Cmdguard.sys probably causes BSOD when /3gb option is used [NBZ]

cmdguard.sys probably causes BSOD when /3gb option is used

The bug/issue

  1. What you did: i set up in boot.ini options “/3GB /userva=2900 /PAE” , i got BSOD and then analyzed minidump file
    with kdfe - it claimed probably caused by cmdguard.sys
  2. What actually happened or you actually saw: windows boots , and on a black screen the mouse pointer appears for a few seconds and then there is a blue screen of death
  3. What you expected to happen or see: i expected to boot windows normally
  4. How you tried to fix it & what happened: removed /3bg option and windows booted normally
  5. If its an application compatibility problem have you tried the application fixes here?: Na
  6. Details & exact version of any application (execpt CIS) involved with download link: csrss.exe was involved in minidump information
  7. Whether you can make the problem happen again, and if so exact steps to make it happen: write in boot ini /3bg option
  8. Any other information (eg your guess regarding the cause, with reasons): NA

Files appended. (Please zip unless screenshots).

  1. Screenshots illustrating the bug:
  2. Screenshots of related CIS event logs and the Defense+ Active Processes List:
  3. A CIS config report or file.
  4. Crash or freeze dump file:

Your set-up

  1. CIS version, AV database version & configuration used:5.3.176757.1236, vdb 7481
  2. a) Have you updated (without uninstall) from CIS 3 or 4: yes
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?: no
  3. a) Have you imported a config from a previous version of CIS: no
    b) if so, have U tried a standard config (without losing settings - if not please do)?: no
  4. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): no
  5. Defense+, Sandbox, Firewall & AV security levels: D+=safe mode , Sandbox= off, Firewall = safe mode, AV = stateful
  6. OS version, service pack, number of bits, UAC setting, & account type: windopws xp sp3 32, bit , (build 2600.xpsp_sp3_gdr.100427-1636 : service pack 3) , administrator (user is member of administrators), (only account user (in group of administrators) has right to lock pages in memory for awe and /3gb option)
  7. Other security and utility software installed: no
  8. Virtual machine used (Please do NOT use Virtual box): no

[attachment deleted by admin]

Could you please add to your first post the missing information.

  1. OS version, service pack, number of bits, UAC setting, & account type: win xp sp3 32 bit

account type: Adminstrator or Limited

Thank you


Thank you for your bug report in the required format.

Moved to verified.

Thank you