamp 0x4ab127fc

I think that this happens since I use the latest version of uTorrent with the new UTP protocol

minidump attached this time.

[kail]

I've notified CIS development of these minidumps. Thanks guys.

[2072]

you're welcome

Is it useful to post more minidumps or are those two enough?

[I-0]

Hello Folks -

New poster here. I'm not so sure that I'm as technically advanced as the rest of you, but I wanted to pass along a report on this issue...

- I run a small WLAN consisting of 2 desktops and 1 laptop. All three units are running Windows XP SP3. All are setup for Windows automatic update. All three units are also running COMODO 3.12.111745.560.

- All three units have had technical issues directly attributed to COMODO, at least as far as I can tell having read your forums, BUT, not all at the same time and each manifests itself in a different manner on its respective machine.

- Last night my desktop experienced a BSOD which it had never done before and it's a year old. The first BSOD displayed an error stating, "IRQL_NOT_LESS_OR_EQUAL". This occurred whilst posting a message to my blog, with no advanced warning. After reboot the machine froze. I then turned the machine off and watched "V" with the family (don't know about this show yet...). An hour later I cranked it back up and worked for a few minutes at which point I received another BSOD stating, "inspect.sys". I couldn't make out any more because it restarted all on its own.

- I rebooted the system one more time having unplugged the USB NetGear wireless Internet adapter. I left this session up all night and it was still functioning this morning. I reconnected the adapter and have been working okay since.

- Issues with the other machines have always manifested themselves as freezing at the XP login screen, or shortly thereafter, prior to completing a startup. In the past I have rectified these issues by uninstalling and reinstalling COMODO.

Now, I want to pass this along... It's either one hell of a coincidence, or a contributing cause. Each and every single time this has presented itself on any of the three machines it has been in conjunction with a new Windows Update alert (gold shield). COMODO issues don't occur every single time a Windows Alert presents, BUT every single time COMODO freaks out is in conjunction with a Windows Update alert on that particular machine.

Hope this helps, please reply with better fixes if you've go 'em.

[Little Mac]

I-O, you can stop the automatic reboot behavior by doing the following:
Right-click My Computer icon, select Properties. 
Go to Advanced tab, then Startup & Recovery section (toward the bottom).
Click the Settings button, and de-select the box for Automatically Restart.
make a note of the location for your minidump file; you may be requested to upload for review by the developers.

Regarding your issue; the BSOD you experienced is typically related to some malfunctioning driver.  You might want to check CIS logs (especially for D+) to see if something was blocked, and/or flush your rules (ie, "Purge") to get rid of any that are no longer relevant (you'll sometimes have temporary files that get a rule inadvertently, etc).

Hope that helps,

LM

[I-0]

I-O, you can stop the automatic reboot behavior by doing the following:
Right-click My Computer icon, select Properties. 
Go to Advanced tab, then Startup & Recovery section (toward the bottom).
Click the Settings button, and de-select the box for Automatically Restart.
make a note of the location for your minidump file; you may be requested to upload for review by the developers.

Regarding your issue; the BSOD you experienced is typically related to some malfunctioning driver.  You might want to check CIS logs (especially for D+) to see if something was blocked, and/or flush your rules (ie, "Purge") to get rid of any that are no longer relevant (you'll sometimes have temporary files that get a rule inadvertently, etc).

Hope that helps,

LM

Thanks for the quick reply. Apologies in advance, and I'm prepared to wear the dunce cap, but:
- What and where is a CIS (obviously CIS is COMODO Internet Security) log?
- How to I flush this log?
- You say the BSOD I experienced is indicative of a misbehaving driver, but which one the IRQL one or the inspect.sys one?

Thanks again, and sorry for being behind the curve. I'm a fairly quick learn...

[Little Mac]

I-O,

The "IRQL_" blah blah blah is the BSOD error message (along with the 0x0... stop code) that indicates it is a driver problem.  This is probably the inspect.sys; however, by turning off the automatic reboot, you should know for certain the next time it BSODs on you.

You don't want to Purge the logs; you want to Purge your D+ rules.  Go to Defense+ tab, Advanced, then Computer Security Policy, and click the Purge button.  Before you let it clear everything, review what it's showing you to see if there are any related to your scenario, which might be limited in what is Allowed.  Once you're satisfied, let it finish.  Click Apply when it's complete.

THe CIS logs are found from either Firewall or Defense + tabs under Common Tasks/View () Events.  From there, click the More button.  This will open the full log interface, where you can select to see Firewall, Defense +, or Antivirus logs.  You're probably going to want to look at the D+ as the most likely target.  I'd focus on your USB WiFi, but keep your eye open for anything driver-related that was blocked.

You indicated that after rebooting and reconnecting your USB wifi that it's been working fine (at the point of that edit).  I'm hoping that you had a temporary block rule (ie, inadvertently selected Block w/o Remember), which would automatically be flushed with the next session, and that you're now free and clear.  The troubleshooting steps will help determine that.

LM

[Tags:]