FSLX.sys causes LOOP
I've been dealing with this problem for several months now. Random machines will get into a LOOP after a user turns their computer on in the morning. Everything will be fine for several weeks, and then for no apparent reason it starts to loop.
Computer is turned on and when it gets passed the Windows XP boot image, the screen goes BLACK and nothing happens----OR---if something does happen, it keeps restarting after the image is displayed. The most common being the stop at the black screen.
---Things I've tried from reading other threads.
1. Upgraded all SVS clients to 2.1.3062
2. Added all Trend Officescan, ESS, and Altiris processes to the ProgramIgnoreList under HKLM\System\Altiris\FSL\ key.
[_B_]PROGRAMFILES[_E_]\Trend Micro\OfficeScan Client\NTRtScan.exe
[_B_]PROGRAMFILES[_E_]\Trend Micro\OfficeScan Client\PccNTMon.exe
[_B_]PROGRAMFILES[_E_]\Trend Micro\OfficeScan Client\TmListen.exe
[_B_]PROGRAMFILES[_E_]\Trend Micro\OfficeScan Client\TmProxy.exe
[_B_]PROGRAMFILES[_E_]\Altiris\Altiris Security Client\STEngine.exe
[_B_]PROGRAMFILES[_E_]\Altiris\Altiris Security Client\STUser.exe
[_B_]PROGRAMFILES[_E_]\Altiris\Altiris Agent\Software Delivery\{01B54EB5-3679-4C73-9E10-E169D5A5EC59}\cache\AeXInvSoln.exe
[_B_]PROGRAMFILES[_E_]\Altiris\Altiris Agent\Software Delivery\{01B54EB5-3679-4C73-9E10-E169D5A5EC59}\cache\AeXMachInv.exe
[_B_]PROGRAMFILES[_E_]\Altiris\Altiris Agent\Software Delivery\{01B54EB5-3679-4C73-9E10-E169D5A5EC59}\cache\AeXNSInvCollector.exe
[_B_]PROGRAMFILES[_E_]\Altiris\Altiris Agent\Software Delivery\{01B54EB5-3679-4C73-9E10-E169D5A5EC59}\cache\AeXAuditPls.exe
3. Excluded c:\windows\system32\drivers\fslx.sys from all Trend Officescan scan settings.
4. Removed Endpoint Security Solution from all clients.
5. Updated to the latest ATI drivers
6. Today 2/23/09, I also excluded c:\windows\system32\drivers\alkernel.sys from Trend Officescan.
(we'll see how this one works out).
The only way i'm able to fix this issue currently is to...
1. Boot into SafeMode and replace the permissions for c:\fslrdr and HKLM\Software\fslrdr\.
2. Delete everything under c:\fslrdr and HKLM\Software\fslrdr
3. Boot normal
4. Add all the layers back
And when that doesn't work...
1. Boot into SafeMode and rename the fslx.sys
2. Boot normal
3. Remove SVS via Add/Remove programs
4. Restart
5. Install SVS agent
6. Add all the layers back
Anyone have any other ideas? I'm not ready to give up on SVS yet, but it seems like this has been an issue for several months and there's no one fix for it. We get about 3-4 computers doing this a week.
All Altiris Agents installed include....
Altiris Aclient 6.9.176
Altiris Agent 6.0.2399
Altiris Client Task Agent 6.0.1404
Altiris Script Task Agent 6.0.1404
Altiris Software Delivery Agent for Task Server 6.1.1030
Altiris Software Update Agent 6.2.2514
Application Metering 6.1.31
Dell Client Manager Agent 2.2.1019
Inventory Agent Package 6.1.1075
Inventory Rule Agent 6.2.2692
Software Delivery Solution Agent 6.1.1016
Software Inventory Agent 6.2.2514
Software Virtualization Agent 2.1.3062
Task Synchronization Agent 6.1.1030
Comments 13 Comments • Jump to latest comment
Sounds like a crash (BOD) to me and that the clients are configured to automatically restart.
What happens if you "disable" the filter server (fslx) and then reboot, does the same happen?
Can you configure to save a memory dump for analyze?
If I disable fslx.sys (rename the file) or remove HKLM\System\CurrentControlSet\services\FSLX the computer boots fine, but of course the SVS layers aren't available.
Okay, will wait for another computer to have the problem and I'll post the memory dump.
After a BlueScreen on my Vista 32 computer i've got the same behavior. I booted into safe mode. Removed the SVS software. Rebooted and the computer runs fine again. Then i could reinstall SVS wothout an issue. Something destroyed SVS when the bluescreen did appear.
The bluescreen i think was a problem of the computer because of heavy cpu load. Nothing to do with SVS
greetz
Sundance
Just load the crashdump into windbg and you should see if it's the SVS virtual driver (fslx.sys) or not.
Here's a dump from a machine that had the problem today.
Hi DSguy,
Could be that you have an old ATI graphics driver (ati2mtag.sys).
Try to get a new driver version and see if that helps.
STACK_TEXT:
f78d6b14 80550fc5 00000019 00000020 804ea6bb nt!KeBugCheckEx+0x1b
f78d6b64 805503e3 804ea6c3 00000000 f78d6bd4 nt!ExFreePoolWithTag+0x2c1
f78d6b74 ba7b7732 804ea6c3 893ff1a8 89ab1038 nt!ExFreePool+0xf
WARNING: Stack unwind information not available. Following frames may be wrong.
f78d6bd4 ba7b6e91 f78d6cd0 f78d6d18 f78d6bf8 ati2mtag+0xb2732
f78d6d68 8056d03c 89ab1038 89b053a8 805694fc ati2mtag+0xb1e91
f78d6d7c 804e23b5 893ff1a8 00000000 89bfab30 nt!IopProcessWorkItem+0x13
f78d6dac 80574128 893ff1a8 00000000 00000000 nt!ExpWorkerThread+0xef
f78d6ddc 804ec781 804e22f1 00000001 00000000 nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
FOLLOWUP_IP:
ati2mtag+b2732
ba705000 ba883000 ati2mtag T (no symbols)
Loaded symbol image file: ati2mtag.sys
Image path: ati2mtag.sys
Image name: ati2mtag.sys
Timestamp: Wed Feb 22 04:46:24 2006 (43FBDE90)
CheckSum: 0017213C
ImageSize: 0017E000
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
I've had the BSOD twice in the last week from the FSLX.SYS. Not seeing the boot loop. Able to power cycle and restart with no problems. Minus the annoying BSOD YA KNOW!
Interesting....
Going back and looking at the last six computers with this problem, I found they all have the same ATI Radeon x600 card. The driver date for all computers is from 2/2/2006. The Dell site has this listed as the latest driver version for the Dell Optiplex g620 PC. I've download the latest driver for this card from the AMD site and will try updating the next machine this happens to.
If this is the culprit, why then does renaming the FSLX.sys file in Safe Mode and rebooting resolve the issue?
This is a kernal stack overflow error. The kernal stack has a very limited amount of space and when this is all used up, the machine will blue screen. The SVS filter driver is a kernal driver and uses some of the stack, albeit a small alount, however, your machines are in a state of this being the straw that broke the camels back. For reasons not understood by anybody outside ATI, their display drivers are using a much larger portion of the kernal stack than any other vidoe drivers out there. If we go back to my previous analogy with SVS as the straw, the ATI video driver is the MAC truck. We have tried to work with ATI on this before, but they refuse to change their ways.
In my own personal testing, I found the stock windows drivers for ATI video adapters perform better than the ATI bloatware anyway.
I have removed the ATI drivers from ADD/Remove Programs from a problem computer, but still have the problem. But now, instead of displaying a black screen or rebooting, I get the blue screen right before the Winlogon. It's not the Blue screen of death, but an actual blue screen.
Where can I see all the kernel drivers being loaded and how much each one takes up? Is there an app for this?
If you use Process Explorer then any process running in the SYSTEM, NETWORK SERVICE or LOCAL SERVICE user context should be a system driver.
To check for loaded filter drivers just run flmc.exe from a dos console.
tasklist.exe should show you some details.
You can also learn about the startorder from Windows NT startup process
If you open the crash dump in WinDbg you should be able to see all loaded drivers by typing the "lmv" command.
I have removed the ATI drivers from ADD/Remove Programs from a problem computer, but still have the problem.
This will actually not remove the drivers. You need to install a newer one or force to another driver install.
I'm so confused.
I ran fltcm.exe and it only showed TmPreFilter, which is the Trend Officescan client. Removed Trend, but the problem continued.
Why does it work when i remove all the layers?
Would you like to reply?
Login or Register to post your comment.