I've been working with Ronny, but the Credential Protection is a killer. Kills all imaging I've tested against, and also kills things like Raxco Instant Recovery. You might want to test Rollback, no telling what will happen with it. The problem is in Windows\system32\config and the file is SAM. It's the credential file.
Thanks Pete for trying to solve this one. Hope they can find a work-around. Maybe it'll have to be hard-coded .
Thanks for v720. All that wasn't working with 718 is now working fine. Well, except for the Macrium Reflect thing and Credential Theft Protection but you know about that one.
That would be tough unless they change the approach. The version 720 has Macrium Reflect whitelisted so it runs fine, but nothing else will Whitelisting is workable, consider this. You would have to white list every imaging program, every disk backup, every rollback program like Instant Recovery. Care to guess how many that would be. I haven't a clue
Hello, This is to inform other users of HitmanPro.Alert 3.7.0 build 720 BETA along with Macrium Reflect 7.1.2646 (UEFI) about a possible BSOD scenario when booting into the Recovery Environment using the Boot Menu Option. Note the following system environment that for me this occurs on: Windows 10 Pro 64-bit Version 1709 (OS Build 16299.19) (UEFI) Macrium Reflect Home 7.1.2646 64-bit (UEFI) HitmanPro.Alert 3.7.0 build 720 BETA Any attempt to boot into the Recovery Environment using the Boot Menu Option would always result in a BSOD when the Recovery Environment starts to load. More details on this issue can be found in the thread SSD and IDE/AHCI? starting with post # 41. For those running a setup the same as or similar to mine, you may want to test booting into the Recovery Environment using the Boot Menu Option to see if you have any issues. @erikloman @markloman @RonnyT You can find copies of the support ticket with Macrium Support with a good bit of information available. I also have copies of all of the dump file that I was able to retrieve saved in 7z format if you need them. Edit to add: I have uploaded the above mentioned files and emailed you in reference to this post the download link along with the password.
At times like this, I take pride to be lazy and neglectful of my image. As I'd declined the Macrium recovery option, the only recourse would have been to reinstall windows and start completely from scratch. Very much appreciated, @puff-m-d.
With latest Zemana AntiMalware, I need to add "zam.exe" to exclusion in Mitigation Exploit section in order to allow the start of ZamSvc, otherwise also if I use it ondemand will not start. With latest CyberGhostVPN, I need to add "CG6Service" to exclusion in Mitigation Exploit section too, the service is set to always autostart and otherwise will be always stopped and don't allow VPN connection saying to reinstall the service.
Hello @plat1098, You are most welcome ... Of course this issue may or may not affect other users as it could be due to my specific setup here. I just wanted to let others know of the possible issue for them and let the Loman brothers know the issue that I was having.
Not only backup programs are affected. Simple utilities or other anti malware products which are scanning the registry are also affected (for example: Glary Utilities #549, Zemana AntiMalware #550, Hitman Pro #609,...)
Hello @newyorkjet, I hate to say this as I hoped the issue was limited to my system but I was afraid others probably would be affected also ...
I didn't know that. So MR will work with Credential Theft Protection enabled in 720? Same config except I have MR Home v6.3.1835. No BSOD issue. Looks like a MR v7 issue?
Hi puff-m-d, Thanks for sharing the dump, we have analyzed the crash and this issue will be fixed in the next release.
Further to my post 666, I forgot to check whether 718 would boot in recovery environment to USB. It didn't (BSOD) so I have gone back to 3.6.7. build 604 and everything now works.
Hello @RonnyT, You are most welcome ... I am just glad that Macrium Support and myself could figure out the cause of issue quickly so I could supply you with enough information to isolate the issue...
Some improments but not there (yet) Mitigation APCViolation Platform 10.0.16299/x64 v720 06_3f PID 12460 Application C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe Description Microsoft .NET Framework optimization service 4.7 APC intercepted: 00510080 55 PUSH EBP 00510081 8bec MOV EBP, ESP 00510083 8b4d08 MOV ECX, [EBP+0x8] 00510086 83ec08 SUB ESP, 0x8 00510089 85c9 TEST ECX, ECX 0051008B 7439 JZ 0x5100c6 0051008D 0fb711 MOVZX EDX, WORD [ECX] 00510090 6685d2 TEST DX, DX 00510093 7431 JZ 0x5100c6 00510095 56 PUSH ESI 00510096 8b7104 MOV ESI, [ECX+0x4] 00510099 83fe18 CMP ESI, 0x18 0051009C 7227 JB 0x5100c5 0051009E 8b4108 MOV EAX, [ECX+0x8] 005100A1 0b410c OR EAX, [ECX+0xc] 005100A4 741f JZ 0x5100c5 Process Trace 1 C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe [12460] "C:\Windows\Microsoft.NET\Framework\v4.0.30319\NGenTask.exe" /StopEvent:1484 2 C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe [8820] "C:\Windows\Microsoft.NET\Framework\v4.0.30319\NGenTask.exe" /RuntimeWide /StopEvent:920 3 C:\Windows\System32\taskhostw.exe [11004] taskhostw.exe -RegisterDevice -Periodic 4 C:\Windows\System32\svchost.exe [1672] c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule Thumbprint b68e94775e3a2b290eccf10af35454a41f6eb4a812c86cbc35bb7a88e67265b5 and Mitigation APCViolation Platform 10.0.16299/x64 v720 06_3f PID 9344 Application C:\Program Files (x86)\Microsoft Care Suite\Windows Device Recovery Tool\WindowsDeviceRecoveryTool.exe Description Windows Device Recovery Tool 3.12 APC intercepted: 01210080 55 PUSH EBP 01210081 8bec MOV EBP, ESP 01210083 8b4d08 MOV ECX, [EBP+0x8] 01210086 83ec08 SUB ESP, 0x8 01210089 85c9 TEST ECX, ECX 0121008B 7439 JZ 0x12100c6 0121008D 0fb711 MOVZX EDX, WORD [ECX] 01210090 6685d2 TEST DX, DX 01210093 7431 JZ 0x12100c6 01210095 56 PUSH ESI 01210096 8b7104 MOV ESI, [ECX+0x4] 01210099 83fe18 CMP ESI, 0x18 0121009C 7227 JB 0x12100c5 0121009E 8b4108 MOV EAX, [ECX+0x8] 012100A1 0b410c OR EAX, [ECX+0xc] 012100A4 741f JZ 0x12100c5 Process Trace 1 C:\Program Files (x86)\Microsoft Care Suite\Windows Device Recovery Tool\WindowsDeviceRecoveryTool.exe [9344] 2 C:\Windows\explorer.exe [12584] 3 C:\Windows\System32\userinit.exe [6284] 4 C:\Windows\System32\winlogon.exe [8392] C:\WINDOWS\System32\WinLogon.exe -SpecialSession 5 C:\Windows\System32\smss.exe [13572] \SystemRoot\System32\smss.exe 00000120 00000080 C:\WINDOWS\System32\WinLogon.exe -SpecialSession Thumbprint 1d904e3163b2645b8f5aa2bb1225d0a3b02bdf4d72ce039ebde062340a206c8d
My problems with Hitmanpro Alert 3.6.7.604 in Fall Creators Update are gone after install of 3.7.0 build 720. See: https://www.wilderssecurity.com/thr...support-and-discussion-thread.324841/page-574
Win 10 Pro x64 v1709 16299.19, HMP.A 3.7.0 build 720 beta. Repeatedly, while trying to retrieve update from developer's site via SUMo in Sandboxie'd Firefox: Mitigation ROP Platform 10.0.16299/x64 v720 06_45 PID 24532 Application C:\Program Files\Mozilla Firefox\firefox.exe Description Firefox 56.0.2 Callee Type LoadLibrary Stack Trace # Address Module Location -- ---------------- ------------------------ ---------------------------------------- 1 00007FFAB0EB966D KernelBase.dll 2 00007FFAB4768508 ntdll.dll 3 00007FFAB4750F56 ntdll.dll __C_specific_handler +0x96 4 00007FFAB4764C3D ntdll.dll __chkstk +0x11d 5 00007FFAB46DD1B8 ntdll.dll 6 00007FFAB4763B6E ntdll.dll KiUserExceptionDispatcher +0x2e 7 00007FFA6453AA01 xul.dll cc INT 3 8 00007FFA64C8CAAA xul.dll 9 00007FFA64C75F62 xul.dll 10 00007FFA649C7D1E xul.dll Code Injection 0000025DACA84000-0000025DACA85000 4KB C:\Program Files\Mozilla Firefox\firefox.exe [21776] 00007FFAB4760000-00007FFAB4761000 4KB 00007FFAB4762000-00007FFAB4763000 4KB 00007FFAB475F000-00007FFAB4760000 4KB 1 C:\Program Files\Mozilla Firefox\firefox.exe [21776] "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://www.kcsoftwares.com/sumo/view.php?uid=xxxxxxxxx&ProductName=WinScan2PDF&Company=Nenad Hrg (SoftwareOK.com)&prot=2&redirect&pro 2 C:\Program Files\Mozilla Firefox\firefox.exe [26728] "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://www.kcsoftwares.com/sumo/view.php?uid=xxxxxxxxx&ProductName=WinScan2PDF&Company=Nenad Hrg (SoftwareOK.com)&prot=2&redirect&pro" 3 C:\Program Files\Sandboxie\SbieSvc.exe [4524] Process Trace 1 C:\Program Files\Mozilla Firefox\firefox.exe [24532] "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="21776.13.1203227378\867131458" -childID 2 -isForBrowser -intPrefs 5:50|6:-1|28:1000|33:20|34:10|43:128|44:10000|49:0|51:400|52:1|53:0|54:0|59:0|60:120|61:120|92:2|93:1|107:5000|118:0|12 2 C:\Program Files\Mozilla Firefox\firefox.exe [21776] "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://www.kcsoftwares.com/sumo/view.php?uid=xxxxxxxxx&ProductName=WinScan2PDF&Company=Nenad Hrg (SoftwareOK.com)&prot=2&redirect&pro 3 C:\Program Files\Mozilla Firefox\firefox.exe [26728] "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://www.kcsoftwares.com/sumo/view.php?uid=xxxxxxxxx&ProductName=WinScan2PDF&Company=Nenad Hrg (SoftwareOK.com)&prot=2&redirect&pro" 4 C:\Program Files\Sandboxie\SbieSvc.exe [4524] Thumbprint 65b08153b6f661f989e3612ad52cf5c1192ecd4df327f9082c26b98b91b224b3