ESS v6 crashes nfts.sys

Discussion in 'ESET Smart Security' started by mdw1166, Jan 22, 2013.

Thread Status:
Not open for further replies.
  1. mdw1166

    mdw1166 Registered Member

    Joined:
    Feb 27, 2006
    Posts:
    15
    All,

    Has anyone come across ESSv6 (i've just upgraded from ESSv5) crashing with a BSOD in the ntfs.sys module? I use symbolic links to access my NAS drive and the issue is present in v6 and not v5.

    Thanks in advance

    Martyn
     
  2. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    I do not recall hearing about this before.

    Can you tell us more about your operating environment, such as the edition of Microsoft Windows installed and brand and model of the NAS server?

    Regards,

    Aryeh Goretsky
     
  3. bungiefan

    bungiefan Registered Member

    Joined:
    Jan 23, 2013
    Posts:
    7
    Location:
    USA
    I'm getting the crash sporadically too, with symbolic links. I have a Seagate GoFlex Home 3TB drive and I've bluescreened about 4 times in a row, all when I started a file transfer within the drive. I have direct access to the drive via a mapped drive letter, but I use it for video storage that is too big for one drive, so I have a symlink in my main video directory to other drives that contain more of my video collection. Moving a file within the symlinked system tends to cause a crash. I thought it was the drive, but it didn't start until the day I installed the ESET6 update over ESET5.

    I'm running Windows 7 Pro 64-bit on an AMD Phenom II 1100T 6-core.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please compress the dump created during a crash, upload it to a safe location and PM me the download link. If you're able to reproduce the crash at any time, make sure that Windows is configured to generate kernel memory dumps (ideally complete memory dumps), reproduce the crash and supply the crash dump for analysis.
     
  5. mdw1166

    mdw1166 Registered Member

    Joined:
    Feb 27, 2006
    Posts:
    15
    Hi,

    I'm using a number of Laptops and Desktop PC's all running Windows 7 HP 64Bit. The NAS devices are Netgear ReadyNAS, 1 x ReadyNAS Pro 6, 1 x ReadyNAS Ultra 4 and 1 x ReadyNAS Ultra 2. Symbolic links to all devices cause the same fault with ESS v6.

    I've successfully installed ESS v6 on a Win 7 HP 64Bit laptop BUT that device does not have any symbolic links configured.

    I will update a laptop running Win 7 HP 32Bit that we use for test purposes to ensure the upgrade works, then configure symbolic links and check it fails as it currently does on the 2 other devices it blue screened (1 x Desktop, 1 x Laptop)

    I honestly don't want to spend too much time on this as we have 10 ESS licenses, 5 of which are due for renewel and they are on PC's used in a small business. I cannot afford the time to go through the process of installing ESS 6 again, allowing the pc to BSOD and then go through a convoluted process to bring the PC back.

    When the PC BSOD's and its rebooted, ESS v6 does not appear to be running and when you look in Programs and Features to uninstall it, it is not listed. So we have to use system restore, however when you initiate the system restore, it fully restores ESS v5 when the restore is completed. Is this expected, as system restore should only roll back system files, folders and settings and ESS v5 was fully uninstalled prior to the ESSv6 upgrade?

    Regards

    Martyn
     
  6. bungiefan

    bungiefan Registered Member

    Joined:
    Jan 23, 2013
    Posts:
    7
    Location:
    USA
    PM system currently unavailable. All I have is a minidump. The full dump would be about 8 GB uncompressed, and would take days to upload compressed on my Alaskan internet connection. Plus the only full dump I can find seems incomplete, it's only a 700 MB file.
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I've downloaded the files fine. As soon as I hear from developers about their findings, I'll let you know.
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It looks like the crash occurred in PGPfsfd.sys but I'll pass the dump to engineers to make sure. In the mean time, configure Windows to generate kernel memory dumps instead of minidumps, reproduce the crash and supply me with the kernel dump (compressed in an archive).
     
  9. mdw1166

    mdw1166 Registered Member

    Joined:
    Feb 27, 2006
    Posts:
    15
    I reproduced the crash on a laptop which has PGP running, but the other machine which I upgraded and has the same issue does not have PGP installed nor configured.

    I'll check to see what is involved in generating a full Kernel dump prior to committing to configuring it

    Regards

    Martyn
     
  10. RayTRoX

    RayTRoX Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    2
    I have the same problem after updating to version: 6.0.308.0 (x64) - reliable BSODs a few minutes after startup.

    I'd like to send a dropbox link to my kernel-dump, but pm-system is inoperative.
     
  11. mdw1166

    mdw1166 Registered Member

    Joined:
    Feb 27, 2006
    Posts:
    15
    Ok, i've stored the kernel dump in the same location as I PM'd you. Its in the Laptop1 folder.

    For reference, if I access the NAS drives via the network, everything is ok, but if I configure a symbolic link attached to a folder which is included within the Libraries then that appears to cause the issue.

    Martyn
     
  12. RayTRoX

    RayTRoX Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    2
    I am using symbolic links to folders on my NAS too...
     
  13. tomha

    tomha Registered Member

    Joined:
    Mar 25, 2008
    Posts:
    27
    I got reproducable BSOD´s with ntfs.sys error with NOD32 AV V6. Crash dumps showed a fault in tdrpman.sys which is part of Acronis True Image Home 2013, installed on my Win8 Pro x64. No PGP installed.

    Your BSOD´s seem similar to mines, but i tried NOD32 Antivirus V6. I opened a according thread in NOD32 AV Forum.
     
  14. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Are symbolic links being used on the computer's file system as well?

    Regards,

    Aryeh Goretsky

     
  15. tomha

    tomha Registered Member

    Joined:
    Mar 25, 2008
    Posts:
    27
    Only one symbolic link ,pointing to my Music library on my NAS. I Need it to add my NAS-Music to the Win8 Music library.
    Not shure the BSOD has to do with the symbolic link. As i wrote in AV Forum, i can reproduce the BSOD with searching in the charms bar or adding a harddisk to my usb Docking Station.
     
  16. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The memory dump you sent was corrupted and could not be opened. However, it sounds like a known issue with symlinks that will be addressed in the upcoming v6 service build that should be available within a few weeks.
     
  17. tomha

    tomha Registered Member

    Joined:
    Mar 25, 2008
    Posts:
    27
    Tried to download myself, unzipped and opened the Memory dump in windbg, no Problem so far. Maybe your download failed? I have to remove the download from my Webspace (quota exeeded). I upped on another Webspace and will send you the link via PM.
     
  18. bnshe

    bnshe Registered Member

    Joined:
    Feb 2, 2013
    Posts:
    1
    Also have this BSOD with V6. I was wondering why V6 was running fine on one computer and the other one not.
    I use symbolic links on the machine which was crashing with V6. I was wondering why it crashed after I have startet Total commander, but now it clear, Total commander was accessing my NAS over symbolic links.

    As it is a small minidump I atteched it as txt file (but is actually a zip).
     

    Attached Files:

  19. JohnyR21

    JohnyR21 Registered Member

    Joined:
    Feb 4, 2013
    Posts:
    7
    Location:
    Canada
    Oh wow, thought I was the only one. Will be watching this carefully.
     
  20. Lalle75

    Lalle75 Registered Member

    Joined:
    Feb 5, 2013
    Posts:
    2
    Location:
    Bochum, Germany
    Same problem at my system. PAGE_FAULT_IN_NONPAGED_AREA with ntfs.sys since I installed the version 6 on my Windows 7 64bit.

    There seems to be no specific action, software, port, etc. that supplies or forces the BSOD.
     
  21. tomha

    tomha Registered Member

    Joined:
    Mar 25, 2008
    Posts:
    27
    If the bsod is caused by symbolic links and i have only one symbolic link, i could try to delete the symlink and test if the bsod will happen then.
    Unfortunately i am on vacation till the end of this week. I will try on Sunday and post the results here.

    regards, tomha
     
  22. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Are symbolic links in use on the system?

    Regards,

    Aryeh Goretsky

     
  23. JohnyR21

    JohnyR21 Registered Member

    Joined:
    Feb 4, 2013
    Posts:
    7
    Location:
    Canada
    Any idea on when a release is going to come out? I'm running without an AV atm :thumbd:
     
  24. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It will take a few weeks. In the mean time, install ESS v5 which provides equal protection as v6.
     
  25. tomha

    tomha Registered Member

    Joined:
    Mar 25, 2008
    Posts:
    27
    Now i can confirm that the BSOD´s are related to symbolic links.
    I deleted the symbolic link pointing to my NAS and the BSOD´s were gone.

    Unfortunately there is another issue with V6( I opened another thread according to):
    When opening disk Management (diskmgmt.msc) the Computer gets terrible slow. Even mouse movements are stumbled. Task Manager(started before diskmgmt.msc) shows 50% - 70% cpu usage from system. Shutdown takes 5 - 20 minutes.

    All Problems are gone after uninstalling NOD AV V6.
     
Thread Status:
Not open for further replies.