STOP: 0x0000008E ( 0xC0000005, 0xB7BCE798, 0xAB0225E4, 0X0000000 )
INSPECT.SYS adress: B7BCE798 base at B7BC2000 datestamp 4AB127FC
I was not doing anything unusual at the time, the computer was idle, apart from heavy P2P activity using uTorrent but I’m doing this all the time since several months… so as I said nothing unusual.
CIS version: 3.12.111745.560
windows XP 32bit up to date
antivirus disabled
firewall in safe mode
Defence+ in clean PC mode.
Other security software: PeerBlock 1.0
no minidump available because pagefiles.sys isn’t on C:
Please check for a Mini Dump (DMP file) under \Windows\Minidump and add it here if you have one for the BSOD, it will help the developers identify the problem. Thanks.
Hmm… I suspect it maybe a CIS version compatibility issue. I couldn’t help but notice that it’s not been updated in over a year (I’m fairly sure the registry structure might have changed since then) and main Mod concerned is not currently active.
New poster here. I’m not so sure that I’m as technically advanced as the rest of you, but I wanted to pass along a report on this issue…
I run a small WLAN consisting of 2 desktops and 1 laptop. All three units are running Windows XP SP3. All are setup for Windows automatic update. All three units are also running COMODO 3.12.111745.560.
All three units have had technical issues directly attributed to COMODO, at least as far as I can tell having read your forums, BUT, not all at the same time and each manifests itself in a different manner on its respective machine.
Last night my desktop experienced a BSOD which it had never done before and it’s a year old. The first BSOD displayed an error stating, “IRQL_NOT_LESS_OR_EQUAL”. This occurred whilst posting a message to my blog, with no advanced warning. After reboot the machine froze. I then turned the machine off and watched “V” with the family (don’t know about this show yet…). An hour later I cranked it back up and worked for a few minutes at which point I received another BSOD stating, “inspect.sys”. I couldn’t make out any more because it restarted all on its own.
I rebooted the system one more time having unplugged the USB NetGear wireless Internet adapter. I left this session up all night and it was still functioning this morning. I reconnected the adapter and have been working okay since.
Issues with the other machines have always manifested themselves as freezing at the XP login screen, or shortly thereafter, prior to completing a startup. In the past I have rectified these issues by uninstalling and reinstalling COMODO.
Now, I want to pass this along… It’s either one hell of a coincidence, or a contributing cause. Each and every single time this has presented itself on any of the three machines it has been in conjunction with a new Windows Update alert (gold shield). COMODO issues don’t occur every single time a Windows Alert presents, BUT every single time COMODO freaks out is in conjunction with a Windows Update alert on that particular machine.
Hope this helps, please reply with better fixes if you’ve go 'em.
I-O, you can stop the automatic reboot behavior by doing the following:
Right-click My Computer icon, select Properties.
Go to Advanced tab, then Startup & Recovery section (toward the bottom).
Click the Settings button, and de-select the box for Automatically Restart.
make a note of the location for your minidump file; you may be requested to upload for review by the developers.
Regarding your issue; the BSOD you experienced is typically related to some malfunctioning driver. You might want to check CIS logs (especially for D+) to see if something was blocked, and/or flush your rules (ie, “Purge”) to get rid of any that are no longer relevant (you’ll sometimes have temporary files that get a rule inadvertently, etc).
The “IRQL_” blah blah blah is the BSOD error message (along with the 0x0… stop code) that indicates it is a driver problem. This is probably the inspect.sys; however, by turning off the automatic reboot, you should know for certain the next time it BSODs on you.
You don’t want to Purge the logs; you want to Purge your D+ rules. Go to Defense+ tab, Advanced, then Computer Security Policy, and click the Purge button. Before you let it clear everything, review what it’s showing you to see if there are any related to your scenario, which might be limited in what is Allowed. Once you’re satisfied, let it finish. Click Apply when it’s complete.
THe CIS logs are found from either Firewall or Defense + tabs under Common Tasks/View () Events. From there, click the More button. This will open the full log interface, where you can select to see Firewall, Defense +, or Antivirus logs. You’re probably going to want to look at the D+ as the most likely target. I’d focus on your USB WiFi, but keep your eye open for anything driver-related that was blocked.
You indicated that after rebooting and reconnecting your USB wifi that it’s been working fine (at the point of that edit). I’m hoping that you had a temporary block rule (ie, inadvertently selected Block w/o Remember), which would automatically be flushed with the next session, and that you’re now free and clear. The troubleshooting steps will help determine that.
...you want to Purge your D+ rules. Go to Defense+ tab, Advanced, then Computer Security Policy, and click the Purge button. Before you let it clear everything, review what it's showing you to see if there are any related to your scenario, which might be limited in what is Allowed. Once you're satisfied, let it finish. Click Apply when it's complete.
Done and understood...
THe CIS logs are found from either Firewall or Defense + tabs under Common Tasks/View () Events. From there, click the More button. This will open the full log interface, where you can select to see Firewall, Defense +, or Antivirus logs. You're probably going to want to look at the D+ as the most likely target. I'd focus on your USB WiFi, but keep your eye open for anything driver-related that was blocked.
Done and understood,... but, I checked all of the logs (firewall, d+, av) for today, this week and this month and there were no entries. There were a bunch for all time.
...I'm hoping that you had a temporary block rule (ie, inadvertently selected Block w/o Remember), which would automatically be flushed with the next session, and that you're now free and clear. The troubleshooting steps will help determine that.
Dunce cap on,... I have no idea as to what you are referring to...
BTW - Is the anything to the correlation of the COMODO incident(s) and Windows Update occurring at the same time? Ever heard of it before?
popup occurs, user selects Block but does not check the “Remember” box
popup occurs, user does not respond within default timeframe, popup goes away
In either of those two, the application from the popup will be blocked for that session. In other words, the next new event for that application, or especially after a reboot, will cause a new popup to occur. In other words, the “rule” will not show up in Computer Security Policy; it is temporary only and will be automatically flushed.
With default CIS install, it should self-configure to Allow Windows Updates processes and such. However, I have seen a few cases (on my systems) where with tighter settings, there may be some alerts requiring a response. If one of these were missed and thus blocked, you could end up with a malfunctioning driver (at least temporarily), and could result in a BSOD.
svchost.exe is the main system process behind Windows Updates, and is known to consume considerable resources in that scenario. This can cause CIS to consume a lot of resources if everything is not working properly; however, that should not cause BSODs.
