A. THE BUG/ISSUE (Varies from issue to issue)
[ol]- Summary - Give a clear summary in the topic subject, NOT here.
- Can U reproduce the problem & if so how reliably?: Yes, it happens intermittently.
-
If U can, exact steps to reproduce. If not, exactly what U did & what happened:
When “Enable Enhanced Protection Mode” is enabled under HIPS settings, random BSODs occur at system boot-up. This also seems to be related to https://forums.comodo.com/empty-t94347.0.html
This happened when I was running Comodo v5, but v6 exhibits the same problem. - If not obvious, what U expected to happen: no BSODs
- If a software compatibility problem have U tried the conflict FAQ?: N/A
- Any software except CIS/OS involved? If so - name, & exact version: N/A
-
Any other information, eg your guess at the cause, how U tried to fix it etc:
Suspect driver conflict at bootup. Inspect.sys seems to be the main culprit and sometimes cmdguard.sys -
Always attach - Diagnostics file, Watch Activity process list, dump if freeze/crash. (If complex - CIS logs & config, screenshots, video, zipped program - not m’ware)
[/ol]
Mod edit: link to full dump, and diagnostics report, attached to post further down
B. YOUR SETUP (Likely the same for each issue, so you can copy forward)
[ol]- Exact CIS version & configuration: 6.1.276867.2813
- Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV: see attachments. Firewall on/off makes no difference.
- Have U made any other changes to the default config? (egs here.): N/A
-
Have U updated (without uninstall) from a CIS 5?: No, clean install of v6
[li]if so, have U tried a a clean reinstall - if not please do?:
[/li]- Have U imported a config from a previous version of CIS: No, clean config baseline
[li]if so, have U tried a standard config - if not please do:
[/li]- OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used: Win7 64bit, UAC on, Admin, no V Machine. -
Other security/s’box software a) currently installed b) installed since OS: a=No b=No
[/ol]
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000003, the pool freelist is corrupt.
Arg2: fffff80004212ab0, the pool entry being checked.
Arg3: fffff80004212ab0, the read back flink freelist value (should be the same as 2).
Arg4: fffffa8014d7f198, the read back blink freelist value (should be the same as 2).
Debugging Details:
BUGCHECK_STR: 0x19_3
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff800041b54b3 to fffff80004082c00
STACK_TEXT:
fffff88003738898 fffff800
041b54b3 : 0000000000000019 00000000
00000003 fffff80004212ab0 fffff800
04212ab0 : nt!KeBugCheckEx
fffff880037388a0 fffff880
020ba86c : 0000000000000000 fffff880
037389f0 000000000000000d ffffffff
00000000 : nt!ExDeferredFreePool+0xa53
fffff88003738990 fffff880
04f53970 : 0000000000000000 00000000
00000240 fffffa8014d70640 00000000
00000000 : ndis!NdisAllocateMemoryWithTag+0x1c
fffff880037389c0 00000000
00000000 : 0000000000000240 fffffa80
14d70640 0000000000000000 fffffa80
14d70640 : inspect+0x7970
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!ExDeferredFreePool+a53
fffff800`041b54b3 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!ExDeferredFreePool+a53
FOLLOWUP_NAME: Pool_corruption
IMAGE_NAME: Pool_Corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MODULE_NAME: Pool_Corruption
FAILURE_BUCKET_ID: X64_0x19_3_nt!ExDeferredFreePool+a53
BUCKET_ID: X64_0x19_3_nt!ExDeferredFreePool+a53
Followup: Pool_corruption
[attachment deleted by admin]