Question NEED HELP! - Blue Screen - Windows 11

[dreamer9t9]

Hello Everyone,

My Lenevo Legion Laptop was running completely fine till one day, All of sudden - it started crashing and giving Blue Screen again and again, Several Times.
After so many effort and Restoring to a recent Restore point, i figured that my Anti-virus (Bitdefender Total Security 2024) is the reason behind all these Blue Screen.

But the point is, i have been using Latest and Paid, Bit Defender Total Security from Several Years. Then why it started giving Problem, now?

After removing the AV, laptop works fine (used it for few days with No issues). Then i tried to install the same AV Two times, and the moment Installation is complete. BlueScreen problem starts.
Currently running my laptop with NO Antivirus.

I have added all the Minidump Bluescreen file from the moment this problem starts. but the Latest one is: 091524-14765-01 (which came after i tried to re-install the same AV)
https://www.dropbox.com/scl/fo/hiy6...pKSk?rlkey=xr3qrs33hdlvy6yn3hacmgqd3&e=3&dl=0


Please help!
Thanks in advance!
Raj

 

[Lutfij]

But the point is, i have been using Latest and Paid, Bit Defender Total Security from Several Years. Then why it started giving Problem, now?
Could be a driver update or even an update for the OS, it's happened in the past with Microsoft's Windows, with subsequent patches coming to save the day or uninstalling the update.

Using WinDBG, one of your dmp files showed this;

SYMBOL_NAME: nt!ExAllocatePool+f
IMAGE_NAME: Pool_Corruption
IMAGE_VERSION: 10.0.22621.3880
MODULE_NAME: Pool_Corruption
STACK_COMMAND: .cxr 0xffff960048b1e900 ; kb
BUCKET_ID_FUNC_OFFSET: f
FAILURE_BUCKET_ID: AV_nt!ExAllocatePool
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {4ad35413-33de-4960-aabd-0ba252edd39a}
Followup: Pool_corruption

Does this happen when you install the anti-virus?

You might want to see if your laptop is pending a BIOS update and if anything in Device Manager is flagged with a yellow exclamation mark.

 

[dreamer9t9]

But the point is, i have been using Latest and Paid, Bit Defender Total Security from Several Years. Then why it started giving Problem, now?
Could be a driver update or even an update for the OS, it's happened in the past with Microsoft's Windows, with subsequent patches coming to save the day or uninstalling the update.

Using WinDBG, one of your dmp files showed this;


Does this happen when you install the anti-virus?

You might want to see if your laptop is pending a BIOS update and if anything in Device Manager is flagged with a yellow exclamation mark.

Thanks for your reply!

Not sure about the BIOS update.
and There is only ONE thing showing in Yellow (device manager) related with Apple phone Charger. I usually charge my iphone via laptop.

Also, bluescreen doesn't happen while installing AV.
but it starts right after Installation is Complete, When AV starts for the first time automatically after installation complete.

Can you please check the latest dmp named: 091524-14765-01.dmp
Dont know what to do next..

 

[ubuysa]

Four of those dumps appear to be corrupted, there are symbol errors, but one of them points clearly at the problem; the FGUARD64.SYS driver. It's clearly referenced in the lead-up to a SYSTEM_SERVICE_EXCEPTION bugcheck. It appears that the FGUARD64.SYS driver corrupted a memory pool....

....
ffff8006`e9fcf150 :  nt!ExAllocatePool+0xf
ffff8006`e9fcf180 :  FGUARD64+0x69c9
....

That extract from the call stack (which you read from the bottom up, it's a push-down stack) shows a call to fguard64.sys followed by a call to nt!ExAllocatePool to allocates a memory pool. It's that nt!ExAllocatePool function that cauised the BSOD...

FAILURE_BUCKET_ID:  AV_nt!ExAllocatePool

But the root cuase was fguard64.sys passing invalid (or even garbage) data to the allocate pool function.

The FGUARD64.SYS driver is part of the Winability Folder Guard product that allows you extra control over file and folder access. Since removing BitDefender seems to stop these BSODs it's probably a conflict between Folder Guard and BitDefender.

I've never been a fan of third-party security products, they do often cause BSODs, just like this one. There is no need to pay for security these days in any case, Windows Firewall and Windows Defender do an excellent job.

 

[KingLoki]

Try totally disbling windows defender before installing the new AV software and see how that goes. Cheers

 

[dreamer9t9]

Four of those dumps appear to be corrupted, there are symbol errors, but one of them points clearly at the problem; the FGUARD64.SYS driver. It's clearly referenced in the lead-up to a SYSTEM_SERVICE_EXCEPTION bugcheck. It appears that the FGUARD64.SYS driver corrupted a memory pool....

....
ffff8006`e9fcf150 :  nt!ExAllocatePool+0xf
ffff8006`e9fcf180 :  FGUARD64+0x69c9
....

That extract from the call stack (which you read from the bottom up, it's a push-down stack) shows a call to fguard64.sys followed by a call to nt!ExAllocatePool to allocates a memory pool. It's that nt!ExAllocatePool function that cauised the BSOD...

FAILURE_BUCKET_ID:  AV_nt!ExAllocatePool

But the root cuase was fguard64.sys passing invalid (or even garbage) data to the allocate pool function.

The FGUARD64.SYS driver is part of the Winability Folder Guard product that allows you extra control over file and folder access. Since removing BitDefender seems to stop these BSODs it's probably a conflict between Folder Guard and BitDefender.

I've never been a fan of third-party security products, they do often cause BSODs, just like this one. There is no need to pay for security these days in any case, Windows Firewall and Windows Defender do an excellent job.

Hi,
Thanks for the detailed analysys.
But can you please check or confirm, if you have checked this dump file named: 091524-14765-01.dmp
Its the latest one, which after when i tried to install AV again, after a few days.

I just want to be sure before trying to remove Folder Guard and re-installing the AV. because Bluescreen already happened so many times due to this problem.

Please check and confirm.
Thanks

 

[ubuysa]

I'm not at all sure what you're asking me there? The dump appears corrupted because there are no symbols available. I can tell you that in that dump both BitDefender and Folder Guard ARE loaded. If I understand you correctly you are under the impression that BitDefender is not installed in that dump? Well it is, and it's active.

However, in my opinion Folder Guard is most likely to be your problem. The driver in question fguard64.sys is installed and loaded but it's old, dating from 2013...

13: kd> lmDvmFGUARD64
Browse full module list
start             end                 module name
fffff807`ba930000 fffff807`ba945000   FGUARD64   (deferred)             
    Image path: FGUARD64.SYS
  Image name: FGUARD64.SYS
    Browse all global symbols  functions  data  Symbol Reload
    Timestamp:        Tue Aug 27 00:19:29 2013 (521BC661)
    CheckSum:         000183A5
    ImageSize:        00015000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    Information from resource tables:

That predates not only Windows 11, which you're running, (released Oct 2021) but it also predates Windows 10 even (released July 2015)!!!

You're using a tool (Folder Guard) that may not be fully compatible with Windows 11, or even Windows 10. Either that or your running a very very old version. I would uninstall Folder Guard because that's more likely to be the problem - it was flagged in the one readable dump.

TB I would recommend that you dump BitDefender too.