Containment - BSOD - Brave browser after Reset the Container

V12.2.2.8012 (Firewall only) Windows 7 Ultimate 64-bit (clean install with all MS-updates)

Brave Browser - Release v1.31.87

Steps to replicate:

  1. Start Brave in Containment.
  2. Close Brave in Containment.
  3. Execute “Reset the Container”.
  4. Windows 7 crashes with a BSOD and reboots.


Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.

Additional information about the problem:
BCCode: 3b
BCP1: 00000000C0000005
BCP2: FFFFF80003A9E004
BCP4: 0000000000000000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1

Hi CISfan,

Thank you for reporting, could you respond to the below required detail.

  1. Is there any other security product installed on your machine?
  2. Any other information, eg your guess at the cause, how you tried to fix it etc.


Hello C.O.M.O.D.O RT,

  1. Yes, the other security product is Avira AV which is up-to-date and gets regularly updated.
  2. Currently I have no clue as to why this happens. I have never seen a BSOD happen before with other applications running either inside or outside containment.

Additional information:

When step 2) in my OP is skipped, so executing only steps 1) and 3), then step 4) does not happen (Windows 7 does not crash and there is no BSOD).

Additionally, because of this BSOD all HIPS rules got corrupted / deleted and now I’m getting all sorts of HIPS Alerts related to System execution.

As Windows 7 and CIS have become unstable I have to restore Windows 7 backup image.

Hi CISfan,

We have followed your steps and tested, no BSOD found.
As we already said We do not recommend customers to use several security products simultaneously, because their combination can cause conflicts and further more issues. So please disable other security software, restart and check. If you still have the issue, kindly report back.


Hello C.O.M.O.D.O RT,

After restoring Windows 7 backup image (the backup image was made just before I started installing an older Brave version v1.30.84 some time ago) I installed Brave v1.31.87 again (I skipped installing Brave v1.30.84) and let Avira update its database and program.
After that I disabled all heuristic analysis detection settings in Avira, rebooted my machine in order for the changes to take effect and after logon to desktop I also disabled Real-Time protection and then tried to reproduce the issue, result no BSOD.
Next I enabled all heuristic analysis detection settings again and rebooted once again and let Real-Time protection enabled after logon to desktop and tried to reproduce the issue once more, also this time no BSOD.

It is puzzling to me as to why the BSOD doesn’t occur anymore when trying to reproduce it.
It seems that the glitch which caused this issue has vanished.
CIS and Avira seem to go well together. :slight_smile:

To know the origin of the BSOD (crash)
Use BlueScreenView:

Thanks for the info, I know that tool.
I should have checked that tool before I restored the Windows 7 backup image… the BSOD info is gone now.

Nevertheless I have setup Windows 7 to produce a small memory dump debugging file in case the BSOD happens again.

Hello C.O.M.O.D.O RT,

Allow me to quote the following:

Since Brave is a chrome based browser the BSOD is most likely caused by this known issue and not by using a third-party security product (Avira) alongside CIS.

Hi CISfan,

Are you getting the BSOD now ?

1) Start Brave in Containment. 2) Close Brave in Containment. 3) Execute "Reset the Container". 4) Windows 7 crashes with a BSOD and reboots.
We have followed your steps and couldn't see any crash with BSOD.


Hello C.O.M.O.D.O RT,

After restoring Windows 7 backup image I installed Brave again (as mentioned earlier) to try to reproduce the BSOD. I tried many times but the BSOD didn’t happen anymore.
I restored the Windows 7 backup image one more time and didn’t install Brave this time (I’m not using it anymore). Maybe I will install Brave again sometime and try again if the BSOD happens but I have still no clue how to trigger or to reproduce this issue, the reproducibility of this issue is very low.

If someone knows (mods?) and could explain to me why and how this happens I could use that information to try to reproduce the issue again and pass you the information.

I think this issue is very hard to reproduce.