I installed the 2.01 Beta version and was using memory caching mode during a session lock. All worked fine until I needed to reboot to exit Returnil's protection. The re-boot took much longer than usual and I eventually got a BSOD. Another re-boot had the same results so I uninstalled Returnil in safe mode. My system: Lenovo T61 Thinkpad Vista HP SP1 Avira Premium DefenseWall 2.46 Vista firewall What other info can I provide to help track this down?
Hello ffreedom01 and welcome Please reply with the exact text of the critical stop error. If you cannot remember, please try to reproduce the issue and get a picture of the Blue screen. Thanks Mike
Hello Mike, Attached is a picture of the BSOD. It seems to be related to file protection as I have been able to enter session lock and re-boot OK without file protection enabled.
Hi Guys, We are working on it and hope to have an updated version next week. This is another rare issue and hard to track down for the same reason. So until then do not use the File Protection or tools on your system as the cause is common to both. Mike
My only BSOD happened when I just turned on session lock as soon as desktop wallpaper showed up and Vista was still busy accessing HDD for its super-fetching stuff. And after reboot I took care not to turn session lock on until Vista completely loaded up and HDD not being accessed, I'm no longer having BSODs.
No, this is only affecting a small sub-set of Vista users. This does not effect users with XP or most Vista users... HTH Mike
Hi, Sorry for the late reply on this. 2.0.1 is now final: https://www.wilderssecurity.com/showthread.php?t=234140 We will begin the public testing for the new 3x generation as soon as possible following the release of the 2.0.1 Personal Edition. Mike
I installed the latest version and got a BSOD shortly after enabling session lock with file protection on. Got another BSOD on reboot...had to uninstall in safe mode. I did not get the info from the blue screen but I have a mini dump I can email.
Have you tried checking your hardware? Run diaganostics on your RAM and HDD to make sure they are not the source of the issue.
I ran Lenovo's utilities to check ram and the HD and also Hitachi's HD utilities and found no problems.
Some additional things you can check: 1) New software OR recently uninstalled software. Is there any possibility that there was an installation issue or something you used in the past being improperly or incompletely uninstalled? 2) MSCONFIG - Try disabling startup items (ONE at a TIME!) and see if the issue clears. This takes a bit of patience but may lead to an insight or cause for the issue. From your last post we have eliminated hardware causing the 050 error so we need to explore possible software (driver) conflicts. Mike
I don't seem to get the BSOD unless file protection is turned on...might be a clash with DefenseWall's resource protection. I'll check it out in the next day or so.
I finally got around to checking this out and it is DefenseWall and Returnil not getting along when Returnil's file protection is turned on. Any ideas Mike? I'll also post at the DW forum.
To be brutally honest, no other than to place restrictions on non-system drives and partitions using native Windows policy or manually changing the access permissions for those files and folders manually. One idea is to check the rules in DW to see if one is specifically responsible for filtering changes made to these folders as it is conceivable that DW may have additional settings that keep malicious/unwanted programs from doing similar things (Ex: Removing read/write access or denying the user permission to even open the file or folder). Mike
Mike, just check the minidump file data (I'm installing Premium version in order to try to reproduce the issue on my virtual test machine): PAGE_FAULT_IN_NONPAGED_AREA (50) Invalid system memory was referenced. This cannot be protected by try-except, it must be protected by a Probe. Typically the address is just plain bad or it is pointing at freed memory. Arguments: Arg1: d210e000, memory referenced. Arg2: 00000000, value 0 = read operation, 1 = write operation. Arg3: 828ffc09, If non-zero, the instruction address which referenced the bad memory address. Arg4: 00000000, (reserved) MODULE_NAME: RVFsSec FAULTING_MODULE: 82817000 nt DEBUG_FLR_IMAGE_TIMESTAMP: 47ba6df1 READ_ADDRESS: unable to get nt!MmSpecialPoolStart unable to get nt!MmSpecialPoolEnd unable to get nt!MmPoolCodeStart unable to get nt!MmPoolCodeEnd d210e000 FAULTING_IP: nt+e8c09 828ffc09 ?? MM_INTERNAL_CODE: 0 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: WRONG_SYMBOLS BUGCHECK_STR: 0x50 LAST_CONTROL_TRANSFER: from 82871b54 to 828bc0f5 STACK_TEXT: WARNING: Stack unwind information not available. Following frames may be wrong. c26032b0 82871b54 00000000 d210e000 00000000 nt+0xa50f5 c26032c8 828ffc09 badb0d00 d210e000 85118000 nt+0x5ab54 c260333c 82f5c300 d210dc00 80f06000 80de3d08 nt+0xe8c09 c2603358 82f5b88b 877da3e8 80de3d08 80f05c00 RVFsSec+0x3300 c260335c 877da3e8 80de3d08 80f05c00 00000000 RVFsSec+0x288b c2603360 80de3d08 80f05c00 00000000 00000001 0x877da3e8 c2603364 80f05c00 00000000 00000001 80de3fb0 0x80de3d08 c2603368 00000000 00000001 80de3fb0 80de3d08 0x80f05c00 STACK_COMMAND: kb FOLLOWUP_IP: RVFsSec+3300 82f5c300 ?? SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: RVFsSec+3300 FOLLOWUP_NAME: MachineOwner IMAGE_NAME: RVFsSec.sys BUCKET_ID: WRONG_SYMBOLS Followup: MachineOwner