Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Beta - Avast => Topic started by: NON on May 07, 2016, 07:03:31 AM
-
Hello all,
I updated to 2263 via AvastUI and now I got this error message "Invalid access to memory location" when I try to log-in to windows... I mean, I can't log-in to windows :(
I'm not exactly sure that this is caused by avast beta as I noticed Windows Update was updating something during reboot, but I decided to post this for notice.
In details,
1. Updating avast via Avast UI
2. Reboot the computer, WU updated something
3. Log-in to Windows, no Avast icon on taskbar, almost all app could not run because of "Access to memory location is invalid" error, including taskmgr.
4. Tried to manually create kernel dump and seems failed (no memory.dmp on HDD, stuck at "Dumping physical memory: 100")
5. Hard reboot, cannot log-in to Windows as described. Tried 3 soft reboots with no success.
6. Safe mode works
If some of the devs have interest in this issue, I can provide logs as I keep the machine untouched.
Thanks.
Edit: fix error message translation
Edit2: fix error message translation
-
Hello NON!
Thanks for the report. Would it be possible to get specific files and folders from the machine in the safe mode and share it with us for evaluation?
In this case, both
"C:\Program Files\AVAST Software"
and
"C:\ProgramData\AVAST Software\Avast"
folders, zipped, would be very helpful.
Please let me know if you needed help with getting or sharing these files.
Petr
-
Hello Petr, thank you for your reply.
I just booted my machine in Safe Mode and found both folder have more than 1GB in size. :o
This is mostly because there are some .mdmp files which has about 200MB each, and some huge log files (over 300MB).
I'll try to compress them before uploading to avast ftp, but even after compress they will still have quite a size.
Do you have some specific directories to send you first? Or should I just upload all of them in one (or two) archives?
-
OK, I finished compressing both folders.
Firstly uploaded ProgramData folder.
Filename: NON_Avast_ProgramData_160510.7z
Program Files will be uploaded soon... :)
Uploaded. Filename: NON_Avast_ProgramFiles_160510.7z
-
Thanks a lot NON! We are going to look into it.
-
OK, I updated avast using "Safe Mode with networking" and again got the same issue.
I'll try clean reinstall.
-
After clean reinstall this beta just works fine, until restoring its settings to previous one.
So this means some of the settings breaks avast since 2263 beta.
-
Finally found the cause. It's HIPS!
When I change HIPS level from default (minimum), the issue arises.
If I revert it to default by modifying FileSystemShield.ini file, the issue disappear.
So, something must be wrong with beta HIPS.
-
Hi NON,
just to let you know, similar reports in the German section (you're not alone).
Asyn
-
Still not fixed with latest beta 2265.
-
Still happening with 2266. Reboot is not needed, just set HIPS to maximum and most application could not run.
-
According to your sig, you also use Comodo HIPS on your system.
I'd suggest to disable it for testing or vice versa the Avast HIPS...
-
According to your sig, you also use Comodo HIPS on your system.
I'd suggest to disable it for testing or vice versa the Avast HIPS...
Thanks Asyn for suggestion.
Quick check (change Comodo HIPS to disable) shows it has no relation to this issue, however, I'll try disable Comodo HIPS then reboot and try again.
-
I had this nonsense as well today with 2267 build. I figured it out the hard way as well... ::)
-
I had this nonsense as well today with 2267 build. I figured it out the hard way as well... ::)
:(
Still happening with 2267 beta with Comodo HIPS disabled.
-
Still happening with 2267 beta with Comodo HIPS disabled.
Time for the devs to chime in here.
-
I only have avast! installed and it does this if I crank HIPS sensitivity to highest setting.
-
I am not sure, but I think that HIPS is disabled yesterday in 11.2.2262.
Can someone from Avast confirm this ?
-
I am not sure, but I think that HIPS is disabled yesterday in 11.2.2262.
Can someone from Avast confirm this ?
Start a new topic here: https://forum.avast.com/index.php?action=post;board=2
We're discussing the latest beta versions.
-
Problem still exists with the version 12.1.2268.
TerraX
-
Problem still exists with the version 12.1.2268.
TerraX
Still happening with 2269.
-
So, still happening and despite asking avast! team about it for build 2267, 2268 and now 2269 I haven't got a SINGLE answer for it. This is absurd.
-
So, still happening and despite asking avast! team about it for build 2267, 2268 and now 2269 I haven't got a SINGLE answer for it. This is absurd.
Side note, NON reported it first with build 2263, sent the requested logs and no reply since then.
-
So, still happening and despite asking avast! team about it for build 2267, 2268 and now 2269 I haven't got a SINGLE answer for it. This is absurd.
Side note, NON reported it first with build 2263, sent the requested logs and no reply since then.
Yeah, I’m hoping to have an answer... :(
A month has passed already since then.
-
Guys, thanks again for the reports. For your reference, the bug has an internal ID AV-10322 and it has appropriate priority on our list. In this case, we had troubles with the issue reproduction in our lab environment. Anyway, please stay tuned.
Petr
-
Guys, thanks again for the reports. For your reference, the bug has an internal ID AV-10322 and it has appropriate priority on our list. In this case, we had troubles with the issue reproduction in our lab environment. Anyway, please stay tuned.
Petr
Thanks for the answer. I can provide more logs or dumps if you want (as long as I can make these, because Avast does not allow to make kernel dump when this happens).
-
Guys, thanks again for the reports. For your reference, the bug has an internal ID AV-10322 and it has appropriate priority on our list. In this case, we had troubles with the issue reproduction in our lab environment. Anyway, please stay tuned.
Petr
So, you're saying it only happens on selective systems if you increase HIPS sensitivity/setting?
-
Hi NON!
Thanks for the logs, they are very helpful. I have few additional comments/questions:
1. Can you, please, try to rename guard32.dll (C:\Windows\SysWOW64\guard32.dll). Maybe you have to do it in safe mode. Does it help?
2. Can you send screenshot of the error report (Access to memory location is invalid).
Thanks for your help.
-
Here is mine... and yeah, it actually does happen at login like this if I set HIPS to 3rd level.
-
Hello bs, thanks for the reply.
2. Can you send screenshot of the error report (Access to memory location is invalid).
I got exactly same message as RejZoR posted when I had this login issue although I use Windows 7 not 10.
My former translation of the error message is just not good, it should be "Invalid access to memory location".
I attached an error message I get when I try to run Windows Update with maximum HIPS level.
No reboot is required, just change the settings and get this. Revert it and I can run WU without issue.
1. Can you, please, try to rename guard32.dll (C:\Windows\SysWOW64\guard32.dll). Maybe you have to do it in safe mode. Does it help?
I just did that and renaming guard32.dll does not affect the symptom at all.
Just a note, my issue is changed a bit.
Now, I can login to Windows but got a black screen only with mouse-cursor.
Ctrl+Alt+Del does not work with error message saying it failed to open the screen.
I successfully made kernel dump with and without guard32.dll (renamed or not) during black screen.
Dumps were uploaded to avast FTP:
NON_kernel_dump_without_guard32.7z
NON_kernel_dump_with_guard32.7z
-
Thanks again. It was fixed.
-
What was the cause of it? Have you done any changes to HIPS component for this to happen? I hate the fact HIPS feature is again becoming one of those features that sound cool, but they don't really do ANYTHING at all to protect the user.
-
Seems fixed in latest beta 2271. 8)
-
It works again ... thanks. :)
TerraX