Author Topic: BSOD daily citing Avast Emergence Update (Read 2088 times)

REDACTED · « **on:** July 19, 2018, 04:06:28 PM »

I have Avast pro on several machines. 1 Win7x64 box when I log into the Admin account states that windows shut down unexpectedly. When I look at the minidump it says the process that fails is AvEmUpdate.exe and the module is NETIO. There are 2 users on this machine and as admin I only see the message for the dump message. Attached the minidump file. I am at version 18.5.2342 and it is set to update automatically.

bob3160 · « **Reply #1 on:** July 19, 2018, 04:18:21 PM »

Reported to Avast.

kwiq · « **Reply #2 on:** July 19, 2018, 04:32:26 PM »

Hi mark.howell,
AvEmUpdate.exe process just caused tcp ip communication not BSOD.
The crash was caused by NETIO!StreamDataPermit+17 which tried to read from memory address 50 (invalid memory).
Would you provide us the memory dump file for analysis ? You attached only text output from windbg analysis
Thank you for response

REDACTED · « **Reply #3 on:** July 20, 2018, 02:03:07 PM »

There was a Memory dump file from the 17th. I attached it as text. This forum won't allow the upload of the actual dump file. I will also continue to investigate what is going on with the netio. If you want the .dmp files email me.

kwiq · « **Reply #4 on:** July 23, 2018, 08:17:25 AM »

There is avast ftp server where you can upload dump files and logs.
So zip the dump file, name it as : mark_howell_BSOD_StreamDataPermit.zip and upload it to ftp://ftp.avast.com/incoming
Thank you

kwiq · « **Reply #5 on:** July 24, 2018, 08:26:05 AM »

Hi mark.howell,
can you try to disable antirootkit module and let us know if it helped?
there is aswArPot+0x150ab on stack but still dump file would be great source of information.

Thank you

STACK_TEXT:
fffff880`08164248 fffff800`0370ed69 : 00000000`0000000a 00000000`00000050 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`08164250 fffff800`0370cb88 : 00000000`00000000 00000000`00000050 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff880`08164390 fffff880`015ab807 : fffffa80`04811cd0 fffff880`015c0358 fffff880`08164758 fffff880`015a13b3 : nt!KiPageFault+0x448
fffff880`08164520 fffff880`015abe2e : 00000000`00000000 fffff880`08164930 fffff880`08164758 fffffa80`04b52510 : NETIO!StreamDataPermit+0x17
fffff880`08164580 fffff880`015acfd6 : 00000000`00000000 fffff880`08164930 fffff880`081646d0 fffff880`08164758 : NETIO!StreamApplyCalloutActionToData+0xfe
fffff880`081645e0 fffff880`015adf81 : fffffa80`04811d80 fffff880`08164930 fffff880`08164720 fffff880`08164d90 : NETIO!StreamCalloutProcessData+0x96
fffff880`08164630 fffff880`015af056 : fffff880`08164720 fffff880`08164d90 fffff880`08164901 fffffa80`04811d80 : NETIO!StreamCalloutProcessingLoop+0xa1
fffff880`081646c0 fffff880`0158fb12 : fffff880`08164930 fffff880`040d6c00 00000000`00000000 fffff880`08160014 : NETIO!StreamProcessCallout+0x1e6
fffff880`081647b0 fffff880`015771d8 : fffffa80`04780014 fffff880`08164e90 fffffa80`05e66148 fffff880`08164d90 : NETIO! ?? ::FNODOBFM::`string'+0x71f2
fffff880`081648e0 fffff880`01578832 : fffff880`08160014 fffff880`08164e90 fffff880`08164f20 00000000`00000000 : NETIO!ArbitrateAndEnforce+0x238
fffff880`081649b0 fffff880`015b22b9 : fffff880`08165160 fffff880`08164e90 fffffa80`00000001 fffff880`08164d90 : NETIO!KfdClassify+0x902
fffff880`08164d20 fffff880`015b2779 : fffffa80`05e660f0 00000000`00000014 00000000`00000000 00000000`00000000 : NETIO!StreamClassify+0x109
fffff880`08164e40 fffff880`015b2ebc : fffffa80`05b86290 fffffa80`03a96db0 fffffa80`063a3500 fffffa80`04820740 : NETIO!StreamCommonInspect+0x249
fffff880`08165120 fffff880`01707e94 : fffffa80`05e660f0 fffffa80`063a35c0 00000000`00000000 00000000`00000014 : NETIO!WfpStreamInspectSend+0x11c
fffff880`081651a0 fffff880`016c1648 : fffff880`081654e0 00000000`00000000 00000000`00004800 fffff880`081654e0 : tcpip!InetInspectSend+0x34
fffff880`081651d0 fffff880`01665c3b : fffff880`081652f8 00000000`00000000 00000000`00000000 fffff8a0`0a628c01 : tcpip! ?? ::FNODOBFM::`string'+0x32f42
fffff880`08165280 fffff800`036c13d9 : fffff8a0`1401f530 00000000`00000000 fffff880`081655e0 fffff880`08165540 : tcpip!TcpTlConnectionSendCalloutRoutine+0x1b
fffff880`081652b0 fffff880`0166695a : fffff880`01665c20 fffff880`081653d0 fffff880`00000000 fffff880`0431c601 : nt!KeExpandKernelStackAndCalloutEx+0x2c9
fffff880`081653a0 fffff880`04336b1b : fffffa80`05c0c5f0 00000000`0038b7cc 00000000`000000ee fffffa80`043557b0 : tcpip!TcpTlConnectionSend+0x7a
fffff880`08165410 fffff880`0431b469 : fffffa80`061982f8 fffff800`03880100 00000000`00000001 00000000`00000000 : afd+0x46b1b
fffff880`081655d0 fffff880`03e800ab : 00000000`000000ee fffff880`0430d2e0 00000000`00000010 fffff880`08165c60 : afd+0x2b469
fffff880`08165940 fffff800`03b1b28e : fffffa80`0516adc0 fffff880`08165c60 00000000`00000000 00000000`00000230 : aswArPot+0x150ab
fffff880`081659c0 fffff800`039adf86 : fffffa80`03b8e060 00000000`00000000 00000000`00000001 00000000`00d25a20 : nt!IopXxxControlFile+0x6be
fffff880`08165b00 fffff800`0370e9d3 : 00000000`00d25a20 00000000`00000000 00000000`00000000 00000000`0000023c : nt!NtDeviceIoControlFile+0x56
fffff880`08165b70 00000000`73d32e09 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`000ae918 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x73d32e09

Author Topic: BSOD daily citing Avast Emergence Update (Read 2088 times)

REDACTED

BSOD daily citing Avast Emergence Update

bob3160

Re: BSOD daily citing Avast Emergence Update

kwiq

Re: BSOD daily citing Avast Emergence Update

REDACTED

Re: BSOD daily citing Avast Emergence Update

kwiq

Re: BSOD daily citing Avast Emergence Update

kwiq

Re: BSOD daily citing Avast Emergence Update