• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1366
  • Last Modified:

Blue Screen Error.....

Hi All,
I m facing a problem regarding the blue screen. I m using windows xp and Symantec AV Endpoint.
Problem this when i connect the USB with the system it appear the following blue screen message.

STOP: 0x0000008E (0xC0000005, 0xF73D149D, 0xF7285748, 0x00000000)
fltmgr.sys - Address F73D149D base at F73BB000, DateStyamp 41107BAD

However when i Disable the AV it's working fine no error appear.Also it in the Cient side and we r using manage AV.

Is anybody solve this probelm ASAP.

0
aliwajdan
Asked:
aliwajdan
  • 11
  • 11
  • 4
  • +2
1 Solution
 
xmachineCommented:
Hi,

Which version of endpoint protection are you running ?

You can know this by opening SEP GUI interface ---> Help & Support ---> About


A Symantec Certified Specialist @ your service
0
 
nobusCommented:
can you post the minidump ?   rename it to ***.txt first
0
 
xmachineCommented:
I need you to do the following:

1) Run eventvwr.msc and look in the System log for recent errors.

2) Since nobus asked for minidump files, this how to configure Windows to create them upon BSOD:

Go to the Control Panel and follow this steps:

System Icon
Advanced Tab
Startup and Recovery -> Settings
Enable Write an Event to the system log
Disable Automatically Restart

Select the following debugging information:
Small memory dump (64 Kb)
Small Dump Directory : %SystemRoot%\Minidump
Confirm all and restart the computer.

3) Plug the USB again, If the explorer crashed again, do the following:

A. Zip all files inside (%SystemRoot%\Minidump) and attach it here
B. Go to eventviewer and save (application) & (system) by right click and choose "Save Event As". Then attach both of them here

0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
aliwajdanAuthor Commented:
I cann't post minidump? and me using Symantec Endpoint 11 version
0
 
xmachineCommented:
I need the complete version number ? 11.0.xxx.xxx

You can know this by opening SEP GUI interface ---> Help & Support ---> About

0
 
aliwajdanAuthor Commented:
Hi xmachine,
Problem still. I attached the files plz see. Can i redo the changes which u suggested.

I m also trying to attach the zip file but it's give following error.
The extension of one or more files in the archive is not in the list of allowed extensions: Dump/Application Log.evt
0
 
xmachineCommented:
1) I still need the complete version number please, because some old versions had bugs that are similar to your case.

opening SEP GUI interface ---> Help & Support ---> About

2) rename .evt file to .txt, then try uploading it again

3) I can't see any attached file
0
 
aliwajdanAuthor Commented:
xmachine sorry i don't understand the
"opening SEP GUI interface ---> Help & Support ---> Abou".
Wht u want to say?

I attach the file.
Dump.zip
0
 
xmachineCommented:
1) Go start > all programs > Symantec Endpoint Protection

2) Select "Symantec Endpoint Protection"

3) On the right side, select "Help & Support"

4) Select "About"

5) What is the written version ? 11.0.xxx.xxx
0
 
aliwajdanAuthor Commented:
Hi xmachine

This is the name and detail of the AV "Symantec Endpoint Protection 11.0"
0
 
aliwajdanAuthor Commented:
This is the name and detail of the AV "Symantec Endpoint Protection 11.0" and Patch is MR4.
0
 
xmachineCommented:
1) Please download and run this tool:

http://www.resplendence.com/whocrashed

http://www.resplendence.com/download/whocrashedSetup.exe

2) Click on Analyze. Once scanning is finished, just copy the results and paste them here. Or take a snapshot and attach it here.
0
 
nobusCommented:
>>   I cann't post minidump?   <<   why not? READ my 1st comment on how to do it !
0
 
aliwajdanAuthor Commented:
hi xmachine

Plz See
following  the result after the analyze


Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\WINDOWS\Minidump

Crash dumps are enabled on your computer.


On Sat 5/16/2009 8:58:32 AM your computer crashed
This was likely caused by the following module: srtsp.sys
Bugcheck code: 0x1000008E (0xC0000005, 0xF73D149D, 0xEE3D1748, 0x0)
Error: KERNEL_MODE_EXCEPTION_NOT_HANDLED_M
file path: C:\WINDOWS\system32\drivers\srtsp.sys
product: AutoProtect
company: Symantec Corporation
description: Symantec AutoProtect



On Fri 5/15/2009 6:26:50 AM your computer crashed
This was likely caused by the following module: srtsp.sys
Bugcheck code: 0x1000008E (0xC0000005, 0xF73D149D, 0xF7285748, 0x0)
Error: KERNEL_MODE_EXCEPTION_NOT_HANDLED_M
file path: C:\WINDOWS\system32\drivers\srtsp.sys
product: AutoProtect
company: Symantec Corporation
description: Symantec AutoProtect




--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

2 crash dumps have been found and analyzed. Note that it's not always possible to state with certainty whether a reported driver is really responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.


0
 
xmachineCommented:
Application control driver that is potentially causing problems. Can you drop to a command prompt and type the following:

sc config sysplant start= disabled

then reboot and try connecting the USB again.
0
 
xmachineCommented:
Try installing the latest patch for SEP on the same computer, and see if you still have the problem:

http://seer.support.veritas.com/downloads/export.asp?ddProduct=54619&file=SEP32_2295To26_clientMSPMSI.exe&source=5&url=/public/english_us_canada/products/symantec_endpoint_protection/11.0/updates/&id=57554

Note: This patch upgrades Symantec Endpoint Protection 11.0 MR4 (11.0.4000.2295) 32-bit Clients to version 11.0 MR4 Maintenence Pack 1a (MR4 MP1a).
0
 
aliwajdanAuthor Commented:
plz tell me can i change the following values normal before restarting

Select the following debugging information:
Small memory dump (64 Kb)
Small Dump Directory : %SystemRoot%\Minidump
Confirm all and restart the computer.
0
 
xmachineCommented:
you can leave them, we may need to get additional dumps
0
 
aliwajdanAuthor Commented:
I've run above symantec patch and also give above command. But problem still persist.
0
 
aliwajdanAuthor Commented:
It's a AV is manage and it's on client side. Mean It has a server.
0
 
xmachineCommented:
Dose this happen to one computer or all ?

if it's only a single case, try re-install SEP again (remove then install)
0
 
John GriffithCommented:

 
Hi -
In your 1st post you told us of a BSOD with a bugcheck = 0x8e (0xc0000005,,) = the kernel threw an exception - a memory access violation.
The interesting thing is that the probable cause was not Symantec, but  the Microsoft filter mgr driver fltmgr.sys, timestamp = 41107BAD = Aug 2004.
I ran the 2 dumps and Symantec was indeed named as the probable cause, but I don't find it to be the actual cause because of these timestamps found -
  • NT Kernel = March 2005
  • DirectX Graphics kernel = August 2004
  • Windows GUI = April 2003
  • Intel Ethernet = March 2003
I believe the BSODs are being caused by a conflict between a brand new 2009 Symantec installation and an XP OS that has had no Windows Updates since 2005.  
Windows Updates need to come in and install.  
Your device drivers need to be uptdated; most appear to be dated 2003-2005 with little exception.  Exactly why there have been no Windows Updates in 4+ years, I cannot say  at this time.
XP Windows Updates
 
Regards. . .
jcgriff2
`

0
 
xmachineCommented:
Thanks jcgriff2 for your input.

@aliwajdan

Can you try updating your windows xp to the latest SP (SP3) and latest patches ?
0
 
gesquivelCommented:
the best way it's install a clean copy of your windows!
because if u have the blue screen u can fix it but then your windows doesn't been repaired 100%.
so i think u will win some time and money formating it.

Gustavo
0
 
John GriffithCommented:
Sorry, but It also could be said that for every problem an XP install could be grounds for a reformat./ re-instsll.
A BSOD does not in any way, shape or form change/ modify the XP OS.  The BSOD sumply occurs in many cases to be softeare related; the rest hardwsre failure.
Please follow the instructions that  provided.
0
 
aliwajdanAuthor Commented:
Hi All,
Thnx 4 all of ur valueable inputs. First i rply to xmachine that it's only appear in one machine.
2nd to jcgriff2 that we also analyze system regarding the solution of xmachine it cleary show the root and cause of this error (check above my post i posted result).
Do u've any other solution except reinstallation.
Also windows updated regularly and i also reinstall the AV.
If it's problem regarding Windows Updation can u tell me the specific update of windows so i can download it manually.

Ur quick prompt will highly appreciated.
thnx
0
 
John GriffithCommented:
Hi -
I can only tell you taht based on the XP OS drivers that I found ion the dumps taht I analyzed years of Windows Updates are not installed in that system.  The NT Kernel w/ 2005 date tells us this.
Run Belarc Advisor & see what it tells you about Windows Updates -  http://www.belarc.com/free_download.html
 I have analyzed 10,000's kernel dumps in the last year and can say with conviction that a root cause cannot be determined until the OS is updated & stabalized.  
My experience is as a Moderator, Microsoft Support, Tech Support Forum * com member #185203 - screen name = jcgriff2        http://www.techsupportforum.com/members/185203.html
0
 
aliwajdanAuthor Commented:
I follow all the instructions which passed by the expert and at last i installed complete windows updates. After this the error which occurred due USB solved.
Thnx
0
 
John GriffithCommented:
Hi - Thank you.  I am glad that your system is back up and running.  I do apologize for the typos - very unlike me to allow content out in that manner.  
jcgriff2
0

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

  • 11
  • 11
  • 4
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now