cmdmon.sys Causing BSOD Irql_Less_Than_or_not_equal 0x804e469a

cmdmon.sys monitor file has been Causing BSOD Irql_Less_Than_or_not_equal 0x804e469a

Bugcheck Analysis

Use !analyze -v to get detailed debugging information.

BugCheck 1000000A, {16, 2, 0, 804e469a}

*** WARNING: Unable to verify timestamp for cmdmon.sys
*** ERROR: Module load completed but symbols could not be loaded for cmdmon.sys
Probably caused by : cmdmon.sys ( cmdmon+7a8 )

Followup: MachineOwner

kd> !analyze -v

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000016, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 804e469a, address which referenced memory

Debugging Details:

READ_ADDRESS: 00000016

CURRENT_IRQL: 2

FAULTING_IP:
nt!KeSetEvent+30
804e469a 66394616 cmp [esi+0x16],ax

CUSTOMER_CRASH_COUNT: 3

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xA

LAST_CONTROL_TRANSFER: from f4a66f89 to 804e469a

STACK_TEXT:
f7bc1ce0 f4a66f89 821ddd94 00000000 00000000 nt!KeSetEvent+0x30
f7bc1d04 f4a670bd 81fd46d0 c000023a 00000000 tcpip!TCPDataRequestComplete+0x93
f7bc1d34 f4a4323d 81fd46d0 821dddac 81fd4780 tcpip!TCPSendData+0xa6
f7bc1d50 804e37f7 82376030 81fd46d0 81fd47a4 tcpip!TCPDispatchInternalDeviceControl+0x51
f7bc1d60 f87567a8 f875f1d0 82101e4c 82101e4c nt!IopfCallDriver+0x31
WARNING: Stack unwind information not available. Following frames may be wrong.
f7bc1d74 f875bee1 82376030 81fd46d0 00000000 cmdmon+0x7a8
f7bc1dac 8057be15 00000000 00000000 00000000 cmdmon+0x5ee1
f7bc1ddc 804fa4da f875b904 00000000 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

STACK_COMMAND: kb

FOLLOWUP_IP:
cmdmon+7a8
f87567a8 ?? ???

FAULTING_SOURCE_CODE:

SYMBOL_STACK_INDEX: 5

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: cmdmon+7a8

MODULE_NAME: cmdmon

IMAGE_NAME: cmdmon.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 449a3523

FAILURE_BUCKET_ID: 0xA_cmdmon+7a8

BUCKET_ID: 0xA_cmdmon+7a8

I replaced ram, hard drive and video card before finding it was this. After a clean os install the Bsods started again after installing comodo firewall. Just wanted to update since my original post i have checked with my friends that i showed comodo to and are using it. They have not encountered any relevant issues. Since removing cmdmon.sys i have had no bsod’s but am no longer able to use the firewall obviosly. If there is any other hardware info i can post that would help with diagnosis Please let me know. I believe this could be such a great program. I was so happy to see all the development work you have done in this version. I really hope this issue can be resolved.

What is your Operating system? What other security software do you have installed? And can you please send this memory dump to us.

Thx,
Egemen

Hi Egeman
Thank you for your reply. I sent a dmp file to titled RE: cmdmon.sys Causing BSOD Irql_Less_Than_or_not_equal 0x804e469a [284803:271134] with os and security details. I had sent an email earlier today which was replied to by W. from Technical Support. (V)

Hi,

Thank you for sending the memory dump. As far as I see, the problem may be caused by a driver working with the CPF’s TDI driver. But to make sure we need to know the following:

1- What is your Operating system?
2- What other security software do you have installed?
3- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CmdMon, there is a key called “Tag”. Can you delete it and retry?

Thank you for the cooperation,
Egemen

Hi egman i includedthe details list in the email I sent with the dump file as follows. I am running win xp pro sp2 (and updated) on a fresh installation with limited 3rd party installations while I sort out this error. I have only installed programs I have used for a long time with no issues. As for security i have windows firewall off, I have tried with it on as well, no difference. I had spybot installed in the previous installation of xp i do not have it in this fresh install yet. i am using comodo antivirus in this new installation , I had kasperskey 6 trial installed in the previous installation of xp. I have firefox 1.5.0.4 with noscript and adblock, but i installed firefox and its extensions after the cmdmon.sys bsod’s restarted. I had fire fox installed with both those extensions on the previous xp installation with mcafee site advisor.

To summarize:
Original OS Installation: win xp pro sp2, windows firewall off, comodo FW 2.0.1.1, kasperskey AV 6 trial, Spybot S&D, firefox 1.5.0.4 with noscript, adblock and mcafee site advisor extensions.

New OS Installation with new hardware: win xp pro sp2, windows firewall off, comodo FW 2.0.1.1, Commodo AV, firefox 1.5.0.4 with noscript and adblock extensions.

Now: win xp pro sp2, windows firewall off, comodo FW 2.3 beta, Commodo AV, firefox 1.5.0.4 with noscript and adblock extensions.

I uninstalled version 2.0.1.1 and installed the 2.3 beta, so far I have been running for 23hours since the install with no conflicts. I think we may have a winner because the longest I could go without bsod with 2.0.1.1 was 4 hours and the bsod’s started soon after the install more specifically I believe after the the program updated and rebooted. I could reinstall V2.0.1.1 and try the reg edit if you like. Thank you for your persistence, Strawberrry Shortcake

Can you verify that 2.0.1.1 crashes with your current OS installation? If it crashes, can you please try to modify the registry according to my previous post? Beause it seems this is only happening in your PC. We have no previous reports. I do wonder why this may happen.

Thx,
Egemen

alright I need some time, i’ll get back to you late tonight or tommorow morning

Hey egemen,

Out of curiousity, what does the “tag” key do?

Ewen

Hi Ewen,

It is something about the driver loading order. But dont try changing this at home:)

Egemen

Hi Egeman
I installed a new operating system Same setup as listed before but a little lighter: when I installed comodo my installer is version 1.0.01. It now updates to version 2.2.0.11. Is this a new version or the same as V2.01.1? I do not appear to get the bsod with this version. The version running durring the bsod occurences on the 2 other operating systems was V2.0.1.1. If it is a new version, are they much different? I havent removed the tag since the bsods have not begun.

I still havent had this issue appear on the beta 2.3 version. Only on the 2 operating systems I had V2.0.1.1 on. I would assume its resolved in the version updates. Also due to the fact I ran Stable for the first week or so before it updated to V2.0.1.1; If the versions are different, I would conclude it’s specific to that version. i’ll keep running V2.2.0.11 to see if anything changes but i am confident my system is stable with the 2.3 beta. Strawberry Shortcake

The latest stabe version is 2.2.0.11.
The version 2.0.1.1 is an old version and many things have changed since. It may be something addressed then.

Thanks for the cooperation,

Egemen

Sure thing.
Good luck guys, It’s come a long way. Good work!
Strawberrry Shortcake

I Had the BSOD Re-Start on the 2.3 beta version. I turned on the boot up protection, soon after it crashed with the irql less than or not equal 804e469a. I couldn’t boot up from it because of repetitive bsod’s IRQLless than or not equal & paged fault.

So I went in safe mode, disabled boot protection in commodo and deleted Tag from HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CmdMon. I was able to boot up, but less than 5 minutes later I got another IRQL BSOD. After a couple more tries I uninstalled commodo firewall and put in another companies, no bsod since.

I know you were curious why this is only on my pc so far as you know. Most users dont know enough to track it down. It’s probly happened before, Im probably just the first to post about it. I have only had this issue while comodo is installed. I have tried different hardware and software combinations. I can no longer continue testing as this is my only pc at the moment, I need it stable. Strawberrry Shortcake

Hmm. You must be using 2.3.0.19 BETA version? Please use 2.3.1.20 BETA which fixed this problem and let us know if it fixed.

Egemen

I regularly have a blue screen followed by a reboot under windows XP sp2 since I updated comodo firewall to Comodo 2.4 Update . Here is the windbg analysis:

•                                                                         *
  

•                    Bugcheck Analysis                                    *
  

•                                                                         *
  

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 00000016, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 804e469a, address which referenced memory

Debugging Details:

READ_ADDRESS: 00000016

CURRENT_IRQL: 2

FAULTING_IP:
nt!KeSetEvent+30
804e469a 66394616 cmp word ptr [esi+16h],ax

DEFAULT_BUCKET_ID: INTEL_CPU_MICROCODE_ZERO

BUGCHECK_STR: 0xA

PROCESS_NAME: System

TRAP_FRAME: f89f0c24 – (.trap fffffffff89f0c24)
ErrCode = 00000000
eax=00000001 ebx=c0000100 ecx=8163a364 edx=00000000 esi=00000000 edi=00000000
eip=804e469a esp=f89f0c98 ebp=f89f0ca4 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
nt!KeSetEvent+0x30:
804e469a 66394616 cmp word ptr [esi+16h],ax ds:0023:00000016=???
Resetting default scope

LAST_CONTROL_TRANSFER: from 804e469a to 804e187f

STACK_TEXT:
f89f0c24 804e469a badb0d00 00000000 00000000 nt!KiTrap0E+0x233
f89f0ca4 f4a24eeb 8163a364 00000000 00000000 nt!KeSetEvent+0x30
f89f0cc8 f4a2501f 821d3008 c000023a 00000000 tcpip!TCPDataRequestComplete+0x93
f89f0cf8 f4a0127d 821d3008 8163a37c 821d30b8 tcpip!TCPSendData+0xa6
f89f0d14 804e37f7 82091030 821d3008 821d30dc tcpip!TCPDispatchInternalDeviceControl+0x51
f89f0d24 f49e87e2 f49f7e90 81ce4694 81ce4694 nt!IopfCallDriver+0x31
WARNING: Stack unwind information not available. Following frames may be wrong.
f89f0d38 f49ef299 82091030 821d3008 00000000 cmdmon+0x7e2
f89f0dac 8057be15 00000000 00000000 00000000 cmdmon+0x7299
f89f0ddc 804fa4da f49eec80 00000000 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

STACK_COMMAND: kb

FOLLOWUP_IP:
cmdmon+7e2
f49e87e2 5f pop edi

SYMBOL_STACK_INDEX: 6

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: cmdmon

IMAGE_NAME: cmdmon.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 45bc9111

SYMBOL_NAME: cmdmon+7e2

FAILURE_BUCKET_ID: 0xA_cmdmon+7e2

BUCKET_ID: 0xA_cmdmon+7e2

Followup: MachineOwner

I’m also having BSOD with version 2.4.18.184 firewall.

After running windbg on the minidump file the problem was found to be cmdmon.sys

Some help?

Me to, the same problem - BSOD caused by Comodo firewall - using newest version there is.

My OS is WinXP + SP2 (regularly updated).

I’ve unistalled firewall and no problem with BSOD after that.

Will wait for fixes after I next time install Comodo.

Likewise with the above post. Same OS, all current and updated, with latest stable (or what I thought was stable) comodo firewall.

Same problem here, BSOD 3 times this morning on XP Pro, twice yesterday. I’m using Comodo version 2.4.18.184.

It could be a hardware problem. I have Windows 2000 SP4 here and I was getting that error too with v2.4 of Comodo. It started happening after I went from an offboard IDE controller to the onboard one. The motherboard later turned out to be faulty as well and was replaced.

Even though your replaced the RAM and hard drive, the disk controller on the motherboard could be the actual culprit. Check the event viewer for event ID 4098, source EventSystem.