Avast WEBforum

Avast Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Lisandro on July 05, 2010, 08:16:22 PM

Title: [Reopen] BSOD of AIS Sandbox
Post by: Lisandro on July 05, 2010, 08:16:22 PM
I've uninstalled CTM 175 beta by the console because I had two BSODs with the same CTM driver CTMFLT.SYS.
I suspect it could be related to avast Sandbox. It was the only change in my system in the last 2-3 days.
I was working with Firefox sandboxed.
Can you, please, test?
I do not have the memory dump (as you already know that CTM blocks it).

Error message:
A driver has overrun a stack-based buffer
CTMFLT.SYS
0x000000F7 (0x8D19BBC3 0x83A59125 0x7C5AGEDA 0X00000000)

Thanks.
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comoto Time Machine
Post by: Dch48 on July 05, 2010, 09:28:53 PM
I have to say that I'm impressed by the way you stick with testing out CTM.

To slightly misquote Rudyard Kipling,  "You're a braver man than I am, Gunga Din"   ;D
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comoto Time Machine
Post by: superhacker on July 05, 2010, 09:42:11 PM
Did you try blue screen view http://www.nirsoft.net/utils/blue_screen_view.html (http://www.nirsoft.net/utils/blue_screen_view.html)
and can you give us a report of your drivers,use your preferred tool or use hijack hunter:
http://www.novirusthanks.org/products/hijack-hunter/ (http://www.novirusthanks.org/products/hijack-hunter/)
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comoto Time Machine
Post by: Lisandro on July 06, 2010, 02:52:43 AM
Did you try blue screen view http://www.nirsoft.net/utils/blue_screen_view.html (http://www.nirsoft.net/utils/blue_screen_view.html).
When the Windows is handling the blue screen dump, drivers are not loaded. CTM drivers can't be loaded and the disk is protected to modifications to save the snapshots integrity. I don't have a dump to be analyzed.

and can you give us a report of your drivers,use your preferred tool or use hijack hunter:
http://www.novirusthanks.org/products/hijack-hunter/ (http://www.novirusthanks.org/products/hijack-hunter/)
It's not a matter of malware, but driver conflict.

I have to say that I'm impressed by the way you stick with testing out CTM.
I believe in software development.
I believe in freewares.


pk, is there anything you could help me?
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comoto Time Machine
Post by: superhacker on July 06, 2010, 06:35:32 AM
Quote
Quote from: superhacker on Yesterday at 07:42:11 PM
and can you give us a report of your drivers,use your preferred tool or use hijack hunter:
http://www.novirusthanks.org/products/hijack-hunter/
It's not a matter of malware, but driver conflict.
I know you are malware free but i want to know what drivers you have so may i can determine the buggy driver
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comoto Time Machine
Post by: Lisandro on July 06, 2010, 01:31:19 PM
I'll take a look. Thanks.

I wish I get some kind of help here from the programmers. I'm quite suspicious it is related to avast sandbox also.
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comoto Time Machine
Post by: Lisandro on July 08, 2010, 05:47:53 PM
Well, now is the avast sandbox driver which is BSODing.

I've got a BSOD:
aswSnx.sys 0x00000050 (0xE507B374, 0x00000000, 0x8B911512, 0x00000000)
PAGE_FAULT_IN_NONPAGED_AREA

Can you test the beta version of the CTM?
The BSOD I've got when I was trying to upload a file (picture) in the avast forums.
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comoto Time Machine
Post by: Lisandro on July 09, 2010, 08:44:59 PM
Could you get in contact with Doskey (the product manager of Comodo Time Machine)?
Here is the thread it was being discussed https://forums.comodo.com/bug-reports-ctm/ctmfltsys-bsods-0x000000f7-with-175-beta-t58907.0.html;msg414025#msg414025
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comoto Time Machine
Post by: pk on July 10, 2010, 02:54:46 AM
Tech, thanks for your feedback.
Without dump, it's very hard (and mostly impossible) to figure out what exactly went wrong - you know only type of BSOD from those four numbers.. The only way is to install CTM beta and monitor BSODs in our debugger..
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comoto Time Machine
Post by: Lisandro on July 10, 2010, 03:37:42 AM
The only way is to install CTM beta and monitor BSODs in our debugger..
Can you do that for me, please?
The error occurred in the sandbox driver when I've tried to upload a screenshot to avast forum.

Without dump, it's very hard (and mostly impossible) to figure out what exactly went wrong - you know only type of BSOD from those four numbers.
CTM prevents the dump file to be saved and its developers said it is impossible to have their drive ON while Windows is crashed and the dump is being saved.
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comoto Time Machine
Post by: pk on July 10, 2010, 08:26:00 PM
Tech... alright, what's your OS? Win7 x86?
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comoto Time Machine
Post by: Lisandro on July 10, 2010, 08:32:36 PM
Tech... alright, what's your OS? Win7 x86?
Win7 Pro 32 bits
Thanks for the support.
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comoto Time Machine
Post by: pk on July 11, 2010, 06:44:37 PM
Installed the latest CTM (build 175), but I wasn't able to start the program after reboot.. see screenshot, I'll wait for the next build.

tested on: multi-boot system, Win7 32-bit
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comoto Time Machine
Post by: Lisandro on July 11, 2010, 07:46:39 PM
Will it help if you get remote access to my system?

Right now I've disabled avast sandbox to avoid BSODing.

The error you're seeing seems to be related to multi boot systems.
You need to install in all running operational system.
The console (the "critical subsystem) is only installed after all operational system has CTM.
You need to choose the proper options while installing.
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comoto Time Machine
Post by: Lisandro on September 01, 2010, 01:41:55 PM
pk, did you make any specific change into the sandbox to correct this error?
Comodo said it was a problem in their side and will be corrected in the next CTM version (https://forums.comodo.com/bug-reports-ctm/ctmfltsys-bsods-0x000000f7-with-175-beta-t58907.0.html;msg427463#msg427463)
But they don't release a new version and the problems disappears with avast 5.0.668 beta.

So, did you correct this error?
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comoto Time Machine
Post by: pk on September 01, 2010, 02:40:43 PM
You said I need to install CTM in all installed OSes. Since my PC has about 10 different OS configurations, I tested CTM only under VMWare.
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comoto Time Machine
Post by: Lisandro on September 01, 2010, 03:04:46 PM
Thanks.
Seems that changes in the beta changed the behavior (conflicting)... Who knows...
I'll post elsewhere the problems I'm facing sandboxing Firefox.
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comoto Time Machine
Post by: Lisandro on September 02, 2010, 12:20:27 AM
Seems that changes in the beta changed the behavior (conflicting)... Who knows...
No. It's not. My computer BSODed again.
aswSnx.sys
0x00000050 (0xCAADC70C, 0x00000000, 0x8BAD052A, 0x00000000).
Seems I need to wait for the next CTM version (middle of September) to test avast sandbox again.
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comoto Time Machine
Post by: pk on September 02, 2010, 12:26:36 AM
0x00000050 (0xCAADC70C, 0x00000000, 0x8BAD052A, 0x00000000)
please send me your aswSnx.sys driver, I'll follow the numbers to find the location...
do you have GMER on your computer? please run it (or download here: http://www.gmer.net/#files), go to Modules tab, find aswSnx.sys and copy&paste its memory address, thanks

Quote
Seems I need to wait for the next CTM version (middle of September) to test avast sandbox again.
how come? ;)
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comoto Time Machine
Post by: Lisandro on September 02, 2010, 02:54:08 AM
Quote
please send me your aswSnx.sys driver, I'll follow the numbers to find the location...
do you have GMER on your computer? please run it (or download here: http://www.gmer.net/#files), go to Modules tab, find aswSnx.sys and copy&paste its memory address, thanks
pk, I'll be traveling 5 days and will have very little connection.
I'll send it to you but, you know, it will be difficult to continue testing these days. Sorry.
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comoto Time Machine
Post by: Lisandro on September 09, 2010, 03:39:17 AM
This BSOD come again...
COMODO DID NOT SOLVE IT AS THEY HAVE PROMISSED  >:(
https://forums.comodo.com/bug-reports-ctm/ctmfltsys-bsods-0x000000f7-with-175-beta-t58907.0.html;msg427463#msg427463

0x00000050 (0xC9190634, 0x00000000, 0x8FE28EF9, 0x00000000)
aswSnx.sys
PAGE_FAULT_IN_NONPAGED_AREA

Is there anything you can do for me pk?
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comoto Time Machine
Post by: pk on September 09, 2010, 06:40:29 AM
Is there anything you can do for me pk?

sure, send me your aswSnx.sys driver and run gmer.exe (http://www.gmer.net/#files), go to Modules tab, find aswSnx.sys and tell me its Address value
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comoto Time Machine
Post by: Lisandro on September 09, 2010, 02:22:58 PM
sure, send me your aswSnx.sys driver and run gmer.exe (http://www.gmer.net/#files), go to Modules tab, find aswSnx.sys and tell me its Address value
Well, it does not BSODed yet, so I can get this information. I'll keep the computer on and test.
The aswSnx.sys address is: 8BCBB000 and size: 364544
I'll send the file by email for you. By the way, why is it different from the file you can get installing AIS in your computer?
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comoto Time Machine
Post by: Lisandro on September 09, 2010, 02:37:31 PM
I can reproduce the BSOD with easy.
It always occur when I try to attach a file (screenshot .png file) to the forums while Firefox is sandboxed.
When I try to upload the file, immediately, the computer BSODs.

8BCC6EF9 base at 8BCBB000 DateStamp 4C865205
0x00000050 (0xD2526024, 0x00000000, 0x8BCC6EF9, 0x00000000)
aswSnx.sys
PAGE_FAULT_IN_NONPAGED_AREA
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comoto Time Machine
Post by: pk on September 09, 2010, 07:00:16 PM
Thanks for the file and address - I was able to find the source line where it crashed; it seems our driver deceived invalid filename request, it should be fixed now.

Quote
By the way, why is it different from the file you can get installing AIS in your computer?
I use internal avast build, which is usually newer than the official build => BSOD address doesn't match in it.
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comoto Time Machine
Post by: Lisandro on September 09, 2010, 07:30:36 PM
Thanks for the file and address - I was able to find the source line where it crashed; it seems our driver deceived invalid filename request, it should be fixed now.
Many thanks!
Can you give me a new version (internal) of this specific file?
Can I overwrite the one in my computer? Will it pass the check?
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comoto Time Machine
Post by: Lisandro on September 10, 2010, 05:44:14 PM
Can you give me a new version (internal) of this specific file?
Can I overwrite the one in my computer? Will it pass the check?
pk ???
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comoto Time Machine
Post by: Lisandro on September 11, 2010, 10:40:18 PM
pk, right now, when I try to access the sandbox expert settings, the computer bsods.
I can't further test it.
Can you give me an updated driver?
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comoto Time Machine
Post by: Lisandro on September 14, 2010, 02:53:43 PM
pk... I'm not able to use/test the sandbox...
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comodo Time Machine
Post by: pk on September 14, 2010, 08:19:37 PM
Hello,

sorry for delay, we (pk/vlk/lukor) are currently out of office.

please download new internal aswSnx version:
x86: http://public.avast.com/~kurtin/snx/01/x86/aswSnx.sys
x64: http://public.avast.com/~kurtin/snx/01/x64/aswSnx.sys

copy them into \Windows\System32\drivers and reboot.
To check if the driver was loaded correctly, execute cmd.exe and type: fltmc and aswSnx must be listed.
If you don't have right-click context menu, then driver isn't loaded or GUI wasn't able to connect with the driver.

New aswSnx.sys driver converts your snx_lconfig.xml file to the format (e.g. all file paths are converted into \??\Volume{xx} guid form). So, if you want to downgrade to old avast version, just delete that file from avast data folder, because old version wouldn't recognize that file format.

If you get BSOD, just write me BSOD numbers - I'll be able to find the problematic code without dump.
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comodo Time Machine
Post by: Lisandro on September 15, 2010, 12:46:14 AM
Failed to load.
I've replaced the original aswSnx.sys driver with the new one for sure (answer UAC, etc.).
What should I do?
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comodo Time Machine
Post by: pk on September 15, 2010, 02:34:50 AM
hard to say now... try to delete both snx_gconfig.xml and snx_lconfig.xml from your avast data folder and reboot...
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comodo Time Machine
Post by: Lisandro on September 15, 2010, 03:33:19 AM
As a side effect, the storage folder is shown even when OS/hidden files are off.
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comodo Time Machine
Post by: pk on September 15, 2010, 06:58:38 AM
As a side effect, the storage folder is shown even when OS/hidden files are off.

yes, it's because aswSnx driver isn't loaded and therefore it's not able to hide that folder...
did you try to remove those two files and reboot? did it help?
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comodo Time Machine
Post by: Lisandro on September 15, 2010, 01:10:39 PM
did you try to remove those two files and reboot? did it help?
It does not load it... Why?
I've deleted both files but the fltmc command does not return the sandbox driver.
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comodo Time Machine
Post by: pk on September 15, 2010, 04:44:32 PM
how about "fltmc load aswsnx" command?
do you have any errors in event viewer?
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comodo Time Machine
Post by: Lisandro on September 15, 2010, 10:57:20 PM
how about "fltmc load aswsnx" command?
Then it works... See first screenshot.

do you have any errors in event viewer?
Event 7026: failed to load driver at initialization. See second screenshot.
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comodo Time Machine
Post by: Lisandro on September 15, 2010, 11:18:59 PM
Seems that the correct load of this driver was something like the picture.
It's failing now on each boot.
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comodo Time Machine
Post by: Lisandro on September 16, 2010, 07:12:35 PM
how about "fltmc load aswsnx" command?
Seems this make it works after reboot also.
I'm using Firefox sandboxed now, tested the upload of a file, no BSOD.
But, when I open the folder to attach the file (there are a lot of screenshots in that folder), it takes molasses to display the contents. I'm not sure if it is related to sandboxing.

I'll wait and test a little, then set this issue to "solved".
Title: Re: Can you help me? Maybe a AIS Sandbox conflict with Comodo Time Machine
Post by: Lisandro on September 17, 2010, 03:26:18 AM
Bri (aka hyatt) has the same issue.
I've cross referenced both threads.
Seems to be solved.
https://forums.comodo.com/bug-reports-ctm/bsod-t61238.0.html;new#new
Title: Re: [Solved] Can you help me? Maybe a AIS Sandbox conflict with Comodo Time Machine
Post by: Lisandro on September 20, 2010, 03:06:51 PM
Problem come back...
PAGE_FAULT_IN_NONPAGED_AREA
0x00000050 (0xCB2BD6EA, 0x00000000, 0x90C20EF9, 0x00000000)
aswSnx.sys Address 90C20EF9 base at 90C150000 DateStamp 4C865205
I'm using the "new" sandbox driver.
Title: Re: [Reopen] Can you help me? Maybe a AIS Sandbox conflict with Comodo Time Machine
Post by: pk on September 20, 2010, 04:17:06 PM
Unfortunately, your aswSnx.sys was replaced by original driver:

DateStamp 4C865205 => Sep 07
DateStamp 4C8FB2DB => Sep 14 (336 896 bytes)

avast shouldn't replace the original driver if you disable auto program update feature
Title: Re: [Reopen] Can you help me? Maybe a AIS Sandbox conflict with Comodo Time Machine
Post by: pk on September 21, 2010, 12:16:44 AM
...just wanted to add that even if you disable auto program update feature, you wouldn't miss any new upcoming avast beta builds, because it's always published on avast forum
Title: Re: [Reopen] Can you help me? Maybe a AIS Sandbox conflict with Comodo Time Machine
Post by: Lisandro on September 21, 2010, 02:44:36 AM
Thanks pk. Need to do the trick all over again and set the updates to manual.
Title: Re: [Reopen] Can you help me? Maybe a AIS Sandbox conflict with Comodo Time Machine
Post by: Lisandro on September 21, 2010, 01:44:26 PM
Doesn't work this time...

Code: [Select]
Microsoft Windows [versão 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. Todos os direitos reservados.

C:\Windows\system32>fltmc load aswsnx

Carregamento falhou com erro: 0x80070241
Razão de erro não pôde ser traduzida, Código de mensagem: 0x80070241, Razão: 7a

Loading failed with error: 0x80070241
Reason for the error can't be translated, message code: 0x80070241, Reason: 7a
Title: Re: [Reopen] Can you help me? Maybe a AIS Sandbox conflict with Comodo Time Machine
Post by: pk on September 21, 2010, 02:29:24 PM
Doesn't work this time...
since driver isn't signed, you can install it only under 32-bit system... did you use x64?
32-bit OS shouldn't block loading of unsigned drivers...
Title: Re: [Reopen] Can you help me? Maybe a AIS Sandbox conflict with Comodo Time Machine
Post by: Lisandro on September 21, 2010, 02:38:49 PM
since driver isn't signed, you can install it only under 32-bit system... did you use x64?
32-bit OS shouldn't block loading of unsigned drivers...
On my signature... x32.
Title: Re: [Reopen] Can you help me? Maybe a AIS Sandbox conflict with Comodo Time Machine
Post by: pk on September 24, 2010, 06:12:35 PM
ok, aswSnx.sys driver is now signed:
please download: http://public.avast.com/~kurtin/snx/01/x86/aswSnx.sys
download & copy http://public.avast.com/~kurtin/snx/01/x86/aswSnx.sys.sum into the same folder as aswSnx.sys (avast won't replace this file).
Title: Re: [Reopen] Can you help me? Maybe a AIS Sandbox conflict with Comodo Time Machine
Post by: Lisandro on September 24, 2010, 10:31:49 PM
Will test on next boot. Thanks.
Title: Re: [Reopen] Can you help me? Maybe a AIS Sandbox conflict with Comodo Time Machine
Post by: Lisandro on September 25, 2010, 05:41:35 PM
Do not work. There is nothing I can do.
New driver does not load. I've tried everything:
1. Copy two files.
2. Uninstall the sandbox, boot, install, copy the files, boot.
3. Tried to overwrite the files and boot.
Nothing worked.

Seems I will really wait next program update and until then, no sandbox for me.
Title: Re: [Reopen] Can you help me? Maybe a AIS Sandbox conflict with Comodo Time Machine
Post by: Lisandro on October 21, 2010, 02:15:01 AM
Just to report: the BSOD is not related with Comodo Time Machine at all.
It happens when you attach a file to a post in avast forums, for instance.
It's an avast driver BSOD (as pk said, fixed internally).

pk, any news about a working driver for the sandbox?
Title: Re: [Reopen] Can you help me? Maybe a AIS Sandbox conflict with Comodo Time Machine
Post by: Lisandro on December 16, 2010, 03:20:06 PM
It happens when you attach a file to a post in avast forums, for instance.
Solved? ???
To open a folder in Firefox to post take molasses.
To browse for a folder take molasses.
I cannot click in the picture to add it, I need to write down the full path...
Testing...