BSOD on shutdown (Win 7 64 Home Premium)

Discussion in 'Returnil releases' started by the_slasher, Apr 30, 2010.

Thread Status:
Not open for further replies.
  1. the_slasher

    the_slasher Registered Member

    Joined:
    Mar 28, 2010
    Posts:
    7
    Hi All,

    Last night, I tried Returnil (3.1.8774.5254 - downloaded from CNET site) if it will work on my system, since i have read that it's working fine with Win 7.

    Here is what I did.

    1. Logon to admin account,
    disabled scheduled defrag
    and Norton 2010 Idle Task Optimizer (basically calls defrag)
    2. Installed Returnil (after install, restart)
    3. Logon to admin account,
    disable Virus Guard in Returnil (restart after this)
    4. Logon to user account.
    5. Activate System Safe
    6. Created a text file in My Documents and Norton Pulse Update kicked in
    while System Safe is on.
    7. Shutdown my PC
    8. BSOD (during shutdown)
    9. Rebooted in SafeMode (to get dump file)
    10. Rebooted in Normal Mode (no error)

    I tried searching for incompatibility issues with NIS 2010 but couldn't find one in the forum. On a positive note, the text file I created, while System Safe is active, is no longer there. I did not try enabling System Safe again as I'm afraid it will BSOD on me.

    My system is Win 7 64bit Home Premium, running Norton NIS 2010, using LUA and SRP (default Deny, including DLLs - only those in windows and program files folder can run)

    Are there any other settings I should change if I will run Returnil with NIS 2010? or maybe include a Returnil forlder in the allowed list (SRP)?

    Appreciate any assistance :)

    ------------------

    Managed to get the Memory Dump and it pointed to these two files

    RVSystem.sys and SRTSP64.SYS
    Probably caused by : RVSystem.sys ( RVSystem+1e6c )

    Bug Check Analysis
    SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)

    FAULTING_IP:
    nt!IofCallDriver+44
    fffff800`03291354 4c8b4108 mov r8,qword ptr [rcx+8]

    STACK TEXT
    nt!IofCallDriver+0x44
    RVSystem+0x1e6c
    nt!IopCloseFile+0x11f
    nt!ObpDecrementHandleCount+0xb4
    nt!ObpCloseHandleTableEntry+0xb1
    nt!ObpCloseHandle+0x94
    nt!KiSystemServiceCopyEnd+0x13
    nt!KiServiceLinkage
    SRTSP64+0x46342
    nt!PspSystemThreadStartup+0x5a
    nt!KxStartSystemThread+0x16


    SYMBOL_STACK_INDEX: 1
    SYMBOL_NAME: RVSystem+1e6c
    FOLLOWUP_NAME: MachineOwner
    MODULE_NAME: RVSystem
    IMAGE_NAME: RVSystem.sys
    DEBUG_FLR_IMAGE_TIMESTAMP: 4ba74f38
    STACK_COMMAND: .cxr 0xfffff88002b30f00 ; kb
    FAILURE_BUCKET_ID: X64_0x7E_RVSystem+1e6c
    BUCKET_ID: X64_0x7E_RVSystem+1e6c
    Followup: MachineOwner
     
  2. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hi the_slasher and welcome to the forums :)

    I have flagged your report to the Dev team and will get you a reply as quickly as possible.

    Mike
     
  3. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hi,
    Can you send us the following to support (dash) tech (at) returnil (dot) com?

    1. The full C:\Windows\MINIDUMP\*.dmp files you cut the information from in your post and any others that correspond to this issue (more than one Blue Screen incident?)

    2. A full Kernel Memory dump. This is usually activated by default in Windows 7 so you should have the file:

    C:\Windows\MEMORY.DMP

    It may be too large to send via e-mail attachment. If this is true, please let me know and will PM you the FTP access credentials to upload it to our servers directly.

    Also of interest is the version and build of (NAV? NIS? Symantec Corporate?) you are using. The QC team tested the reported scenario on Windows 7 x64 Ultimate against NIS 2010 version 17.0.0.136 and could not reproduce any issues.

    Thanks in advance for your reply
    Mike
     
  4. the_slasher

    the_slasher Registered Member

    Joined:
    Mar 28, 2010
    Posts:
    7
    Hi Mike,

    Thanks for the response, I tried compressing the dump files but still ended up with 125mb. I think I'll need to ftp it. I haven't tried running Returnil again after the initial BSOD maybe I'll try again to see if it gives me the same results.

    My NIS 2010 version is 17.6.0.32 (I just checked) and using Windows 7 x64 Home Premium.

    Thanks.
     
  5. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    I am requesting confirmation on whether the FTP we have set up will accept a file of that size. Please bear with me and will get a reply to you as soon as possible.

    Mike
     
  6. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hi,
    See your PM for the details

    Mike
     
  7. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hi,
    I have an update for you and want to thank you for the dump file. The team reports that the dump indicates a potential conflict between the RVS' virtualization and Symantec's self protection drivers that was previously unknown. This is not conclusive and represents an initial assessment of the situation which requires additional lab testing before a solution will be available.

    In your specific case, is there an option to deactivate the self protection feature in Norton and could you test to see if the Blue Screen still happens?

    Mike
     
  8. the_slasher

    the_slasher Registered Member

    Joined:
    Mar 28, 2010
    Posts:
    7
    Hi Mike,

    Thank you for the feedback, been quite busy these days so I was just able to read your reply just now. Yes there is an option called Norton Product Tamper Protection. I'll see if I can test.

    Thanks
     
  9. the_slasher

    the_slasher Registered Member

    Joined:
    Mar 28, 2010
    Posts:
    7
    sorry for the late feedback. i encounter the same error even when i turn of the norton tamper protection setting.

    thanks :)
     
  10. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Can you update your support ticket by sending in the most recent minidump files that correspond to the same time/day as the BSOD?

    Mike
     
Thread Status:
Not open for further replies.