DPC_WATCHDOG_VIOLATION caused by inspect.sys on Windows 10

Comodo Internet Security - CIS Resolved/Outdated Issues - CIS
#1

Hi.

In the last few days I’m facing a BSOD and reboot on my Windows 10 machine (32bit, build 10586) every time I try to transfer big files (some GB) to another PC. At a random point the files transfer begin to slow down until the PC suddenly reboots with error: DPC_WATCHDOG_VIOLATION

I analyzed the BSOD with WhoCrashed (*) and the tool says: “This was probably caused by the following module: inspect.sys (inspect+0x10A51)”. This is the full message:

[b]On Wed 25/05/2016 17:19:31 GMT your computer crashed[/b] crash dump file: C:\WINDOWS\Minidump\052516-39937-01.dmp This was probably caused by the following module: inspect.sys (inspect+0x10A51) Bugcheck code: 0x133 (0x1, 0x1E00, 0x0, 0x0) Error: DPC_WATCHDOG_VIOLATION file path: C:\WINDOWS\system32\drivers\inspect.sys product: [b]COMODO Internet Security Firewall Driver[/b] company: COMODO description: COMODO Internet Security Firewall Driver Bug check description: The DPC watchdog detected a prolonged run time at an IRQL of DISPATCH_LEVEL or above. This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This problem might be caused by a thermal issue. A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: inspect.sys (COMODO Internet Security Firewall Driver, COMODO).

My Comodo Firewall seems to be up to date (v. 8.2.0.5027) and I never had this kind of problem before. Is there anybody who had the same issue?

Thanks in advance.

Marco Bux

(*) Resplendence Software - WhoCrashed, automatic crash dump analyzer

#2

How are you transferring files between the two PCs? Can you attach the mini dump? And finally edit your post to be in the required format so that this can be forwarded to the devs.

#3

Please provide complete memory dump.

#4

I tried to copy by using both windows drag&drop and robocopy. I found a workaround by using robocopy IPG option (for example 200 ms). This reduces the bandwidth but the file transfer works.

I don’t know if this is a bug. In any case I’ll try to format the message as you suggested as soon as I have a little time.

Thanks

#5

Ok. See file 052516-39937-01.dmp (zip).

[attachment deleted by admin]

#6

Unfortunately I had not enough space for the full dump (at least 25 GB of free disk space is required). Now I changed the file destination so as to have more space, but I don’t have any full dump so far.

#7

If you get BSOD again, please provide dump(s) for further investigation.

Thanks.

#8

I’m assuming that it’s resolved since the OP did not respond.

Thank you.

#9

Hi. I didn’t respond until now because I’m using the workaround that I explained above. By using the robocopy with the IPG option set to 150 or more I didn’t get any other BSOD. But just yesterday evening I tried to copy some quite big file (> 1GB) setting the IPG option to 100 instead of 150 and I promptly got a new BSOD. I analyzed the BSOD with WhoCrashed once again and the result is still the same:

“A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: inspect.sys (COMODO Internet Security Firewall Driver, COMODO).”

My Comodo Firewall version is 8.4.0.5076 but I’m still getting the problem of the version with which I opened this thread (8.2.0.5027).

On Tue 26/07/2016 18:03:18 GMT your computer crashed crash dump file: C:\WINDOWS\Minidump\072616-249656-01.dmp This was probably caused by the following module: inspect.sys (inspect+0x10A4F) Bugcheck code: 0x133 (0x1, 0x1E00, 0x0, 0x0) Error: DPC_WATCHDOG_VIOLATION file path: C:\WINDOWS\system32\drivers\inspect.sys product: COMODO Internet Security Firewall Driver company: COMODO description: COMODO Internet Security Firewall Driver Bug check description: The DPC watchdog detected a prolonged run time at an IRQL of DISPATCH_LEVEL or above. This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This problem might be caused by a thermal issue. A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: inspect.sys (COMODO Internet Security Firewall Driver, COMODO). Google query: COMODO DPC_WATCHDOG_VIOLATION
#10

File 2016-07-26.zip contains the minidump file and the WhoCrashed report.

[attachment deleted by admin]

#11

A. THE BUG/ISSUE

Can you reproduce the problem & if so how reliably?:
Almost always.

If you can, exact steps to reproduce. If not, exactly what you did & what happened:

  1. On a Windows 10 32bit machine, share a directory containing some big file (>2G)
  2. On a second Windows 10 machine, open the shared direcory and copy these files in the local disk. Use a 100Mb LAN connection.
  3. Pay attention to the resource manager of the first machine, expecially to the Ethernet graphic monitor (it should reach the 100% of the bandwidth), and wait for the BSOD.

One or two sentences explaining what actually happened:
The first machine crashes and reboots.

One or two sentences explaining what you expected to happen:
The first machine shouldn’t crash.

If a software compatibility problem have you tried the advice to make programs work with CIS?:
n/a

Any software except CIS/OS involved? If so - name, & exact version:
none

Any other information, eg your guess at the cause, how you tried to fix it etc:
I analyzed the BSOD with WhoCrashed and the tool says: “This was probably caused by the following module: inspect.sys (inspect+0x10A51)” (see attachments). I found a workaround by using robocopy IPG option (at least 150 ms). This reduces the bandwidth but the file transfer works.

B. YOUR SETUP

Exact CIS version & configuration:
Comodo Firewall 8.2.0.5027

Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV:
I always use the default configuration.

Have you made any other changes to the default config? (egs here.):
No, see above.

Have you updated (without uninstall) from CIS 5, 6 or 7?:
No.

Have you imported a config from a previous version of CIS:
No, I always use the Comodo Firewall update function.

OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used:
Windows version: Windows 10 32bit, 10.0, build: 10586
Hardware: AOD255E, Acer, JE02_PT_E
CPU: GenuineIntel Intel(R) Atom™ CPU N570 @ 1.66GHz Intel586, level: 6
4 logical processors, active mask: 15
RAM: 2136043520 bytes total

Other security/s’box software a) currently installed b) installed since OS, including initial trial security software included with system:
Avast Antivirus (with which never had any problem)

[attachment deleted by admin]

#12

Sorry you are having issues, but I could not get a BSOD on either computer running Windows 10 though I tested using the 10.0.0.5144 beta on both systems. I wonder does your LAN adapter have flow control or interrupt moderation capabilities and are they enabled? Also what are your firewall settings, can you provide a screenshot? In your diagnostic report in addition to avast, outpost is listed under incompatible software did you ever have any outpost software installed that maybe was not fully removed?

#13
I wonder does your LAN adapter have flow control or interrupt moderation capabilities and are they enabled?

Also what are your firewall settings, can you provide a screenshot?

668×541 9.04 KB

did you ever have any outpost software installed that maybe was not fully removed?

No.

Note - I began getting this issue only since the date on which this thread has been opened (about at the end of last May). Before that date I never had this problem. I think there has been a CIS and/or windows update around that period that has introduced/triggered this bug.

Thanks.

#14

Hi,

Could you check this issue with version 10 BETA? If you’re checking it with version 10 BETA, please check Reply #185 after installation.
Do note that you might have to provide a complete memory dump if you experience the issue with mentioned version. #guide

Many thanks.

#15

I had this issue some months ago. I was playing an old game (The Witcher) and it froze, no ctrl-alt-del so I couldn’t do nothing but press the reset button. Then all hell broke loose, my win 10 was broken (probably because the brilliant live updates from MS)… tried to boot with the win 10 stick to see if I can repair it somehow but no luck (stupid me I didn’t made a recovery stick). Formated C trying to install win 10 again (my files were in D) but it said it cannot install because the partition is MBR and can only install on GPT. Couldn’t see any way out of this except trying with another drive (didn’t want to format the entire HDD because I would’ve lost the files in D) and since most of my friends had laptops and few that had HDD in their pc weren’t available, I bought a SSD and installed win 10 on it. After that, my old HDD was gone from bios. Unplugged it (power too) and put it back again and the drive was present in bios again. Then I had this same issue… my file trasfer would go down to zero (after 5 seconds or so) and then after about 15-20 seconds I would get this error message. Managed to transfer the files using a memory stick. Then formated the old HDD using the tool from win 10 (diskpart) and chose GPT, something like this:

Then the old HDD wasn’t seen by win 10 or rarely when pluggin it in and out, flashed the bios to the latest version (mine wasn’t the latest but neither the factory older one), used HD Tune and the sectors on the HDD were red and the drive had I/O data transfer errors… so changed the sata 3 cable, formated, used HD Tune and now the drive is fine, even the app from WD sais so. The info here helped me alot:

http://www.tomshardware.co.uk/answers/id-1979046/hard-drive-appearing-disk-management-windows.html

NOTE: this issue was very annoying and stressful because it can be caused by a number of problems that are hard to identify… so either win 10 and his problem with old drivers, win 10 live updating when my game crashed, bios is old, either HDD I/O data transfer errors due to old or not properly inserted sata cable or some overzealous copy protection sistem (at first, same win 10 was installed on both drives).
I had no idea what the issue was but my best two guesses are that this is win 10 acting up against old driver/s or some copy protection sistem.

P.S… didn’t ruled out CIS but it seemed unlikely.

EDIT: CIS might have an incompatibility issue on win 10 with inspect.sys driver, see this post: https://forums.comodo.com/news-announcements-feedback-cis/fix-your-firewall-driverinspectsys-hybridrules-bug-affectcisupto-8204978-t112736.0.html

#16

Thanks Victor.
I think instead that CIS has to do with this issue.
The problem has been introduced after some CIS update:

#17

I second this. I just registered here to say that I’m experiencing the same behavior.

This would happen on only one of my three machines – all of which are running Windows 10 Anniversary Update with all the latest updates. I am also running the latest version of Comodo Internet Security on all of these computers.

When copying very large archives (about 40GB in size) over the network, it would so happen that the transfer speed would, at a random point (mostly at the beginning), drop – from an initial speed of about 900Mbps (this is a 1Gbps LAN) to about 70Mbps, and then a DPC_WATCHDOG_VIOLATION BSOD would occur on that particular computer, which always happens to be the one that the file is being copied from.

Analyzing the crash dump does not immediately reveal anything Comodo-related (“Probably caused by : ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string’+2a6e6”). However, could this be related to the fact that the OP and I are running different Windows 10 versions (OP is running the x86 version whereas I am running the x64 version)?

While disabling both the Firewall and Antivirus (I have Viruscope, HIPS and Auto-Sandbox disabled at all times) does not make things any better, uninstalling Comodo Internet Security completely does away this issue and it would no longer occur.

Thank you for your terrific product and hard work! Please let me know if you need any additional information.

#18

Please check this issue with version 10 beta & if you’re still experiencing it, kindly provide complete memory dump. ##

Thanks.

#19

Thank you for your contribution, PavelPr. Now I feel a little less alone… :wink:

Marco

#20

Hi Marco!

I feel your pain. :slight_smile:
By the way, mind sharing what is the nature of the files that are being copied – are these archives or disc images (ISO)?

Later I plan on generating a 40GB file filled with garbage data and then I intend on attempting to copy that file over the network. The rationale behind this is that by so doing, an assessment can be made as to whether “container” files are being on-the-fly extracted and recursively scanned in a way that is causing an I/O bottleneck, ultimately timing the OS out and knocking it off. While it is possible for a security product to scan unrecognized formats, I find this less likely. I might very well be wrong.

I therefore plan on verifying whether this slowdown (and ultimate BSOD) has anything to do with ostensibly scanning “inside” files.

I will also try to install the beta later and will report back. Have you installed it yet?