Instability Issue - BSOD - atc.sys

Hi,

I am reaching out through the community since it seems obvious that the "support" system is completely useless!

I sent two weeks ago a complete report of the issue with the log, the detail of what was done, .dmp of the crash and the .info file.

However I have never received a response and since I have no backup of that report sent through their platform, could someone from Bitdefender post the information here ? That way, somebody from the community would at least be able to help since it is obvious BitDefender itself do not care.

Or should I simply uninstall BitDefender ? I mean, I cannot deactivate it for security reasons and I cannot let it running due to the instability.

I do hope BitDefender will respond to this message and will actually try to provide support because reinstalling a new security software on all my family devices is quite the hassle.

Regards,

Alexandre

NB: To the community who is actually helping, I am sorry for the rant. The situation is just too outrageous. Especially when I think that I recommended it to the whole company...

Tagged:

Comments

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod

    @Mike_BD, @Alexandru_BD can check on this for you.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Thank you Flexx

  • Hi @AlexVendra and welcome to the Community!

    Without giving up PII, can you please:

    1/ write here the ticket number

    2/ describe as detailed as possible your hardware and software configuration (version of OS, other specific software which do you use)

    3/ did you try a full uninstall/ reinstall?

    4/ describe the behavior of the BSOD (how often, can you link it with CPU/ HDD/ video card load or specific activities)

    We'll do our best to try and help.

    cheers,

    Mike

    Intel Core i7-7700 @ 3.60Ghz, 64GB DDR4 || Gigabyte nVIDIA GeForce® GTX 1070 G1 8GB || WD Blue NAND 500GB + 1TB

  • Hello @AlexVendra

    I'll jump in here as well and do my best to help.

    For Bitdefender crashes and BSOD issues there are some important guidelines you should take into consideration:

    Whenever a Bitdefender process crashes, you should receive a notification error from Bitdefender crash handler with some details about the crash. The most important are:

    • Bitdefender Security Service has crashed
    • Bitdefender Security Center has crashed
    • Bitdefender Agent has crashed

    Most of the times, when you get a BSOD, a minidump is also created in the following location: C:\Windows\Minidump. The engineers would require the latest minidump file from this folder in order to check what caused the BSOD. Therefore, they will usually advise to reboot in Safe Mode and perform a System Restore and make sure you are saving the minidump files from this location in a different location (preferably not on the system drive).

    The most general process crashes that can be encountered are seccenter.exe, bdagent.exe, vsserv.exe, obk.exe, updatesrv.exe, ProductAgentService.exe, bdparentalservice.exe and these will return an error message from Bitdefender crash handler, informing you that one of its processes crashed.

    The usual basic troubleshooting steps in this scenario are to restart the computer and check if the issue persists, to check if the PC meets the recommended system requirements and to check for other security solutions and uninstall them. It must also be established if the RAM or processor are lower than recommended. If these steps do not solve the issue, then this raises a few questions, such as does the error appear continuously or randomly and does the error appear when opening an application, or performing a certain action? If yes, the engineers would require the name of the application in question. This might seem challenging to resolve at first, but with the right amount of information, the engineers can find the root cause and this is where the Support Tool with issue reproduction comes into play. The Bitdefender Support Tool utility is used by the Bitdefender Support Team to diagnose and troubleshoot Bitdefender installation failures or product issues on Windows computers. The tool gathers logs and product usage information, necessary for further investigation.

    Going forward, I could not locate a recent ticket opened for our Support teams using the email address registered on this forum, thus if you can provide us with the case number, I can ask my colleagues to look into it as soon as possible. The most recent ticket I could find is 10 months old.

    I am looking forward to your response.

    Regards,

    Alex

    Premium Security & Bitdefender Endpoint Security Tools user

  • Dear Mike, Dear Alexandru,

    Thank you for taking the time to respond. I unfortunately do not have any ticket. I went through the contact form on the official website and after receiving from the page itself a confirmation that my issue was submitted. I never received any response.

    Concerning the issue itself. I had crashes and instability, mainly when using GPU sensitive software such as games, or 3D modelling. It also happened a few times when going back from a sleep mode.

    Following these issues, I tried to isolate the issue and after some tests on different component, I ended up using "Driver Verifier" from windows to dig out the faulty driver which ended up after 5-6 tests always being atc.sys. After talking with the support team at windows (I explained them everything and sent them the dump file and .info files), we confirmed the issue was coming from BitDefender. Therefore, I uninstalled it completely using the following uninstall tool: https://community.bitdefender.com/en/home/leaving?allowTrusted=1&target=https%3A%2F%2Fwww.bitdefender.com%2Ffiles%2FKnowledgeBase%2Ffile%2FBitdefender_2022_Uninstall_Tool.exe

    After which I run "Driver Verifier" again without any issue for an extended period of time and even tried to push it by launching multiple GPU consuming software without any issue. After around 2 hours without any issue which had not happened since a long time ago, it seemed confirmed that the issue was related to BitDefender.

    Therefore, I tried to reinstall it (a fresh install). Unfortunately, after reinstalling it completely, the issues came back, always seemingly related to the "atc.sys" driver. And then, it is at that point that Microsoft support advised me to contact you. Which I did by sending you the dump file, .info files, "Support log" generated by BitDefender and a full explanation similar to what I did here.

    I guess if you are saying you did not receive anything that I can assume the following form is broken (see attached picture) ?

    Anyway, you will find at the link below the dump files and .info files. For the "Support log", can you confirm me that there are no security risk in publishing it here ? (I do not think the support log is useful since I did not have a crash from Bitdefender but a crash of the computer induced apparently by the "atc.sys" driver from BitDefender) :

    Link : BitDefender issue

    Thank you for the support. It is reassuring to see the reactivity of @Mike_BD and @Alexandru_BD who I suppose are official personnel from the company. If the lack of prior communication was due to an issue with the form, I think I can even apologise for my previous harsh language as long as we work together to identify the root of the issue.

    Regards,

    Alexandre

  • Hello @AlexVendra and thank you for your comprehensive explanation.

    Yes, both me and @Mike_BD are Bitdefender employees and admins on this forum.

    The "atc.sys" driver is indeed related to the Advanced Threat Defense security module and you can find more information about it in the article below:

    My recommendation and one of the first troubleshooting steps to consider would be to temporarily disable ATD and check if the respective programs run as expected afterwards. Bring up Bitdefender and go to Protection -> Advanced Threat Defense -> Settings and toggle the blue switch OFF:

    Re-enable this defense and add the .exe of the software(s) that is crashing as an exception for this module by following the steps described in the following article:

    After doing this, check how the programs behave. If the BSOD still occurs, then it will be necessary for our engineers to have a closer look and obtain additional logs from the device.

    Most probably, there was an issue with the form at that time and I would advise to open a ticket first, describe the issue you are experiencing and then our engineers will provide further instructions on how to upload the logs for further troubleshooting. The logs cannot be interpreted on the forum, thus it's not required for you to upload them here. The Support teams have the required tools to help and they can also perform a remote session on your device, should that be necessary.

    Head to the link below to get in touch with our engineers by choosing one of the contact methods available here:

    https://www.bitdefender.com/consumer/support/help/

    Regardless of the contact channel of choice, you will be given a ticket number for reference along with further guidance from our engineers.

    Let us know how it goes and once the root cause is identified, kindly share your findings with the community as well, so we may help other users that might encounter this situation in the future.

    Much appreciated and kind regards,

    Alex

    Premium Security & Bitdefender Endpoint Security Tools user

  • AlexVendra
    AlexVendra Mr
    edited April 2023

    Hello @Alexandru_BD,

    Thank you for the detailed response.

    I have run "Driver Verifier" again following the procedure described at the link below after disabling the Advanced Threat Defense security module as you explained and it indeed resolve the BSOD issue. In other words we can indeed put the issue on that module.

    https://answers.microsoft.com/en-us/windows/forum/all/driver-verifier-tracking-down-a-mis-behaving/f5cb4faf-556b-4b6d-95b3-c48669e4c983

    However, I do not know which .exe file to put in exception since I had sporadic issue with different programs and was only able to single out the "atc.sys" driver thanks to the Driver Verifier Manager that as I understand is a software designed to stress out the different drivers in order to find the problematic ones.

    Somebody more savvy than me might be able to take out from the mini dump file and the log event the software which is crashing with Advanced Threat Defense security module.

    As you suggested, I will once again try to reach Bitdefender through the Support form.

    I will try to keep you and the community updated since as you said what we uncover might useful to other people.

    Kind regards,

    Alexandre

    NB: I sent a message through the support form and received an automatic email which did not occur last time. Therefore I indeed met an isolated issue for whatever reason last time. Therefore as promised on my message of the 10th of April, I apologise for my previous outburst. Especially since starting from the point where the communication was established, Support was on point. I think it is important to not only point out issue but also when things are right.

    Ticket number: 1008291837

  • Hello @AlexVendra and thank you for following up.

    No need to apologize, I totally understand something like this can be frustrating and I'm glad to hear that we could pinpoint the culprit at least. I've located your ticket and asked our engineers to get back to you as soon as possible, to help you with those exceptions, as I cannot advise here, unfortunately. But you'll hear from our Support Teams soon, and they will guide you through the next steps.

    Many thanks for keeping us updated on the outcome and I hope the situation is resolved swiftly.

    Regards,

    Alex

    Premium Security & Bitdefender Endpoint Security Tools user

  • Yodaminium
    Yodaminium 32 years experience as IT Server, Desktop, Firewalls, Printers, UPS, you name it I have done it admin, suport, deployments -> all of those things plus routers,switcthes,analogue and digital phone system using old fashioned bix blocks, VoIP routers or a combo of both and I am sure I am forgetting stuff...

    I have landed here after a google search because of ATC.sys, the bit-defender driver. It is on my system. I DO NOT KNOW HOW IT GOT THERE???

    I do not nor have I ever used bit-defender on this PC. I purchased it last January, installed a clean copy of Windows 10 Pro on it and all of my preferred software.

    My preferred antivirus is not bit-defender, it is Vipre, which I have been using for about 10-15 years. I do not allow antivirus "crap" to install itself into my browsers, nor do I ever click on free trial BS either.

    I have ****** blockers in the browser and dozens of block lists on my firewall.

    About 5 days ago I started having weird slowdown issues on my PC.

    Today the lock screens started. Especially while playing games. I have a EVGA 3070ti.

    When this happens my game freezes, VLC freezes (I am playing a movie in it)my central monitor goes black and all windows move to the monitor on the right(I have 3) - so obviously, the video card driver crashes, and I am looking into that also, but while looking at the dumps I found the ATC.SYS driver from bit defender and I thought WTF!! WHO or WHAT put that there?


    I cannot get rid of it because permissions access denied (I can work around that but WTF how did it get there and how can I get it off without booting into safe mode and running pnputils???)

    --------------System INFO--------------------


    PS C:\Windows\system32> systeminfo


    Host Name:               OKMANIGIVEUP

    OS Name:                  Microsoft Windows 10 Pro

    OS Version:               10.0.19045 N/A Build 19045

    OS Manufacturer:          Microsoft Corporation

    OS Configuration:         Standalone Workstation

    OS Build Type:            Multiprocessor Free

    Registered Owner:         yodamin

    Registered Organization:

    Product ID:               

    Original Install Date:    2023-01-08, 7:32:20 AM

    System Boot Time:         2023-05-30, 7:00:58 PM

    System Manufacturer:      ASRock

    System Model:             Z790 PG Lightning

    System Type:              x64-based PC

    Processor(s):             1 Processor(s) Installed.

                              [01]: Intel64 Family 6 Model 183 Stepping 1 GenuineIntel ~3000 Mhz

    BIOS Version:             American Megatrends International, LLC. 5.01, 2023-01-09

    Windows Directory:        C:\Windows

    System Directory:         C:\Windows\system32

    Boot Device:              \Device\HarddiskVolume6

    System Locale:            en-us;English (United States)

    Input Locale:             en-us;English (United States)

    Time Zone:                (UTC-05:00) Eastern Time (US & Canada)

    Total Physical Memory:    32,522 MB

    Available Physical Memory: 25,583 MB

    Virtual Memory: Max Size: 37,386 MB

    Virtual Memory: Available: 27,752 MB

    Virtual Memory: In Use:   9,634 MB

    Page File Location(s):    C:\pagefile.sys

    Domain:                   WORKGROUP

    Logon Server:             \\OKMANIGIVEUP

    Hotfix(s):                N/A

    Network Card(s):          2 NIC(s) Installed.

                              [01]: Realtek Gaming 2.5GbE Family Controller

                                    Connection Name: LAN

                                    DHCP Enabled:   No

                                    IP address(es)

                                    [01]:


                              [02]: Private Internet Access Network Adapter

                                    Connection Name: VPN

                                    Status:         Media disconnected

    Hyper-V Requirements:     VM Monitor Mode Extensions: Yes

                              Virtualization Enabled In Firmware: Yes

                              Second Level Address Translation: Yes

                              Data Execution Prevention Available: Yes

    PS C:\Windows\system32>

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod
    edited June 2023

    Since vipre antimalware uses signature based engine of bitdefender to detect and remove malware, the chances are that is why atc.sys was found on your system. You need to contact vipre support (https://vipre.com/support/) for this.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Steck1108
    Steck1108 Defender of the month

    thank you for your help.

    "Regarding this case, I was looking at it as a third party, I apologize for any misunderstandings or misunderstandings, Regarding the specified executable file "atc.sys", a similar executable file is included in Lavasoft's security tool, and since there is a mechanism for each security check, Have you ever installed and operated Lavasoft's "Adaware Antivirus" software? At that time, remnants of previous security tools remained, There is a possibility that the problem was exposed because of that.

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod
    edited June 2023

    Lavasoft adaware antivirus also uses bitdefender signature based engine. Some other antimalware which are not included in above image that uses bitdefender engine are iobit malware fighter, quick heal total security, emsisoft antimalware, hitman pro etc

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • @Yodaminium so, basically you've been using a Bitdefender engine for the past 10-15 years 😄

    Premium Security & Bitdefender Endpoint Security Tools user

  • Hi Everyone, I'm having the same issue.

    ATC.sys causing a BSOD when running driver verifier in Windows 11.

    This was a fresh install on a brand new PC and NVME.

    Any news on a fix? I will come update my post if disabling the switch solves the issue.

  • I am having the same issue. It came up out of the blue on a 3 year old win 10 PC which has been running bitdefender for many months.

    I don't get a BSOD, but rather my PC locks up in the middle of the night, every night. Basically a BSOD which keeps a frozen screen. Windows Event Viewer says it's a hardware error and verifier tags ATC.SYS.

    If so many people are having this issue, what's the answer?

  • garioch7
    garioch7 Defender of the month ✭✭✭✭✭

    @jltskfl ,

    Welcome to the Bitdefender Forums.

    If so many people are having this issue, what's the answer?

    The fact is that this topic is six months old, and there were only three users complaining. Since the topic has been dormant, Bitdefender Support was probably able to resolve the issue with their particular computers.

    Your best course of action is to contact Bitdefender Consumer Support.

    Chat is the fastest way to reach them. Telephone support is not toll-free. You also have an email option.

    Good luck, and please keep us posted. Have a great day.

    Regards,

    Phil

    Former Bleeping Computer Malware Response Instructor

  • jltskfl
    edited March 25

    Three users.... in this thread. You're not counting the numerous other threads that mention ATC.SYS issues and even more on the general internet. And this probably statistically represents a tiny portion of the total number of users experiencing the issue.

    That being said, tech support according to other older threads seems to want the user to spend three hours performing a large number of operations on the PC including emailing numerous log files and waiting for responses, etc. I own an engineering business and it's far easier to just uninstall and run Kaspersky as I don't have time to waste days on this. It's already been several hours of troubleshooting to get this far. And I'm not thrilled with some of their actions. For instance, their 'removal tool', which should aggressively remove all possibly corrupt traces of the software from the PC is leaving files everywhere on the drive and also entries in the registry. When I run it it seems to simply look and see if someone has simply uninstalled it already and if so, just instantaneously gives a message that it's complete.

    Enough time has passed with other instances that hopefully Bitdefender technicians have had the time to possibly find a common cause, which is why I also asked here in the first place. This is the forum to receive that information so that all users can have access to it.

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Just to follow up, I am simultaneously pursuing this with BD support. I created a log file with their tool that will hopefully have logs they need as I'm not reinstalling for troubleshooting. I'll follow up again if I ever get a resolution.

  • camarie
    camarie Principal Software Developer BD Staff

    Asked again the guys integrating atc.sys. As soon as I have news will follow up. Most likely the issue is already known to the team developing the driver, but I would like to have them confirmed as well.