Solved

Blue Screen Error.....

Posted on 2009-05-15
29
1,339 Views
Last Modified: 2013-11-22
Hi All,
I m facing a problem regarding the blue screen. I m using windows xp and Symantec AV Endpoint.
Problem this when i connect the USB with the system it appear the following blue screen message.

STOP: 0x0000008E (0xC0000005, 0xF73D149D, 0xF7285748, 0x00000000)
fltmgr.sys - Address F73D149D base at F73BB000, DateStyamp 41107BAD

However when i Disable the AV it's working fine no error appear.Also it in the Cient side and we r using manage AV.

Is anybody solve this probelm ASAP.

0
Comment
Question by:aliwajdan
  • 11
  • 11
  • 4
  • +2
29 Comments
 
LVL 15

Expert Comment

by:xmachine
ID: 24401543
Hi,

Which version of endpoint protection are you running ?

You can know this by opening SEP GUI interface ---> Help & Support ---> About


A Symantec Certified Specialist @ your service
0
 
LVL 91

Expert Comment

by:nobus
ID: 24401576
can you post the minidump ?   rename it to ***.txt first
0
 
LVL 15

Expert Comment

by:xmachine
ID: 24401596
I need you to do the following:

1) Run eventvwr.msc and look in the System log for recent errors.

2) Since nobus asked for minidump files, this how to configure Windows to create them upon BSOD:

Go to the Control Panel and follow this steps:

System Icon
Advanced Tab
Startup and Recovery -> Settings
Enable Write an Event to the system log
Disable Automatically Restart

Select the following debugging information:
Small memory dump (64 Kb)
Small Dump Directory : %SystemRoot%\Minidump
Confirm all and restart the computer.

3) Plug the USB again, If the explorer crashed again, do the following:

A. Zip all files inside (%SystemRoot%\Minidump) and attach it here
B. Go to eventviewer and save (application) & (system) by right click and choose "Save Event As". Then attach both of them here

0
 
LVL 1

Author Comment

by:aliwajdan
ID: 24401603
I cann't post minidump? and me using Symantec Endpoint 11 version
0
 
LVL 15

Expert Comment

by:xmachine
ID: 24401613
I need the complete version number ? 11.0.xxx.xxx

You can know this by opening SEP GUI interface ---> Help & Support ---> About

0
 
LVL 1

Author Comment

by:aliwajdan
ID: 24401663
Hi xmachine,
Problem still. I attached the files plz see. Can i redo the changes which u suggested.

I m also trying to attach the zip file but it's give following error.
The extension of one or more files in the archive is not in the list of allowed extensions: Dump/Application Log.evt
0
 
LVL 15

Expert Comment

by:xmachine
ID: 24401687
1) I still need the complete version number please, because some old versions had bugs that are similar to your case.

opening SEP GUI interface ---> Help & Support ---> About

2) rename .evt file to .txt, then try uploading it again

3) I can't see any attached file
0
 
LVL 1

Author Comment

by:aliwajdan
ID: 24401696
xmachine sorry i don't understand the
"opening SEP GUI interface ---> Help & Support ---> Abou".
Wht u want to say?

I attach the file.
Dump.zip
0
 
LVL 15

Expert Comment

by:xmachine
ID: 24401721
1) Go start > all programs > Symantec Endpoint Protection

2) Select "Symantec Endpoint Protection"

3) On the right side, select "Help & Support"

4) Select "About"

5) What is the written version ? 11.0.xxx.xxx
0
 
LVL 1

Author Comment

by:aliwajdan
ID: 24401731
Hi xmachine

This is the name and detail of the AV "Symantec Endpoint Protection 11.0"
0
 
LVL 1

Author Comment

by:aliwajdan
ID: 24401740
This is the name and detail of the AV "Symantec Endpoint Protection 11.0" and Patch is MR4.
0
 
LVL 15

Expert Comment

by:xmachine
ID: 24401772
1) Please download and run this tool:

http://www.resplendence.com/whocrashed

http://www.resplendence.com/download/whocrashedSetup.exe

2) Click on Analyze. Once scanning is finished, just copy the results and paste them here. Or take a snapshot and attach it here.
0
 
LVL 91

Expert Comment

by:nobus
ID: 24401864
>>   I cann't post minidump?   <<   why not? READ my 1st comment on how to do it !
0
 
LVL 1

Author Comment

by:aliwajdan
ID: 24401939
hi xmachine

Plz See
following  the result after the analyze


Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\WINDOWS\Minidump

Crash dumps are enabled on your computer.


On Sat 5/16/2009 8:58:32 AM your computer crashed
This was likely caused by the following module: srtsp.sys
Bugcheck code: 0x1000008E (0xC0000005, 0xF73D149D, 0xEE3D1748, 0x0)
Error: KERNEL_MODE_EXCEPTION_NOT_HANDLED_M
file path: C:\WINDOWS\system32\drivers\srtsp.sys
product: AutoProtect
company: Symantec Corporation
description: Symantec AutoProtect



On Fri 5/15/2009 6:26:50 AM your computer crashed
This was likely caused by the following module: srtsp.sys
Bugcheck code: 0x1000008E (0xC0000005, 0xF73D149D, 0xF7285748, 0x0)
Error: KERNEL_MODE_EXCEPTION_NOT_HANDLED_M
file path: C:\WINDOWS\system32\drivers\srtsp.sys
product: AutoProtect
company: Symantec Corporation
description: Symantec AutoProtect




--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

2 crash dumps have been found and analyzed. Note that it's not always possible to state with certainty whether a reported driver is really responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.


0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 15

Expert Comment

by:xmachine
ID: 24401971
Application control driver that is potentially causing problems. Can you drop to a command prompt and type the following:

sc config sysplant start= disabled

then reboot and try connecting the USB again.
0
 
LVL 15

Expert Comment

by:xmachine
ID: 24401982
Try installing the latest patch for SEP on the same computer, and see if you still have the problem:

http://seer.support.veritas.com/downloads/export.asp?ddProduct=54619&file=SEP32_2295To26_clientMSPMSI.exe&source=5&url=/public/english_us_canada/products/symantec_endpoint_protection/11.0/updates/&id=57554

Note: This patch upgrades Symantec Endpoint Protection 11.0 MR4 (11.0.4000.2295) 32-bit Clients to version 11.0 MR4 Maintenence Pack 1a (MR4 MP1a).
0
 
LVL 1

Author Comment

by:aliwajdan
ID: 24401983
plz tell me can i change the following values normal before restarting

Select the following debugging information:
Small memory dump (64 Kb)
Small Dump Directory : %SystemRoot%\Minidump
Confirm all and restart the computer.
0
 
LVL 15

Expert Comment

by:xmachine
ID: 24402005
you can leave them, we may need to get additional dumps
0
 
LVL 1

Author Comment

by:aliwajdan
ID: 24402071
I've run above symantec patch and also give above command. But problem still persist.
0
 
LVL 1

Author Comment

by:aliwajdan
ID: 24402072
It's a AV is manage and it's on client side. Mean It has a server.
0
 
LVL 15

Expert Comment

by:xmachine
ID: 24402082
Dose this happen to one computer or all ?

if it's only a single case, try re-install SEP again (remove then install)
0
 
LVL 12

Expert Comment

by:John Griffith
ID: 24402425

 
Hi -
In your 1st post you told us of a BSOD with a bugcheck = 0x8e (0xc0000005,,) = the kernel threw an exception - a memory access violation.
The interesting thing is that the probable cause was not Symantec, but  the Microsoft filter mgr driver fltmgr.sys, timestamp = 41107BAD = Aug 2004.
I ran the 2 dumps and Symantec was indeed named as the probable cause, but I don't find it to be the actual cause because of these timestamps found -
  • NT Kernel = March 2005
  • DirectX Graphics kernel = August 2004
  • Windows GUI = April 2003
  • Intel Ethernet = March 2003
I believe the BSODs are being caused by a conflict between a brand new 2009 Symantec installation and an XP OS that has had no Windows Updates since 2005.  
Windows Updates need to come in and install.  
Your device drivers need to be uptdated; most appear to be dated 2003-2005 with little exception.  Exactly why there have been no Windows Updates in 4+ years, I cannot say  at this time.
XP Windows Updates
 
Regards. . .
jcgriff2
`

0
 
LVL 15

Expert Comment

by:xmachine
ID: 24402474
Thanks jcgriff2 for your input.

@aliwajdan

Can you try updating your windows xp to the latest SP (SP3) and latest patches ?
0
 
LVL 1

Expert Comment

by:gesquivel
ID: 24403302
the best way it's install a clean copy of your windows!
because if u have the blue screen u can fix it but then your windows doesn't been repaired 100%.
so i think u will win some time and money formating it.

Gustavo
0
 
LVL 12

Expert Comment

by:John Griffith
ID: 24404440
Sorry, but It also could be said that for every problem an XP install could be grounds for a reformat./ re-instsll.
A BSOD does not in any way, shape or form change/ modify the XP OS.  The BSOD sumply occurs in many cases to be softeare related; the rest hardwsre failure.
Please follow the instructions that  provided.
0
 
LVL 1

Author Comment

by:aliwajdan
ID: 24408964
Hi All,
Thnx 4 all of ur valueable inputs. First i rply to xmachine that it's only appear in one machine.
2nd to jcgriff2 that we also analyze system regarding the solution of xmachine it cleary show the root and cause of this error (check above my post i posted result).
Do u've any other solution except reinstallation.
Also windows updated regularly and i also reinstall the AV.
If it's problem regarding Windows Updation can u tell me the specific update of windows so i can download it manually.

Ur quick prompt will highly appreciated.
thnx
0
 
LVL 12

Accepted Solution

by:
John Griffith earned 50 total points
ID: 24409691
Hi -
I can only tell you taht based on the XP OS drivers that I found ion the dumps taht I analyzed years of Windows Updates are not installed in that system.  The NT Kernel w/ 2005 date tells us this.
Run Belarc Advisor & see what it tells you about Windows Updates -  http://www.belarc.com/free_download.html
 I have analyzed 10,000's kernel dumps in the last year and can say with conviction that a root cause cannot be determined until the OS is updated & stabalized.  
My experience is as a Moderator, Microsoft Support, Tech Support Forum * com member #185203 - screen name = jcgriff2        http://www.techsupportforum.com/members/185203.html
0
 
LVL 1

Author Closing Comment

by:aliwajdan
ID: 31582179
I follow all the instructions which passed by the expert and at last i installed complete windows updates. After this the error which occurred due USB solved.
Thnx
0
 
LVL 12

Expert Comment

by:John Griffith
ID: 24620301
Hi - Thank you.  I am glad that your system is back up and running.  I do apologize for the typos - very unlike me to allow content out in that manner.  
jcgriff2
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now