Author Topic: bluescreen rdpdr.sys evertime i try to use a shared folder avast! endpoint  (Read 6147 times)

0 Members and 1 Guest are viewing this topic.

zipster

  • Guest
Hello,

we installed avast! endpoint protection suite on Terminal Server 2003 R2 and from there everytime i try to connect to a shared folder from the client, usb-stick or sd-card the server ends in an bluescreen


here form the dump file
Quote
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************


SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 00000000, The address that the exception occurred at
Arg3: f359917c, Exception Record Address
Arg4: f3598e78, Context Record Address
ODULE_NAME: rdpdr


FAULTING_MODULE: 80800000 nt


DEBUG_FLR_IMAGE_TIMESTAMP: 45d697c4


ERROR_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.


FAULTING_IP:
+0
00000000 0000 add [eax],al


EXCEPTION_PARAMETER1: f359917c


CONTEXT: f3598e78 -- (.cxr fffffffff3598e78)


CUSTOMER_CRASH_COUNT: 1


DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP


BUGCHECK_STR: 0x7E


LAST_CONTROL_TRANSFER: from f632cc93 to 00000000


STACK_TEXT:
f3599240 f632cc93 8a6d26d8 8a6d26d8 8a6d26d8 0x0
WARNING: Stack unwind information not available. Following frames may be wrong.
f3599258 f632cd45 8a6d26d8 f6333410 89fdcbe0 rdpdr+0x10c93
f359926c f6326f22 8a6d26d8 f359929c f6327291 rdpdr+0x10d45
f3599278 f6327291 8a6d26d8 00000000 00000016 rdpdr+0xaf22
f359929c f631dff7 f35992e0 00000000 00000016 rdpdr+0xb291
f35992cc f632836d e2b36000 88b2f908 f3599344 rdpdr+0x1ff7
f35992f0 f632469d e2b36000 0000002a f3599344 rdpdr+0xc36d
f3599310 f632485a e2b36000 0000002a f3599344 rdpdr+0x869d
f3599324 f632551f e2b36000 0000002a f3599344 rdpdr+0x885a
f3599350 f6324e34 00000000 8adc9ebb 8adc9e48 rdpdr+0x951f
f3599368 8081e103 00000000 8adc9e48 8a2afc80 rdpdr+0x8e34
f3599398 f75995d8 888f29e8 00000000 e2b3a000 nt+0x1e103
f35993d4 f759a0d2 888f29e8 00000005 00000000 termdd+0x25d8
f35993fc f4c906e1 87aa0d34 00000005 00000000 termdd+0x30d2
f3599430 f4c8a3c1 e2b3a000 003c88e6 00000032 RDPWD+0x86e1
f3599458 f4c8a1b9 e2b3ac00 e8b79650 f3599400 RDPWD+0x23c1
f35994c0 f4c89fe0 00000045 f35994f8 0000004c RDPWD+0x21b9
f35994dc f4ca7ba4 00000045 f35994f8 e2b3a000 RDPWD+0x1fe0
f3599504 f4c8906b e2b3a000 00000000 873c8918 RDPWD+0x1fba4
f359952c f759d194 e2b3a000 00000000 873c88cc RDPWD+0x106b
f3599550 f4d1dfcb 88e80fbc 00000000 873c88cc termdd+0x6194
f3599d90 f759c265 873c8780 00000000 8b4c2d10 TDTCP+0x2fcb
f3599dac 80949b7c 8a57b930 00000000 00000000 termdd+0x5265
f3599ddc 8088e062 f759c218 894b1de0 00000000 nt+0x149b7c
00000000 00000000 00000000 00000000 00000000 nt+0x8e062




FOLLOWUP_IP:
rdpdr+10c93
f632cc93 ?? ???


SYMBOL_STACK_INDEX: 1


FOLLOWUP_NAME: MachineOwner


SYMBOL_NAME: rdpdr+10c93


IMAGE_NAME: rdpdr.sys


STACK_COMMAND: .cxr fffffffff3598e78 ; kb


BUCKET_ID: WRONG_SYMBOLS

Offline Avosec-UK

  • Avosec Technical Support
  • Avast Reseller
  • Sr. Member
  • *
  • Posts: 296
    • Avosec
Please check the KB article in the link provided below:
http://support.microsoft.com/kb/960652

The issue is confirmed by Microsoft as theirs.
Just install the patch and everything will be okay.