I installed the 2.01 Beta version and was using memory caching mode during a session lock. All worked fine until I needed to reboot to exit Returnil's protection. The re-boot took much longer than usual and I eventually got a BSOD. Another re-boot had the same results so I uninstalled Returnil in safe mode.

My system:
Lenovo T61 Thinkpad
Vista HP SP1
Avira Premium
DefenseWall 2.46
Vista firewall

What other info can I provide to help track this down?

{QUOTE-> ...What other info can I provide to help track this down? <-QUOTE}

Hello ffreedom01 and welcome :)

Please reply with the exact text of the critical stop error. If you cannot remember, please try to reproduce the issue and get a picture of the Blue screen.

Thanks
Mike

{QUOTE-> Hello ffreedom01 and welcome :)

Please reply with the exact text of the critical stop error. If you cannot remember, please try to reproduce the issue and get a picture of the Blue screen.

Thanks
Mike <-QUOTE}


Hello Mike,

Attached is a picture of the BSOD. It seems to be related to file protection as I have been able to enter session lock and re-boot OK without file protection enabled.

Mike,

Any update on this?

Ed

that has been a problem with Returnil for a long time.:-\

Hi Guys,
We are working on it and hope to have an updated version next week. This is another rare issue and hard to track down for the same reason. So until then do not use the File Protection or tools on your system as the cause is common to both.

Mike

My only BSOD happened when I just turned on session lock as soon as desktop wallpaper showed up and Vista was still busy accessing HDD for its super-fetching stuff. And after reboot I took care not to turn session lock on until Vista completely loaded up and HDD not being accessed, I'm no longer having BSODs.

Is the Files and Tools issue affecting XP Pro too?
Thanks.
Hugger

{QUOTE-> Is the Files and Tools issue affecting XP Pro too?
Thanks.
Hugger <-QUOTE}

No, this is only affecting a small sub-set of Vista users. This does not effect users with XP or most Vista users...

HTH
Mike

Thanks Mike.

Is there a target date for a new beta?

{QUOTE-> Is there a target date for a new beta? <-QUOTE}

Hi,
Sorry for the late reply on this. 2.0.1 is now final:

http://www.wilderssecurity.com/showthread.php?t=234140

We will begin the public testing for the new 3x generation as soon as possible following the release of the 2.0.1 Personal Edition.

Mike

I installed the latest version and got a BSOD shortly after enabling session lock with file protection on. Got another BSOD on reboot...had to uninstall in safe mode. I did not get the info from the blue screen but I have a mini dump I can email.

Do you know if you are using dynamic partitioning?

{QUOTE-> Do you know if you are using dynamic partitioning? <-QUOTE}

No, they are basic partitions.

Have you tried checking your hardware? Run diaganostics on your RAM and HDD to make sure they are not the source of the issue.

{QUOTE-> Have you tried checking your hardware? Run diaganostics on your RAM and HDD to make sure they are not the source of the issue. <-QUOTE}

I ran Lenovo's utilities to check ram and the HD and also Hitachi's HD utilities and found no problems.

Some additional things you can check:

1) New software OR recently uninstalled software. Is there any possibility that there was an installation issue or something you used in the past being improperly or incompletely uninstalled?

2) MSCONFIG - Try disabling startup items (ONE at a TIME!) and see if the issue clears. This takes a bit of patience but may lead to an insight or cause for the issue.

From your last post we have eliminated hardware causing the 050 error so we need to explore possible software (driver) conflicts.

Mike

{QUOTE-> Some additional things you can check:

1) New software OR recently uninstalled software. Is there any possibility that there was an installation issue or something you used in the past being improperly or incompletely uninstalled?

2) MSCONFIG - Try disabling startup items (ONE at a TIME!) and see if the issue clears. This takes a bit of patience but may lead to an insight or cause for the issue.

From your last post we have eliminated hardware causing the 050 error so we need to explore possible software (driver) conflicts.

Mike <-QUOTE}

I don't seem to get the BSOD unless file protection is turned on...might be a clash with DefenseWall's resource protection. I'll check it out in the next day or so.

{QUOTE-> I don't seem to get the BSOD unless file protection is turned on...might be a clash with DefenseWall's resource protection. I'll check it out in the next day or so. <-QUOTE}

I finally got around to checking this out and it is DefenseWall and Returnil not getting along when Returnil's file protection is turned on. Any ideas Mike? I'll also post at the DW forum.

{QUOTE-> I finally got around to checking this out and it is DefenseWall and Returnil not getting along when Returnil's file protection is turned on. Any ideas Mike?... <-QUOTE}

To be brutally honest, no other than to place restrictions on non-system drives and partitions using native Windows policy or manually changing the access permissions for those files and folders manually.

One idea is to check the rules in DW to see if one is specifically responsible for filtering changes made to these folders as it is conceivable that DW may have additional settings that keep malicious/unwanted programs from doing similar things (Ex: Removing read/write access or denying the user permission to even open the file or folder).

Mike

Mike, just check the minidump file data (I'm installing Premium version in order to try to reproduce the issue on my virtual test machine):

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: d210e000, memory referenced.
Arg2: 00000000, value 0 = read operation, 1 = write operation.
Arg3: 828ffc09, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 00000000, (reserved)

MODULE_NAME: RVFsSec

FAULTING_MODULE: 82817000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 47ba6df1

READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
d210e000

FAULTING_IP:
nt+e8c09
828ffc09 ?? ???

MM_INTERNAL_CODE: 0

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: WRONG_SYMBOLS

BUGCHECK_STR: 0x50

LAST_CONTROL_TRANSFER: from 82871b54 to 828bc0f5

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
c26032b0 82871b54 00000000 d210e000 00000000 nt+0xa50f5
c26032c8 828ffc09 badb0d00 d210e000 85118000 nt+0x5ab54
c260333c 82f5c300 d210dc00 80f06000 80de3d08 nt+0xe8c09
c2603358 82f5b88b 877da3e8 80de3d08 80f05c00 RVFsSec+0x3300
c260335c 877da3e8 80de3d08 80f05c00 00000000 RVFsSec+0x288b
c2603360 80de3d08 80f05c00 00000000 00000001 0x877da3e8
c2603364 80f05c00 00000000 00000001 80de3fb0 0x80de3d08
c2603368 00000000 00000001 80de3fb0 80de3d08 0x80f05c00


STACK_COMMAND: kb

FOLLOWUP_IP:
RVFsSec+3300
82f5c300 ?? ???

SYMBOL_STACK_INDEX: 3

SYMBOL_NAME: RVFsSec+3300

FOLLOWUP_NAME: MachineOwner

IMAGE_NAME: RVFsSec.sys

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner