Eset 4.2.64 BSOD with Truecrypt

Discussion in 'ESET NOD32 Antivirus' started by nurgle, Aug 23, 2010.

Thread Status:
Not open for further replies.
  1. nurgle

    nurgle Registered Member

    Joined:
    Aug 23, 2010
    Posts:
    12
    Hi guys

    Have tested this on 2 different machines
    Vista XP2 32bit & 64 bit.

    When trying to mount volumes it is continually BSOD, probbaly 90% of the time, making it hard to access my PC. Occurred on .58 as well with no change in the latest version

    Running Truecrypt 7

    On the 32bit version (my laptop) the BSOD always reports eamonm.sys as the cause, while the 64bit machine doesnt give a particular driver.

    Any ideas on at least a workaround, very hard to use my PC right now!

    cheers
    Nurgle
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Please configure Windows to generate complete memory dumps per the instructions here and reproduce BSOD. When done, compress it and convey it to ESET for perusal.
     
  3. MasterAnt

    MasterAnt Registered Member

    Joined:
    Aug 24, 2010
    Posts:
    6
    Not having that problem using TrueCrypt 6.3a and EAV BE 4.2.58.3 on Windows 7 Pro 32-bit. I have half my primary hard drive encrypted.

    Now I'm definitely going to wait before update to TC 7...

    A suggestion might be try mount TC volumes as removable media?? Just a random thought.
     
  4. nurgle

    nurgle Registered Member

    Joined:
    Aug 23, 2010
    Posts:
    12
    Just discovered turning scanning off on removal media / network drives stops the BSOD

    N
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Please generate a complete memory dump on 32-bit Windows and PM me the link. The last dump you supplied was a kernel dump which didn't contain the necessary data.
     
  6. Alex007

    Alex007 Registered Member

    Joined:
    Aug 26, 2010
    Posts:
    2
    Hello Marcos,

    I have got the same issue with NOD32 4.2.64.12, Windows 7 64bit and Truecrypt 7. Quite often a BSOD when I mount a Truecrypt container file/volume. I already contacted the ESET support but they were unable to help me (see "Case #523362" and the follow up in Germany "Ticket#2010062510000306").

    If it helps I can provide the latest dump. I hope that this issue can be solved, otherwise I need to move away from NOD (which is not in my interest).

    Best regards
    Alex
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Hello,
    yes please. PM me a link to a COMPLETE memory dump created during BSOD. We'll analyze it and hopefully find the cause.

    regards,

    Marcos
     
  8. Alex007

    Alex007 Registered Member

    Joined:
    Aug 26, 2010
    Posts:
    2
    Hi Marcos,

    unfortunately the PM system is currently unavailable in this forum and I cannot find an email address in the user profiles. Can you please send me a brief email to Snipped: personal email address removed to protect user's privacy

    Thanks
    Alex
     
    Last edited by a moderator: Aug 26, 2010
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    PM sent. Now you should be able to drop me a PM.
     
  10. nurgle

    nurgle Registered Member

    Joined:
    Aug 23, 2010
    Posts:
    12
    HI Marcos, did u have any luck getting the info required.. i had to uninstall ESET completely as i couldnt get my laptop to boot at all at the end.. (and my other pc is 10,000 miles away right now)

    cheers
    N
     
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Unfortunately we still need to get a complete memory from somebody having this problem.
     
  12. nurgle

    nurgle Registered Member

    Joined:
    Aug 23, 2010
    Posts:
    12
    looks like i have to break my laptop again LOL

    can u point me to where the FULL memory dump option is .. as it seems im a little bit slow and cant find that option
     
  13. nonoise

    nonoise Registered Member

    Joined:
    Jun 6, 2008
    Posts:
    322
    You can find the instructions here.
     
  14. nurgle

    nurgle Registered Member

    Joined:
    Aug 23, 2010
    Posts:
    12
    from Microsoft which now explains why i couldnt find the option
    ===
    The Complete memory dump option is not available on computers that are running a 32-bit operating system and that have 2 gigabytes (GB) or more of RAM. For more information, see the Specify what happens when the system stops unexpectedly topic on the following Microsoft TechNet Web site

    http://support.microsoft.com/kb/254649
    ===
    any ideas?
     
  15. rcdailey

    rcdailey Registered Member

    Joined:
    Dec 25, 2009
    Posts:
    233
    FWIW, and it may not be worth much, I found the option, but when I tried to set it, I got a warning regarding the memory (2GB) and that the setting might not work. I could have continued, apparently, but I chose not to do so. This is on XP SP3, with 2GB RAM installed.

    Adding to this, I see that in order for the complete memory dump to work, you must have a paging file that can hold the entire contents of RAM plus 1 Megabyte. I recall that the warning on my system included 2045 Megabytes, which I saw afterward is the size of my paging file, but that might not be enough to be 2GB plus 1 Megabyte. In order to overcome this, it would be necessary to manually configure the paging file to a larger size, and then it might work. I say, "might" because that goes against what the tech article says. For my own part, I hesitate to configure my paging file to be larger than it already is. Many have, in the past, recommended making the paging file much smaller, to improve performance.

    OK. I bit the bullet and set the paging file to a custom size with minimum 2100 Megabytes and with that setting on my 2GB system, Windows does not complain when the complete memory dump is selected and applied. All these settings are in the Advanced portion in the system menu in XP. The paging file settings are in the Performance section, whereas the Debugging (for dumps) settings are in the Startup and Recovery section. This might be different in Vista or Windows 7. Someone else will have to comment on that.
     
    Last edited: Sep 19, 2010
  16. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    667
    I sure hope that I don't get hit by an infection on my laptop and have to upload a full dump to ESET. It'll take several days to upload 8GB.....


    Jim
     
  17. rcdailey

    rcdailey Registered Member

    Joined:
    Dec 25, 2009
    Posts:
    233
    There is that :D It takes long enough for 1GB with most connections, and that's just for downloading. Uploading would be truly painful. Maybe it would be better to write the file to a thumb drive and send it by carrier pigeon (as in that UK test). If it has to go all the way to Slovakia, maybe a homing albatross would do. Lacking that, FedEx, UPS, or DHL could take it. I'll call my thumb drive "albatross," 'cause I hang it 'round my neck.
     
    Last edited: Sep 19, 2010
  18. nurgle

    nurgle Registered Member

    Joined:
    Aug 23, 2010
    Posts:
    12
    Eset how would u like me to provide this dump.. it doesnt appear possible in 32bit > 2Gs of RAM
    N
     
  19. rcdailey

    rcdailey Registered Member

    Joined:
    Dec 25, 2009
    Posts:
    233
    Just curious. Did you try resetting the minimum size of your paging file to something greater than your installed RAM? The warning seemed to go away when I did that on my system, and I was able to set the dump to a "complete" dump. That said, I have not had any BSOD with which to test whether this actually did work to allow a complete memory dump.
     
  20. nurgle

    nurgle Registered Member

    Joined:
    Aug 23, 2010
    Posts:
    12
    thanks for your suggestion mate. I had tried that out of interest to no avail.
     
  21. rcdailey

    rcdailey Registered Member

    Joined:
    Dec 25, 2009
    Posts:
    233
    OK, that's good to know. That suggests that though the setting can be made in the advanced menus, it still doesn't work. Maybe I will just switch mine (paging file size) back to default, though I haven't noticed any effect on performance.

    One thing I noticed about these articles at TechNet is that they are dated in 2005. Nothing has been added since then, but 2005 is before MS released XP Service Pack 3. With XP SP3, it is possible to manually set the paging file to a size greater than 2GB and, if that is done, then the option to set the memory dump to "complete" is available without any warning from the OS. That doesn't mean it works properly. Also, from what I can tell, the OS still limits the maximum size for the paging file to 4GB, but that is probably irrelevant with most older computers, anyway. The overview article at MS Support is dated March 30, 2010, so presumably it is accurate and up-to-date, but that does not explain why the option would show as available in the settings for XP SP3. If it is not available, it should not be offered.

    Given that MS barely supports XP from now on, all this is probably moot.
     
    Last edited: Sep 30, 2010
  22. noddy_ger

    noddy_ger Registered Member

    Joined:
    Nov 10, 2010
    Posts:
    1
    Hi,
    i had the issue with the blue screen as well.

    After deactivating "Automatic startup file check" under schedule, the problem disappeared.
     
  23. yaslaw

    yaslaw Registered Member

    Joined:
    Feb 27, 2005
    Posts:
    168
    Location:
    Poland
    I have TC 7 and EAV 4.2 on Windows 7 x64. I have both hdd completely encrypted with pre-boot auth.
    So far no issues..
     
  24. akslow

    akslow Registered Member

    Joined:
    Dec 11, 2010
    Posts:
    1
    I have the same problem. During mounting volume i get bsod (in 80-90% of cases). After I uninstall eset smart security everything back to normal.
     
  25. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    If possible, please configure Windows to generate complete memory dumps. If you reproduce the crash, compress the dump and pm me for further instructions. So far every dump from a TrueCrypt crash showed a problem in TrueCrypt itself that caused the crash when ESS/EAV was installed.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.