BSODs: Please add your minidump files here(v3)

Comodo Internet Security - CIS Resolved/Outdated Issues - CIS
41

Hi dchernyakov,

Thanks for posting back. A lot of us were wondering if we were being heard. Just posting back is reassuring. In my case, the BSODs only happen intermittently when I access one of my drives (Floppy/CD/DVD). I’ll try to supply as much information as possible if it happens again and I will include a text file in my minidump with the info. Lately, I’ve just been disabling CFP when using my drives.

We all want this fixed and we all should supply as much info as possible so the developers can find the problems soon! :-TU

42

i’m also getting the cmdguard.sys bsod on my cousin’s pc , it happen randomly on window startup. 1 thing to note is that prior to installing Nero 8, i don’t get any related bsod, after i install nero 8, i started to get random bsod on startup. I can’t confirm if its nero conflicting with comodo.My own system with Nero 7 installed and not having any bsod, my cousin’s pc is no longer with me, so can’t do more testing. Hope any one with nero 8 and comodo working well pls confirm.

My cousin’s pc is installed initially with Comodo CIS 3.5(Latest version), avast, BOClean on WinXP SP3, no problem with this setup until nero 8 installed. After the BSOD nightmares, revert back to comodo firewall last version of 3.0, after that no more bsod.Hope the Comodo staff can test with nero8 to determine if it is causing conflicts.Thanks

43

Hello. I have a Gateway E-155C tablet PC, with CIS 3.5.57173.439 installed. I’ve been having BSOD/hanging issues sporadically when waking up my computer after closing the lid. What will happen is either it won’t come out of sleep mode, then reboot, or I’ll get a BSOD with BAD_POOL_CALLER as the error code. I ran the minidump (attached to this post) through windbg, and it identified inspect.sys as the problem. I don’t know what to do about this, so I’m hoping that someone can analyze the dump file and help.

EDIT: I am also running Vista 32-bit Business, SP1

[attachment deleted by admin]

44

I don’t want to jump the gun here, but since updating to CIS version 3.5.57173.439, I’ve had no BSODs on my system. I’ve been burning CDs/DVDs without disabling CFP and have not had an incident (I had to disable CFP with past versions to avoid BSODs). I did, however, disable the Windows Indexing Service. I don’t know if this had anything to do with the BSODs or that maybe this new build has been fixed (at least in my case). Anyone still experiencing BSODs with WinXP may want to try turning of Indexing to see if it helps…If I start to get BSODs again, I will be sure to post back with my minidumps. :wink:

45

We have analkyzed your memory dumps but could not found the cause of crash. Pleas tell us more detail information about your installed software (especially security software, disc writing or special devices drivers) for resolving this problem.

46
  • Windows Version/Bit and Service Packs:

[li]Windows XP Pro 5.10.2600

  • SP3 with the latest Microsoft Updates

[/li]

  • Your realtime Antivirus/version,Spyware remover/Version, other Security Software/Version:

[li]CIS 3.5.57173.439

  • Spybot S&D 1.6.0.30 (only for scanning, no resident modules active, AFAIK)
  • ThinkVantage Rescue and Recovery - Client Security Solution 3.01.0037.00 (I have not been able to remove this package because of a failed ThinkVantage System Update)
  • ThinkVantage Fingerprint 5.6.2 Build 3650

[/li]

  • Affected Driver/Software and Version (if the bug doesn’t affect window itself):

[li]N/A

[/li]

  • Brief description of the problem (Attach Diagnostic report or crash dumps):

[li]BSOD with the following message: STOP: 0x0000007E (0xC0000005,0x804F04FE,0xF79F0A68,0xF79F0764)

  • It happens in a seemingly random fashion

[/li]

  • Steps to reproduce the bug (if applicable):

[li]When booting (when showing the pre-logon “Ctrl + Alt + Delete” dialog)

  • When plugging or unplugging an external USB hard drive
  • The BSOD that happened before the last one came when browsing your forum on Mozilla Firefox 3.0.4 (zipped minidump attached as Mini121008-04.zip)
  • The last BSOD happened while running the GMER 1.0.14.14536 Rootkit scan for reporting about the previous minidump (zipped minidump attached as Mini121108-01.zip)

[/li]

  • Gmer report (download) Only for 32bit platforms

[li]Zipped report attached as gmer_report.zip

[/li]

  • Hardware:

[li]IBM ThinkPad T60

  • BIOS version 2.22 (79ETE2WW) (2008-04-16)
  • Embedded controller version 1.07
  • Machine type-Model: 2623D4U
  • 1G RAM
  • 80G HD

[/li]

[attachment deleted by admin]

47

I had another BSOD recently, except this time I was running the Driver Verifier. I took a peek at the minidump and apparently inspect.sys violated the special pool (accessing already-freed memory).

I’ve attached the minidump file. My processor is a U7500 Core2 Duo, running Windows Vista Business with an Intel 3945a/b/g wireless card. I’m using the latest driver from Intel.

[attachment deleted by admin]

48

--------[ EVEREST Ultimate Edition 2006 (c) 2003-2006 Lavalys, Inc. ]---------------------------------------------------

Version                                           EVEREST v4.60.1500
Benchmark Module                                  2.3.237.0
Homepage                                          http://www.lavalys.com/
Report Type                                       Quick Report
Computer                                          
Generator                                        
Operating System                                  Microsoft Windows XP Professional 5.1.2600 (WinXP Retail) Polish
Date                                              2008-12-18
Time                                              18:28

--------[ Summary ]-----------------------------------------------------------------------------------------------------

Computer:
  Computer Type                                     Wieloprocesorowy komputer PC z interfejsem ACPI
  Operating System                                  Microsoft Windows XP Professional
  OS Service Pack                                   Dodatek Service Pack 3
  Internet Explorer                                 7.0.5730.13 (IE 7.0)
  DirectX                                           4.09.00.0904 (DirectX 9.0c)                   
  Logon Domain                                      
  Date / Time                                       2008-12-18 / 18:28

Motherboard:
  CPU Type                                          DualCore AMD Athlon 64 X2, 2730 MHz (13 x 210) 5200+
  Motherboard Name                                  ASRock ALiveNF4G-DVI  (2 PCI, 1 PCI-E x1, 1 PCI-E x16, 4 DDR2 DIMM, Audio, Video, LAN)
  Motherboard Chipset                               nVIDIA GeForce 6100, AMD Hammer
  System Memory                                     2048 MB  (DDR2-800 DDR2 SDRAM)
  DIMM1: OCZ XTC Platinum Rev.2 OCZ2P800R21G        1 GB DDR2-800 DDR2 SDRAM  (5-5-5-15 @ 400 MHz)  (4-5-5-13 @ 333 MHz)  (3-4-4-10 @ 266 MHz)
  DIMM2: OCZ XTC Platinum Rev.2 OCZ2P800R21G        1 GB DDR2-800 DDR2 SDRAM  (5-5-5-15 @ 400 MHz)  (4-5-5-13 @ 333 MHz)  (3-4-4-10 @ 266 MHz)
  BIOS Type                                         AMI (02/27/07)
  Communication Port                                Port komunikacyjny (COM1)
  Communication Port                                Port drukarki ECP (LPT1)

Display:
  Video Adapter                                     GIGABYTE Radeon X1600 PRO Secondary  (256 MB)
  Video Adapter                                     GIGABYTE Radeon X1600 PRO  (256 MB)
  3D Accelerator                                    ATI Radeon X1600 Pro (RV530)
  Monitor                                           1780  [17" LCD]  (2222222222222)
  Monitor                                           Hyundai IT X224W (Analog)  [22" LCD]  (X224WE8400365)

Multimedia:
  Audio Adapter                                     Realtek ALC888/1200 @ nVIDIA nForce 410 (MCP51) - High Definition Audio Controller

Storage:
  IDE Controller                                    Standardowy podwójny kontroler PCI IDE
  IDE Controller                                    Standardowy podwójny kontroler PCI IDE
  Storage Controller                                Virtual CloneDrive
  Floppy Drive                                      Stacja dyskietek
  Disk Drive                                        Brother DCP-115C USB Device
  Disk Drive                                        SAMSUNG HD300LJ  (300 GB, 7200 RPM, SATA-II)
  Disk Drive                                        ST3160815AS  (160 GB, 7200 RPM, SATA-II)
  Optical Drive                                     HL-DT-ST DVDRAM GSA-H12N  (DVD+R9:10x, DVD-R9:8x, DVD+RW:18x/8x, DVD-RW:18x/6x, DVD-RAM:12x, DVD-ROM:16x, CD:48x/32x/48x DVD+RW/DVD-RW/DVD-RAM)
  Optical Drive                                     SCSI DVD-ROM SCSI CdRom Device
  SMART Hard Disks Status                           OK

Partitions:
  C: (NTFS)                                         76293 MB (25999 MB free)
  D: (NTFS)                                         76332 MB (6759 MB free)
  G: (NTFS)                                         136.7 GB (1.4 GB free)
  H: (NTFS)                                         142.7 GB (3.9 GB free)
  Total Size                                        428.5 GB (37.3 GB free)

Input:
  Keyboard                                          Urządzenie klawiatury HID
  Mouse                                             A4Tech USB Port Mouse

Network:
  Primary IP Address                                192.168.1.100
  Primary MAC Address                               
  Network Adapter                                   NVIDIA nForce Networking Controller  (192.168.1.100)

Peripherals:
  Printer                                           Brother DCP-115C USB Printer
  Printer                                           HP DeskJet 950C/952C/959C
  Printer                                           Microsoft Office Document Image Writer
  Printer                                           Solid Converter PDF
  FireWire Controller                               VIA VT6306 Fire II IEEE1394 Host Controller
  USB1 Controller                                   nVIDIA nForce 410 (MCP51) - OHCI USB 1.1 Controller
  USB2 Controller                                   nVIDIA nForce 410 (MCP51) - EHCI USB 2.0 Controller
  USB Device                                        Brother DCP-115C USB
  USB Device                                        Live! Cam Notebook (VF0470) #3
  USB Device                                        Masowe urządzenie magazynujące USB
  USB Device                                        Rodzajowy koncentrator USB
  USB Device                                        Uniwersalna drukarka USB
  USB Device                                        Urządzenie audio USB
  USB Device                                        Urządzenie kompozytowe USB
  USB Device                                        Urządzenie kompozytowe USB
  USB Device                                        Urządzenie kompozytowe USB
  USB Device                                        Urządzenie USB interfejsu HID
  USB Device                                        Urządzenie USB interfejsu HID
  USB Device                                        Urządzenie USB interfejsu HID


FAULTING_MODULE: 804d7000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 493590aa

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Instrukcja spod “0x%08lx” odwo

FAULTING_IP:
nt+194fe
804f04fe 8b8020020000 mov eax,dword ptr [eax+220h]

EXCEPTION_RECORD: f78e6a68 – (.exr 0xfffffffff78e6a68)
ExceptionAddress: 804f04fe (nt+0x000194fe)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000220
Attempt to read from address 00000220

CONTEXT: f78e6764 – (.cxr 0xfffffffff78e6764)
eax=00000000 ebx=00000000 ecx=00000000 edx=00000000 esi=f78e6c14 edi=f78e6c6c
eip=804f04fe esp=f78e6b30 ebp=f78e6b30 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00210246
nt+0x194fe:
804f04fe 8b8020020000 mov eax,dword ptr [eax+220h] ds:0023:00000220=???
Resetting default scope

CUSTOMER_CRASH_COUNT: 2

DEFAULT_BUCKET_ID: WRONG_SYMBOLS

BUGCHECK_STR: 0x7E

LAST_CONTROL_TRANSFER: from ae366723 to 804f04fe

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
f78e6b30 ae366723 00000000 f72059e3 f78e6c6c nt+0x194fe
f78e6b68 ae3585e0 f78e6c14 f78e6b9c f78e6cb8 cmdguard+0xe723
f78e6b78 f72b3b27 f78e6c14 f78e6b9c 00000000 cmdguard+0x5e0
f78e6cb8 f72b3c33 88e01c88 89088674 f78e6cd8 fltmgr+0x2b27
f78e6cf0 f72bcfef 88e01c88 88e01c88 f78e6d30 fltmgr+0x2c33
f78e6d00 f72c2a24 88e01c88 80535780 88e529f8 fltmgr+0xbfef
f78e6d30 f72ca09f 88e529f8 00000008 8a9f2ad8 fltmgr+0x11a24
f78e6d50 f72bc8f7 88e01c94 00000008 8a9f2ad8 fltmgr+0x1909f
f78e6d68 f72c064e 88e8cee8 00000008 8056485c fltmgr+0xb8f7
f78e6d7c 8053877d 8a9f2ad8 00000000 8ac9f020 fltmgr+0xf64e
f78e6dac 805cff70 8a9f2ad8 00000000 00000000 nt+0x6177d
f78e6ddc 805460ee 8053868e 00000001 00000000 nt+0xf8f70
00000000 00000000 00000000 00000000 00000000 nt+0x6f0ee

FOLLOWUP_IP:
cmdguard+e723
ae366723 ?? ???

SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: cmdguard+e723

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: cmdguard

IMAGE_NAME: cmdguard.sys

STACK_COMMAND: .cxr 0xfffffffff78e6764 ; kb

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner

[attachment deleted by admin]

49

Hi!

I come across with a BSOD, and I suspect the cause of the problem was CFP, because WhoCrashed application (http://resplendence.com) says the crashed was caused by the following module: cmdguard.sys

Could you help me?

Windows Version/Bit and Service Packs → WinXP Pro SP3 32 Bit
Your realtime Antivirus/version,Spyware remover/Version, other Security Software/Version → Comodo 3.5.57173.439 and Avast Pro 4.8.1296
Affected Driver/Software and Version (if the bug doesn’t affect window itself) → N/A
Brief description of the problem (Attach Diagnostic report or crash dumps) → This was likely caused by the following module: cmdguard.sys
Bugcheck code: 0x1000007E (0xC0000005, 0x804F04FE, 0xBA4F3A68, 0xBA4F3764)
Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
file path: C:\WINDOWS\system32\drivers\cmdguard.sys
product: COMODO Internet Security Sandbox Driver
company: COMODO
description: COMODO Internet Security Sandbox Driver
Steps to reproduce the bug (if applicable) → It happens when iTunes is running. But doesn’t allways take the same time, it’s totally random.
Gmer report (download) Only for 32bit platforms → GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-20 22:20:53
Windows 5.1.2600 Service Pack 3
---- Devices - GMER 1.0.14 ----
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- EOF - GMER 1.0.14 ----

Minidump attached.

Thanks in advanced.

[attachment deleted by admin]

50

New Bug Report -

  1. Windows Version/Bit and Service Packs = Windows Vista Home Premium 32-bit with SP1

  2. Your realtime Antivirus/version,Spyware remover/Version, other Security Software/Version = Comodo Internet Security v3.5.57173.439; Windows Defender 1.1.1600.0; Lavasoft Ad-Aware Beta 3.2

  3. Affected Driver/Software and Version (if the bug doesn’t affect window itself) = None

  4. Brief description of the problem (Attach Diagnostic report or crash dumps) = After leaving the computer running for a long time, there is a BSOD STOP error for cmdguard.sys. Minidump file is attached.

  5. Steps to reproduce the bug (if applicable) = Open uTorrent and leave running for about 5 or 6 hours on its own. Wait until the BSOD appears. I have noticed the BSOD more than once in this case.
    (I did also notice that with ZoneAlarm, after leaving on for a long time, just uTorrent would crash instead - so this may actually be a problem with uTorrent, but the ZA forums suggested that it is ZA and not uTorrent that is faulty.)
    I have yet to test without any internet security software installed.

  6. Gmer report (download) Only for 32bit platforms = As attached.

Hardware
Dell Studio 1535 Laptop
BIOS A06, 2008-12-08
Intel Core 2 Duo CPU [ at ] 2.0 GHz
RAM 3 GB
HD 250 GB

Attempted solutions - None so far. Could attempt reintall or delete saved program Defense+ history.

Antivirus - Enabled
Network - Safe Mode
Defense+ - have tries setting it at Safe Mode and also Disabled, same problem occurs however.
Advanced settings - For Defense+, I ticked all the boxes under Defense+ > Advanced > Settings > Monitor Settings. I also enabled Image Execution to Aggressive.

UAC has been disabled in Vista - using Administrator account (only account on computer).

Thanks for the support guys!

[attachment deleted by admin]

51

Win XP SP3
Avast AV loaded.
Windows Defender loaded
Others - not loaded - Spybot

When I start my system, I get a BSOD caused by cmdguard.sys. I have turned off auto start of Comodo service and Comodo (cfp) startup prog.

Log is attached.

[attachment deleted by admin]

52

Numorus BSODs with Comodo 3.5…which ever. Now using v3.5.57173.439. When using V2 no problem. BSODs seem random.
XP home SP3 32 bit.
CFP
AVG Anti-virus
Comodo BOClean
Ad Aware
Spybot
Spywareblaster
Windows Defender
Roxio GoBack
last two mini dumps attached.
Thank you.

[attachment deleted by admin]

53

kennyb24

I’m using XP Pro SP3 but, like you, I have had Comodo running without problem until recent upgrades. I certainly didn’t have BSODS at startup, at a frequency of about one in 3 starts.

As I’ve said elsewhere, one of the bad things about Comodo is the way it gets into your system in such a way that it downs your network, stops other software updates being loaded and so forth - i.e. it makes a system unstable and unreliable. In some ways it’s as bad or worse than what it’s supposedly protecting against.

It’s a rare software product which makes me concerned to UNINSTALL it in case it trashes my system by doing so!

54

I’ve never had a BSOD on startup, just after running for a while. Seems completely random. I’ve uninstalled V3 and reinstalled V2 several times with no problem. The only time I have BSODs is when I’m running V3.

55

XP Pro SP3 x86
CIS 439 without AV
KAV 8.0.0.506
Control Panel - Administrative Tools - Computer Management - Disk Management After few seconds get BSOD every time.
From MS debug it points to cmdguard.sys
Firewall and Defence+ both in safe mode.
Admin account.

[attachment deleted by admin]

56

Here’s some more files. I’m going back to 3.0

[attachment deleted by admin]

57

Let me correct my previous post. I have no problems with V 3.0. Only with 3.5.

58

Numorus BSODs with Comodo 3.5
XP home SP3 32 bit.
CFP
AVG Anti-virus
Ad Aware
Spybot

Only seems to happen when running Sony Sonic Stage

[attachment deleted by admin]

59

<I would like to remove this minidump; there was a differrent, hardware-related cause for the instability, comodo just happened to be in the middle of it>

60

BSOD during uninstall of CIS 3.5.57173.439 x64, on Vista Ultimate US-English , SP1, x64

Uninstall because CIS did not work properly and leaves system in absolute unsecure condition. See also:
https://forums.comodo.com/firewall_bugs/cis_3557173439_vista_x64_does_not_detect_all_active_connections-t32601.0.html

My Data:
1, CPU: Intel Q9550, Quad Core X64
2, OS: Vista Ultimate US-English , SP1, x64, with all patches available on Microsoft Update
3, Security Apps: Symantec Endpoint Protection 11 MR4, Virusscan only (no Firewall), no Windows Defender
4, How to reproduce: i didn’t because may RAID is still rebuilding
5, What’s done to resolve it: nothing yet, i’l try another uninstall after RAID rebuilding is completed
6, Configuration: Firewall in custom mode, Defense+ in Clean PC mode;
8, BSOD, see attached minidump
9, Account: Admin Account with Vista UAC enabled

Thats from WinDbg crash dump analysis:

  •                                                                         *

  •                    Bugcheck Analysis                                    *

  •                                                                         *

Use !analyze -v to get detailed debugging information.

BugCheck CE, {fffffa6003b198e4, 8, fffffa6003b198e4, 0}

Loading symbols for fffffa6006bed000 cmdhlp.sys -> cmdhlp.sys *** ERROR: Module load completed but symbols could not be loaded for cmdhlp.sys Loading symbols for fffffa6005fb4000 tdx.sys → tdx.sys
Loading symbols for fffffa60`05d81000 afd.sys → afd.sys
Probably caused by : inspect.sys ( inspect+88e4 )

Followup: MachineOwner

0: kd> !analyze -v

  •                                                                         *

  •                    Bugcheck Analysis                                    *

  •                                                                         *

DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS (ce)
A driver unloaded without cancelling timers, DPCs, worker threads, etc.
The broken driver’s name is displayed on the screen.
Arguments:
Arg1: fffffa6003b198e4, memory referenced
Arg2: 0000000000000008, value 0 = read operation, 1 = write operation
Arg3: fffffa6003b198e4, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, Mm internal code.

Debugging Details:

WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80002839080
fffffa6003b198e4

FAULTING_IP:
inspect+88e4
fffffa60`03b198e4 ?? ???

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0xCE

PROCESS_NAME: System

CURRENT_IRQL: 0

TRAP_FRAME: fffffa6001dc2450 – (.trap 0xfffffa6001dc2450)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000001 rbx=fffffa800afc3060 rcx=00000000000005bc
rdx=0000000000000000 rsi=0000000000000000 rdi=fffffa8009b4e960
rip=fffffa6003b198e4 rsp=fffffa6001dc25e8 rbp=fffffa800afc3060
r8=000000000000760e r9=fffffa800c879a11 r10=fffffa6003b198e4
r11=fffffa6001dc2728 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz ac pe cy
<Unloaded_inspect.sys>+0x88e4:
fffffa60`03b198e4 ?? ???
Resetting default scope

IP_MODULE_UNLOADED:
inspect+88e4
fffffa60`03b198e4 ?? ???

LAST_CONTROL_TRANSFER: from fffff80002674361 to fffff80002665350

STACK_TEXT:
fffffa6001dc2358 fffff80002674361 : 0000000000000050 fffffa6003b198e4 0000000000000008 fffffa6001dc2450 : nt!KeBugCheckEx
fffffa6001dc2360 fffff80002663ed9 : 0000000000000008 0000000000000004 0000000000000000 fffffa8007140830 : nt!MmAccessFault+0x1371
fffffa6001dc2450 fffffa6003b198e4 : fffffa6006bee02e fffffa8006a09bb0 fffff8000266c7c1 0000000000000000 : nt!KiPageFault+0x119
fffffa6001dc25e8 fffffa6006bee02e : fffffa8006a09bb0 fffff8000266c7c1 0000000000000000 fffffa60012697f1 : <Unloaded_inspect.sys>+0x88e4
fffffa6001dc25f0 fffffa6006bee929 : 0000000000000000 fffffa8041706455 fffffa8007d4d420 0000000000000001 : cmdhlp+0x102e
fffffa6001dc2630 fffff800026676c5 : fffffa800d75a010 0000000000000001 fffffa800c879860 fffffa6005fbd5d6 : cmdhlp+0x1929
fffffa6001dc2670 fffffa6005fb59f2 : fffffa800c879860 fffffa800af58800 fffffa800d75a000 fffffa800d75a010 : nt!IopfCompleteRequest+0x315
fffffa6001dc2730 fffffa6005fbd686 : fffffa800c879860 fffffa800afc3060 fffffa800d75a010 0000000000000034 : tdx!DbgTdxDereferenceTransportAddress+0xd2
fffffa6001dc2760 fffffa6005fb941d : 0000000000000000 fffffa800afc3060 fffffa800afc31b0 fffffa800afa5060 : tdx!TdxDeleteTransportAddress+0x92
fffffa6001dc2790 fffffa6006beff06 : fffffa800d75a010 fffffa800afc31b0 0000000000000002 0000000000000000 : tdx!TdxTdiDispatchCleanup+0x49
fffffa6001dc27c0 fffffa6006beff9b : fffffa800d75a010 fffffa800d75a128 0000000000000002 fffffa8041786454 : cmdhlp+0x2f06
fffffa6001dc27f0 fffff800028e42e4 : fffffa800d551c30 fffffa800d75a010 0000000000000000 0000000000000013 : cmdhlp+0x2f9b
fffffa6001dc2820 fffff800028e1950 : 0000000000000000 fffffa800d551c30 fffff88010d03930 00000001656c6946 : nt!IopCloseFile+0x184
fffffa6001dc28b0 fffff800028e1d07 : fffff88010d03930 fffffa8000000001 fffffa80069dcc10 0000000000000000 : nt!ObpDecrementHandleCount+0xc0
fffffa6001dc2940 fffff800028e1ec4 : fffff88000001bc0 fffff88000001b00 0000000000000000 0000000000001a4c : nt!ObpCloseHandleTableEntry+0xb7
fffffa6001dc29e0 fffff80002664df3 : fffffa8006a09bb0 fffffa6001dc2ab0 fffffa6005da02d0 fffff800026689ed : nt!ObpCloseHandle+0x94
fffffa6001dc2a30 fffff80002665300 : fffffa6005da9d38 0000000000000060 00000000c000000d 0000000000000000 : nt!KiSystemServiceCopyEnd+0x13
fffffa6001dc2bc8 fffffa6005da9d38 : 0000000000000060 00000000c000000d 0000000000000000 0000000000000000 : nt!KiServiceLinkage
fffffa6001dc2bd0 fffffa6005dafb71 : 0000000000000000 fffffa8009bc6330 fffffa6005da02d0 fffff80002784680 : afd! ?? ::NNGAKEGL::string'+0xb2c fffffa6001dc2c60 fffffa6005d82cd7 : fffffa8009bc6330 fffffa6005da02d0 fffffa8006a09b00 fffff800027a28f8 : afd!AfdFreeEndpointTditl+0x21 fffffa6001dc2c90 fffff800028cd98f : fffffa800b037730 fffffa800b0286b0 fffff800027a28f8 fffffa8006a09bb0 : afd!AfdDoWork+0x67 fffffa6001dc2cc0 fffff8000267205a : fffff800028cd968 fffff800027a2801 fffffa8006a09b00 0000000000000001 : nt!IopProcessWorkItem+0x27 fffffa6001dc2cf0 fffff80002887ff3 : fffffa800b037730 0000000000000000 fffffa8006a09bb0 0000000000000080 : nt!ExpWorkerThread+0x11a fffffa6001dc2d50 fffff8000269f546 : fffffa6001bd8180 fffffa8006a09bb0 fffffa6001be1d40 0000000000000001 : nt!PspSystemThreadStartup+0x57 fffffa6001dc2d80 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 00000000`00000000 : nt!KxStartSystemThread+0x16

STACK_COMMAND: kb

FOLLOWUP_IP:
inspect+88e4
fffffa60`03b198e4 ?? ???

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: inspect+88e4

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: inspect

IMAGE_NAME: inspect.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 0

FAILURE_BUCKET_ID: X64_0xCE_W_inspect+88e4

BUCKET_ID: X64_0xCE_W_inspect+88e4

Followup: MachineOwner

Thanks
Wolfgang

[attachment deleted by admin]