eamon.sys bsod before shutdown

Discussion in 'ESET NOD32 Antivirus' started by grant7072, Jan 7, 2010.

Thread Status:
Not open for further replies.
  1. grant7072

    grant7072 Registered Member

    Joined:
    Jan 7, 2010
    Posts:
    4
    It happened on Dell Latitude D505. There was a discussion about this half year ago, and no one if following the thread, and can not find an official solution.

    ESET nod32 4.0.437.0

    Any ideas?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Version 4.0.437 is quite old, the latest release version is 4.0.474 and there is also beta 4.2.22 available which seems to be perfectly stable and promissing. I'd suggest upgrading to the latest version to see if the problem disappears.
     
  3. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  4. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    Was that a change between the 467 and 474 builds or an earlier one because I have a terminal server that has been crashing like crazy on eamon.sys BSODs.
     
  5. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    IIRC, yes. The changelogs show v 4.0.467 as the prior build to v 4.0.474 so, absolutely. My Event Viewer - XP Pro SP3, has not been showing these event messages as cited in my reply.
     
    Last edited: Jan 7, 2010
  6. coiter

    coiter Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    37
    i have 4.0.467 on several computers now running since the day the version came out without any problems, now suddently the last 2 weeks i have more and more computers failing with BSOD for unknown reasons with eamon.sys.

    I dont know whats going on, and why this is happening now, as nothing has really changed on the network.

    I have a support case with them open, and sent over some memory dumps, so i hope they fill find a solution to the problem.
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    4.0.467 is an older version, the most current is 4.0.474 or the latest beta 4.2.22 which has some issues already fixed. I'd suggest upgrading to the latest release version or trying out the beta.
     
  8. coiter

    coiter Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    37
    Im also now experiencing the same BSOD on 4.0.474 that i have updated on the computers that crashed with the older version.

    So new version did nothing to fix it.

    and im not trying out beta versions on a production network.
     
    Last edited: Jan 12, 2010
  9. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Manually uninstall your build - install a a new copy, post back your findings. You are under no obligation to run Beta software in a Business Critical environment or Network environment.
     
  10. Nerimash

    Nerimash Registered Member

    Joined:
    Apr 14, 2009
    Posts:
    86
    Location:
    Ukraine
    What BSOD code did you see? Did you see message IRQL_IS_NOT_LESS_OR_EQUALS?

    I have had described issue with Symantec Antivirus software(NAV2010) after it's finished driver installation. Main issue was in some system services/drivers which doesen't shut down their work after Windows shutdown signal. Try to install UphCleanUp utility from Microsoft. I think with this tool you will get rid of problems you have.
     
    Last edited: Jan 13, 2010
  11. coiter

    coiter Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    37
    I have manually uninstalled and reinstalled several times without any success.

    the error i get is:

    PAGE_FAULT_IN_NONPAGED_AREA

    STOP: 0x000000blablabla bunch of crap

    **** eamon.sys and bunch of more crap
     
  12. Nerimash

    Nerimash Registered Member

    Joined:
    Apr 14, 2009
    Posts:
    86
    Location:
    Ukraine
    Sounds like system IO manager failed to allocate memory for driver(eamon.sys) purposes. This probem is mainly caused by using in C / C++ code null pointers:
    Code:
    #define WIN32_LEAN_AND_MEAN
    #pragma comment(linker, "/merge:.rdata=.text")
    
    #include <windows.h>
    #include <tchar.h>
    
    int __cdecl main(void)
    {
      LPCTSTR lpszDeviceName = NULL;
      LPTSTR lpszTargetPath = NULL; 
      TCHAR szDeviceName[MAX_PATH];
      
      if (!QueryDosDevice (lpszDeviceName, lpszTargetPath, MAX_PATH))
       {/*Error you will receive ACCESS VIOLATION FAILED: MEMORY COULD NOT BE READ because of Null Pointer*/}
      //try this
      if (!QueryDosDevice(szDeviceName, lpszTargetPath, MAX_PATH))
      {/*SUCCEED*/ }
    
      return 0;
    }
    
    In Kernel-mode this type of error will always raise PAGE_FAULT_IN_NONPAGED_AREA. I used QueryDosDevice function as example. This function really not make this type of error.

    In what stage of OS work did you receive this BSOD?(e.g logging off, shutdown etc)
    And this crappie numbers is not really crap. Could you provide a full numbers of STOP Error(i.e. primary code and four parameters) and / or minidump file?

    But this problem also can be caused by hardware issue(s). Did you check your RAM on any issues?
     
    Last edited: Jan 14, 2010
  13. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Please post back your operating system, Windows XP Pro SP3, etc, so that we could investigate this further. Your issue may be unrelated to your ESET product.
    There are an enormous amount of possibilities as to the exact answer to your issue.

    Thank you.
     
  14. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Older versions of the Novell client contained a bug that used to cause BSOD. If this is the case, upgrade the Novell client to the latest version 4.91, otherwise create a memory dump per the instructions here and contact customer care for further instructions.
     
  15. coiter

    coiter Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    37
    Windows XP SP3, 8 different computers, running version 4.0.467 and 4.0.474.

    BSOD can happen on shutdown and just suddenly without any warning.

    Im guessing its related to some combination between ESET and somethign else, as i have been running 4.0.467 on the production network for a while now without any problems.

    Just now recently the last few weeks it has started to happen..


    Stop 0x00000050 ( 0xa69bda54,0x00000000, 0xa7ad1616, 0x00000000)

    eamon.sys - address a7ad1616 base at a7acd000, datestamp 4aa9dc2f
     
  16. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    If you don't have the Novell client installed, try disabling self-defense and restarting the computer or enabling pre-release updates.
     
  17. Nerimash

    Nerimash Registered Member

    Joined:
    Apr 14, 2009
    Posts:
    86
    Location:
    Ukraine
    Did you try UphCleanUp utility? I hope that full kernel-mode dump will shed more light on your problem. Please PM Marcos or any of ESET moderators/staff here for further instructions.
     
  18. coiter

    coiter Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    37
    ye. Im waiting for one the laptops to come available to me, so i can perform a full memory dump on it. not easy when half of them is spread around the world.
     
  19. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Using UPHClean may cause problems with various applications. When installed, we strongly recommend adding ekrn.exe to the UPHC exclusion list per the instructions in readme.txt supplied with UPHC.
     
Thread Status:
Not open for further replies.