Endpoint Protection Small Business Edition

 View Only
Back to discussions
Expand all | Collapse all

BSOD 0x3B with SEP SBE 2013 (12.1.2015.2015)

  • 1.  BSOD 0x3B with SEP SBE 2013 (12.1.2015.2015)

    Posted Aug 16, 2013 11:57 AM

    Hi there,

    My computer has bluescreened today. I think the antivirus is the culprit, because it has never done so before and I just have Symantec Endpoint Protection Small Business Edition installed for some weeks.

    I ran the dump through an online crashanalysis, which pointed to ccSvcHst.exe...

    Anyone any ideas how to fix this?

    Analysis log follows.

    Thanks!

       Edwin.

    Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
Online Crash Dump Analysis Service
See http://www.osronline.com for more information
Windows 7 Kernel Version 7601 (Service Pack 1) MP (8 procs) Free x64
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Built by: 7601.17835.amd64fre.win7sp1_gdr.120503-2030
Machine Name:
Kernel base = 0xfffff800`02014000 PsLoadedModuleList = 0xfffff800`02258670
Debug session time: Fri Aug 16 09:40:35.182 2013 (UTC - 4:00)
System Uptime: 9 days 17:01:23.791
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff8000209ed46, Address of the instruction which caused the bugcheck
Arg3: fffff880131214d0, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

Debugging Details:
------------------

TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
nt!ExAcquireRundownProtectionCacheAwareEx+26
fffff800`0209ed46 498b00          mov     rax,qword ptr [r8]

CONTEXT:  fffff880131214d0 -- (.cxr 0xfffff880131214d0)
rax=0000000000000000 rbx=fffffa8019127300 rcx=fffff880010a85e2
rdx=00000000000007e0 rsi=fffffa8019364108 rdi=fffffa8020e939b0
rip=fffff8000209ed46 rsp=fffff88013121eb8 rbp=fffffa80193640a0
r8=6be9c93345f89328  r9=0000000000000001 r10=fffff8800132e940
r11=fffff88013121f20 r12=fffffa8019416a60 r13=fffff880010dce98
r14=0000000000000011 r15=0000000000000000
iopl=0         nv up ei pl nz na po nc
cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00010206
nt!ExAcquireRundownProtectionCacheAwareEx+0x26:
fffff800`0209ed46 498b00          mov     rax,qword ptr [r8] ds:002b:6be9c933`45f89328=????????????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT_SERVER

BUGCHECK_STR:  0x3B

PROCESS_NAME:  ccSvcHst.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from fffff8800131bb47 to fffff8000209ed46

STACK_TEXT: 
fffff880`13121eb8 fffff880`0131bb47 : 00000000`00000000 fffffa80`1cad2010 fffffa80`193640a0 fffff800`022c5d68 : nt!ExAcquireRundownProtectionCacheAwareEx+0x26
fffff880`13121ec0 fffff880`01322b44 : fffffa80`23b2aa00 00000000`00000000 00000000`00000000 00000000`00000402 : fltmgr! ?? ::FNODOBFM::`string'+0x3035
fffff880`13121f40 fffff880`04070bb5 : fffffa80`20e939b0 fffffa80`207707a0 00000000`00000000 fffffa80`19364108 : fltmgr!FltGetFileNameInformation+0x184
fffff880`13121fd0 fffff880`01336035 : fffffa80`207707a0 fffff880`0133590e fffffa80`207707a0 00000000`0000016c : luafv!LuafvGenerateFileName+0x6d
fffff880`13122000 fffff880`01335ead : 00000000`00000000 fffffa80`19364108 fffffa80`207707a0 00000000`00000000 : fltmgr!FltpCallOpenedFileNameHandler+0x75
fffff880`13122040 fffff880`01321b9d : c00000bb`24b19800 00000000`00000000 fffffa80`1cad2b00 fffffa80`1cad2020 : fltmgr!FltpCreateFileNameInformation+0x17d
fffff880`131220a0 fffff880`0131bbf6 : fffffa80`19127300 fffffa80`1cad2010 fffffa80`19364108 fffff8a0`294fe6c0 : fltmgr!HandleStreamListNotSupported+0x15d
fffff880`131220e0 fffff880`01322b44 : 00000000`00000000 00000000`00000000 fffffa80`1cad2010 00000000`00000402 : fltmgr! ?? ::FNODOBFM::`string'+0x30f3
fffff880`13122160 fffff880`14d031ed : fffffa80`207707a0 fffff8a0`0a401830 00000000`00000006 fffffa80`2107a270 : fltmgr!FltGetFileNameInformation+0x184
fffff880`131221f0 fffffa80`207707a0 : fffff8a0`0a401830 00000000`00000006 fffffa80`2107a270 fffffa80`00000000 : SRTSP64+0x8a1ed
fffff880`131221f8 fffff8a0`0a401830 : 00000000`00000006 fffffa80`2107a270 fffffa80`00000000 fffff880`14c7a029 : 0xfffffa80`207707a0
fffff880`13122200 00000000`00000006 : fffffa80`2107a270 fffffa80`00000000 fffff880`14c7a029 fffffa80`2107a270 : 0xfffff8a0`0a401830
fffff880`13122208 fffffa80`2107a270 : fffffa80`00000000 fffff880`14c7a029 fffffa80`2107a270 00000000`00000000 : 0x6
fffff880`13122210 fffffa80`00000000 : fffff880`14c7a029 fffffa80`2107a270 00000000`00000000 00000000`00000006 : 0xfffffa80`2107a270
fffff880`13122218 fffff880`14c7a029 : fffffa80`2107a270 00000000`00000000 00000000`00000006 fffff880`14d046de : 0xfffffa80`00000000
fffff880`13122220 fffffa80`2107a270 : 00000000`00000000 00000000`00000006 fffff880`14d046de fffffa80`21aacbe0 : SRTSP64+0x1029
fffff880`13122228 00000000`00000000 : 00000000`00000006 fffff880`14d046de fffffa80`21aacbe0 fffff880`14c9af0d : 0xfffffa80`2107a270


FOLLOWUP_IP:
luafv!LuafvGenerateFileName+6d
fffff880`04070bb5 eb13            jmp     luafv!LuafvGenerateFileName+0x82 (fffff880`04070bca)

SYMBOL_STACK_INDEX:  3

SYMBOL_NAME:  luafv!LuafvGenerateFileName+6d

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: luafv

IMAGE_NAME:  luafv.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bc295

STACK_COMMAND:  .cxr 0xfffff880131214d0 ; kb

FAILURE_BUCKET_ID:  X64_0x3B_luafv!LuafvGenerateFileName+6d

BUCKET_ID:  X64_0x3B_luafv!LuafvGenerateFileName+6d

Followup: MachineOwner
---------

     



  • 2.  RE: BSOD 0x3B with SEP SBE 2013 (12.1.2015.2015)

    Posted Aug 16, 2013 12:02 PM

    The latest version is RU3.

    There was a BSOD fix in RU3:

    BugCheck 19 (BAD_POOL_HEADER), 50 (PAGE_FAULT_IN_NONPAGED_AREA), or D1 (DRIVER_IRQL_NOT_LESS_OR_EQUAL) references various drivers

    Fix ID: 2860505

    Symptom: The Symantec Endpoint Protection client experiences various blue screens, including BugCheck 19 (BAD_POOL_HEADER), 50 (PAGE_FAULT_IN_NONPAGED_AREA), or D1 (DRIVER_IRQL_NOT_LESS_OR_EQUAL).

    Solution: Updated the SymNetDrv component to avoid a buffer overflow.

     

    What components do you have installed?



  • 3.  RE: BSOD 0x3B with SEP SBE 2013 (12.1.2015.2015)

    Posted Aug 16, 2013 12:05 PM

    Check the attach Microsoft Link to fix it

    http://msdn.microsoft.com/en-us/library/ff558949%28VS.85%29.aspx



  • 4.  RE: BSOD 0x3B with SEP SBE 2013 (12.1.2015.2015)

    Posted Aug 16, 2013 12:39 PM

    Thanks for your reply.

    My version numbers are:

    Symantec Endpoint Protection: 12.1.2015.2015

    Symantec.cloud - Cloud Agent: 2.03.41.2512

    Symantec.cloud - Endpoint Protection: SEP-12.1.2015.2015

     



  • 5.  RE: BSOD 0x3B with SEP SBE 2013 (12.1.2015.2015)

    Posted Aug 16, 2013 12:42 PM

    Already checked the links, but the "solutions" are just a selection from the usual steps (check recently installed s/w, update device drivers etc., check hardware), so not very usefull.

    The only "new" thing on the laptop is the Symantec virusscanner...



  • 6.  RE: BSOD 0x3B with SEP SBE 2013 (12.1.2015.2015)

    Posted Aug 17, 2013 10:06 AM

    Check the Brian Comment, this issue is fix in 12.1 ru3.

    download 12.1 ru3 from file connect and install it

    Start the system in Safe mode, remove that application and after removing restart system in normal mode and install new version.



  • 7.  RE: BSOD 0x3B with SEP SBE 2013 (12.1.2015.2015)

    Posted Aug 17, 2013 03:28 PM

    Sumit G, thanks for your support...

    Facing another problem now, how to get 12.1 ru3 installed. LiveUpdate doesn't find the update, File Connect requires a serial and doesn't accept my trial serial number and the download links on http://www.symantec.com/business/support/index?page=content&id=TECH206977 are dead...

    So mondag I'll try to contact Symantec...

    Kind regards,

       Edwin.

     



  • 8.  RE: BSOD 0x3B with SEP SBE 2013 (12.1.2015.2015)

    Posted Aug 17, 2013 03:34 PM

    You need to download using your serial number

    https://fileconnect.symantec.com



  • 9.  RE: BSOD 0x3B with SEP SBE 2013 (12.1.2015.2015)

    Posted Aug 17, 2013 04:27 PM

    So Í think something's wrong or I have to be patient, because I just bought 3 years of SEP 2013, got a serial number (starting with M and 10 digits), but fileconnect gives an error:

    The Serial Number "M##########" does not exist.



  • 10.  RE: BSOD 0x3B with SEP SBE 2013 (12.1.2015.2015)

    Posted Aug 18, 2013 04:40 PM

    Hi there,

    So, I think I know what you mean now... I just downloaded SEP from fileconnect and installed the Client. I'm now running 12.1.3001.165 (Common Client 12.3.2.6), but this is the on-premise client...

    I was running the .cloud edition, but now the on-premise client... No problem for me; maybe the on-premise client gets more support (more used?), but anyway I hope no more BSOD's with this client...

    Thanks for the help!

       Edwin.



  • 11.  RE: BSOD 0x3B with SEP SBE 2013 (12.1.2015.2015)

    Posted Aug 19, 2013 10:05 AM

    See above (forgot to add this as a reply).