Hi, I recently had to track down a problem with my PC that was causing it to blue-screen. In order to analyse the cause of the blue screen, I configured Windows to generate a dump file in “C:\Windows\Minidump”. However, after a BSOD, no dump file was generated. The only way I could generate memory dump files was to uninstall Comodo Firewall.
In order to validate my theory I performed the following:
- I buillt a PC with Windows 10 Pro Version 2004 (OS Build 19041.450)
- In control panel, “Start-up and Recovery”, in the “Write debugging information” drop-down I selected “Small memory dump (256K)”. “Small dump directory” was set to “%SystemRoot%\Minidump”.
- I ran the sysinternals utility NOTMYFAULT64.EXE, and selected “Code Overwrite”. The machine blue screened. After the system restarted, a new *.dmp file had been created in “C:\Windows\Minidump”.
- I then installed Comodo Firewall 12.1.0.6914. Rebooted. Ran NOTMYFAULT64.EXE, selected “Code Overwrite”. The machine blue screened. After the system restart there was NO NEW *.dmp file in “C:\Windows\Minidump”.
- I then uninstalled Comodo Firewall, rebooted, ran NOTMYFAULT64.EXE, selected “Code Overwrite”. After the system restart there was a NEW *.dmp file in “C:\Windows\Minidump”.
Any ideas?
Cheers, Alan.
Other crash types do allow dumps to be created, not sure why it doesn’t for code overwrite.
Thanks for getting back. Following on from your comments I have just tried using NOTMYFAULT64.EXE to generate system crashes for:
- High IRQL
- Stack overflow.
Neither created a Minidump file with Comodo installed.
During the analysis of my initial problem (which I eventually tracked down to being caused by a bad memory stick) I saw the following faults:
- SYSTEM_SERVICE_EXCEPTION
- CRITICAL_PROCESS_DIED
- PAGE_FAULT_IN_NONPAGED_POOL
- ATTEMPTED_WRITE_TO_READONLY_MEMORY
Non of these created memory dump files with Comodo installed.
Could you please supply me with instructions on how you managed to create a dump file. I’d like to compare your results with mine.
Cheers.
So I re-check and the first four crash types produced mini dumps, I’m using CIS version 12.2.2.7062 if it helps.
Thanks for the info, I clean installed Win10 and installed CIS v12.2.2.7036. Bingo, it produces a minidump. Thanks a lot for your help. Much appreciated.
I didn’t realise there was a later release than v12.1.0.6914 (my CIS was set to check updates daily).
Just out of interest, do you happen to know how it was fixed in v12.2.2.7036? Looking at the changelog, “Add ‘Windows Operating System’ application to ‘Windows System Applications’ file group” looks like a possible fix?
Comodo is slacking on making new releases available to the program updater, as for 7036 maybe I do not know but you should go through 2 reboots and check again to make sure. Since v12.1 they added aggressive self protection which probably affected generating mini-dumps, so make sure it is really fixed by making sure the self protection is active. To see if the self-protection is active, try to create a new file in the install directory where CIS is installed as an admin, if it says access denied or gives some kind of permission error then it is active.
Comodo is slacking on making new releases available to the program updater
That makes me feel better ;)
I opened cmd.exe as admin and ran “echo xx >xx” from the CIS dir (“C:\Program Files\COMODO\COMODO Internet Security”). I got “Access is denied” so protection is on.
Cool, all sorted. Thanks again for your help.