eamonm.sys, bluescreen, sandboxie, Adobe

Discussion in 'ESET NOD32 Antivirus' started by Brummelchen, May 17, 2012.

Thread Status:
Not open for further replies.
  1. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,734
    while installing adobe photoshop cs6 into sandboxie windows throws a bluescreen with
    Code:
    BAD_POOL_HEADER
    0x00000019
    0x00000020
    Code:
    eamonm.sys	eamonm.sys+1e77c	0x8c01e000	0x8c0ee000	0x000d0000	0x4f577177	07.03.2012 16:32:23	ESET Smart Security	Amon monitor	5.2.7.0	ESET	C:\Windows\system32\drivers\eamonm.sys	
    fltmgr.sys	fltmgr.sys+318a	0x82b45000	0x82b79000	0x00034000	0x4a5bbf11	14.07.2009 01:11:13	Betriebssystem Microsoft® Windows®	Microsoft Dateisystem-Filter-Manager	6.1.7600.16385 (win7_rtm.090713-1255)	Microsoft Corporation	C:\Windows\system32\drivers\fltmgr.sys	
    ntoskrnl.exe	ntoskrnl.exe+b4c0d	0x81e43000	0x82255000	0x00412000	0x4f766ae5	31.03.2012 04:24:37	Microsoft® Windows® Operating System	NT Kernel & System	6.1.7601.17803 (win7sp1_gdr.120330-1504)	Microsoft Corporation	C:\Windows\system32\ntoskrnl.exe	
    
    Code:
    eamonm.sys	eamonm.sys+1e77c	0x8be04000	0x8bed4000	0x000d0000	0x4f577177	07.03.2012 16:32:23	ESET Smart Security	Amon monitor	5.2.7.0	ESET	C:\Windows\system32\drivers\eamonm.sys	
    fltmgr.sys	fltmgr.sys+318a	0x82ba0000	0x82bd4000	0x00034000	0x4a5bbf11	14.07.2009 01:11:13	Betriebssystem Microsoft® Windows®	Microsoft Dateisystem-Filter-Manager	6.1.7600.16385 (win7_rtm.090713-1255)	Microsoft Corporation	C:\Windows\system32\drivers\fltmgr.sys	
    ntoskrnl.exe	ntoskrnl.exe+b4c0d	0x81e37000	0x82249000	0x00412000	0x4f766ae5	31.03.2012 04:24:37	Microsoft® Windows® Operating System	NT Kernel & System	6.1.7601.17803 (win7sp1_gdr.120330-1504)	Microsoft Corporation	C:\Windows\system32\ntoskrnl.exe	
    
    win7/32, eav 5.2.9.1 (german), sandboxie 3.69.01

    last days with eset 5.0.94.0 german all was fine.
    i try to reproduce with sandboxie 3.68 final and 3.69.03 (latest beta)

    #with sb 3.68 final crashes
    ## 3.69.03 also
     
    Last edited: May 17, 2012
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please upload the dumps somewhere and PM me the download links. If necessary, I can provide you with access to our ftp server.
     
  3. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,734
    i can reproduce the crashes with all present versions of sandboxie.
    Setup crashes somewhere in the middle of installation, last time i saw
    something with "hunspell".
    i linked the minidumps - hope that is enough i dont have others due settings.
    in normal these where my 2nd to 5ths bluescreen with win7.

    i need to go back after i had a view to beta 6.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Thank you for the dumps provided, I've passed them to our developers for analysis.
     
  5. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,734
    beta 6 let windows crash too, sorry
    Code:
    eamonm.sys	eamonm.sys+1e7fc	0x8c008000	0x8c0d8000	0x000d0000	0x4f9e3531	30.04.2012 08:46:09						
    fltmgr.sys	fltmgr.sys+318a	0x82b3d000	0x82b71000	0x00034000	0x4a5bbf11	14.07.2009 01:11:13	Betriebssystem Microsoft® Windows®	Microsoft Dateisystem-Filter-Manager	6.1.7600.16385 (win7_rtm.090713-1255)	Microsoft Corporation	C:\Windows\system32\drivers\fltmgr.sys	
    ntoskrnl.exe	ntoskrnl.exe+b4c0d	0x81e45000	0x82257000	0x00412000	0x4f766ae5	31.03.2012 04:24:37	Microsoft® Windows® Operating System	NT Kernel & System	6.1.7601.17803 (win7sp1_gdr.120330-1504)	Microsoft Corporation	C:\Windows\system32\ntoskrnl.exe	
    
     
  6. hyleaf

    hyleaf Registered Member

    Joined:
    May 22, 2012
    Posts:
    4
    I have the exact same problem with the latest version of ESET 5.2.9.1 in English, but Smart Security in my case.

    Blue Screen with error in eamonm.sys, with an error of PAGE_FAULT_IN_NON_PAGED_AREA.

    I'm running windows 7 64 bits, with Sandboxie 3.68 64 bits as well. But I get this error at random times while using Waterfox (firefox 64 bits) sandboxed.

    Did not install Adobe Photoshop CS6 yet, but I have CS5 installed for a long time already.

    From what I know, hunspell is a spell-checking plugin included in firefox, and on trillian, which I have running as well, but not sandboxed.

    Anything else I can help with? How do I get these dumps?

    Thanks.

    EDIT: Got another crash, and got the minidump file.
     
    Last edited: May 24, 2012
  7. hyleaf

    hyleaf Registered Member

    Joined:
    May 22, 2012
    Posts:
    4
    What is the status of this problem?

    I had to revert to 5.0.95 too, because of the problems. I got 2 minidumps from the last crashes, where can I send them? Seems like I cannot PM you Marcos.

    Thanks.
     
  8. bwb1

    bwb1 Registered Member

    Joined:
    Mar 20, 2010
    Posts:
    113
    Location:
    UK
    I too have BSODs with latest version of ESS5 and Sandboxie 3.70. The text says there is a bad_pool_header. As Hyleaf alerted me to this being an ESet problem, I have removed SBIE until a result is found. This occurs on my desktop, but the same set up on my laptop runs together nicely:blink: (All running 32 bit versions)
     
    Last edited: Jun 6, 2012
  9. bwb1

    bwb1 Registered Member

    Joined:
    Mar 20, 2010
    Posts:
    113
    Location:
    UK
    Is there any info on this Marcos please? (FF13/ESS 5.2.9.1/SBIE 3.70 all 32 bit)
     
  10. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,734
    Latest Endpoint solution (EEA on win7/64) also crashes bad_pool_header. i hope there is a solution on the run.
     
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Does disabling Device control integration solve the issue for you?
     
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Our developers are on it and trying to figure out the cause of the crash.
     
  13. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,734
    i can test this later the day (i hope i find it in the german build)
     
  14. hyleaf

    hyleaf Registered Member

    Joined:
    May 22, 2012
    Posts:
    4
    Marcos, I got a bunch more minidumps to help with this.

    I had the crashes when using 5.2.9.1 and sandboxie 3.68 while browsing randomly with waterfox (firefox 64 bits) 12. Then I reverted to 5.0.95 and got no more crashes at all.

    Some days ago, I updated sandboxie to 3.70, waterfox to 13.0, and then ESS auto-updated to 5.2.9.1. The crashes are almost gone, but I still got it when trying to pay with paypal, twice in a row. All the dumps are as follow:

    https://dl.dropbox.com/u/70121451/052412-20326-01.dmp - SB 3.68, Wf 12 and ESS 5.2.9.1
    https://dl.dropbox.com/u/70121451/052612-28828-01.dmp - SB 3.68, Wf 12 and ESS 5.2.9.1

    https://dl.dropbox.com/u/70121451/061112-19297-01.dmp - SB 3.70, Wf 13 and ESS 5.2.9.1
    https://dl.dropbox.com/u/70121451/061112-21652-01.dmp - SB 3.70, Wf 13 and ESS 5.2.9.1

    Thanks, hope it helps.

    Update:

    Decided to do a test.

    So, running Sandboxie version 3.72 (64bit version), Waterfox 13 PL1, and ESS 5.2.9.1. When running Waterfox sandboxed, I get a crash when trying to access a paypal page to buy something (for example, when clicking both of the paypal links on this page: http://www.crintsoft.com/MiniLyrics_buy.htm). This is the latest dump: https://dl.dropbox.com/u/70121451/061812-23025-01.dmp

    Then, I tried the same pages running not-sandboxed, and got no bluescreens at all.

    Anything else I can try to help?
     
    Last edited: Jun 18, 2012
  15. bwb1

    bwb1 Registered Member

    Joined:
    Mar 20, 2010
    Posts:
    113
    Location:
    UK
    5.2.9.1/ FF 13.0.1/SBIE 3.72 crashes the instant FF tried to open in the sandbox. Usual stuff on screen about a bad_pool_header same as always.
     
  16. traviscn

    traviscn Registered Member

    Joined:
    Aug 1, 2003
    Posts:
    16
    Nod32 AV 5.2.9.1/Aurora 15.0a2/SBIE 3.72/Windows 7 Home 64x
    no crashes yet.
     
  17. bwb1

    bwb1 Registered Member

    Joined:
    Mar 20, 2010
    Posts:
    113
    Location:
    UK
    Where do I find this please?
     
  18. bwb1

    bwb1 Registered Member

    Joined:
    Mar 20, 2010
    Posts:
    113
    Location:
    UK
    Bump......now my previously OK laptop now crashes with BSOD and the bad_pool_header info, so have uninstalled SBIE on that.
     
  19. King Grub

    King Grub Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    814
    Hello!

    Was this BSOD also fixed with the 5.0.2126 version? I see information about the Device control BSOD being fixed in the change log, but nothing about this one. I got the bad_pool_header BSOD as the earlier posters in the thread did when using NOD32 with Sandboxie, and since I consider Sandboxie a must, I haven't used NOD32 since (and the bluescreens stopped right away after removing NOD32).
     
  20. hyleaf

    hyleaf Registered Member

    Joined:
    May 22, 2012
    Posts:
    4
    Same here, had to uninstall ESS until a fix is released. Any word from the developers? Thanks in advance.
     
  21. King Grub

    King Grub Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    814
    Guess not. :(
     
  22. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please provide instructions how to reproduce BSOD as I've tried it by opening Firefox in Sandboxie on Win7 x64 as mentioned in another post here but I didn't get any BSOD. I've noticed that the version of Sandboxie that is currently available and that I used for replication was newer than the one mentioned in this thread.
     
  23. bwb1

    bwb1 Registered Member

    Joined:
    Mar 20, 2010
    Posts:
    113
    Location:
    UK
    I got the BSOD with ESS 5.2.9.1/SBIE 3.72/W7x32/FF13 and 14. I removed SBIE and since then FF13/14 has behaved. The BSOD occurs instantly when you try to open FF in SBIE, and it is the bad_ pool_header matter. This happens on two computers with very similar set ups.
     
    Last edited: Aug 9, 2012
  24. King Grub

    King Grub Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    814
    For me it wasn't instantly when opening FF, but rather random. It could happen once a day or every other day. After booting up again and visiting the same webpage or doing the same thing in FF, it worked fine. Then a few days later another BSOD with the "bad pool header" pointing at eamonm.sys.

    And this on two separate systems, both with Nod32, FF and Sandboxie (including the latest version). Both systems hardware-error free (passes 36 hours of Memtest+, IntelBurnTest with max settings and no problems whatsoever at any other time). Remove Nod32 and the problems went away.

    I would really like to use Nod32 again, but I am not prepared to experience more BSODs because of it. There are many good AVs, but only one Sandboxie. That's why I wondered if this issue had been explored and/or corrected with the latest version of the program, even if the release notes didn't say anything about it.
     
  25. King Grub

    King Grub Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    814
    Well, no replies here I guess, but several threads on the Sandboxie forum indicate that the problem is still there, with the latest versions of both products, and it is still the ESET driver that is implacated in the BSOD logs.
     
Thread Status:
Not open for further replies.