Avc3.sys Causing Blue Screen

Comments

  • Georgia
    Georgia ✭✭✭

    Hello,


    There is no entry belonging to Bitdefender files or to our driver avc3.sys in the minidump. According to the data received from you, the BSOD is not caused by Bitdefender.


    If the blue screen still occurs please send us a diagnostic log and a complete memory dump to run a deeper analysis.


    Probably caused by : Pool_Corruption ( nt!ExFreePool+cb6 )

    Followup: Pool_corruption
    ---------

    2: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    BAD_POOL_HEADER (19)
    The pool is already corrupt at the time of the current request.
    This may or may not be due to the caller.
    The internal pool links must be walked to figure out a possible cause of
    the problem, and then special pool applied to the suspect tags or the driver
    verifier to a suspect driver.
    Arguments:
    Arg1: 0000000000000003, the pool freelist is corrupt.
    Arg2: ffffe0007da4d010, the pool entry being checked.
    Arg3: 0000000000000000, the read back flink freelist value (should be the same as 2).
    Arg4: ffffe0007da4d010, the read back blink freelist value (should be the same as 2).

    Debugging Details:
    ------------------


    DUMP_FILE_ATTRIBUTES: 0x8
      Kernel Generated Triage Dump

    BUGCHECK_STR:  0x19_3

    CUSTOMER_CRASH_COUNT:  1

    DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT

    PROCESS_NAME:  QuiteRSS.exe

    CURRENT_IRQL:  2

    ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre

    LAST_CONTROL_TRANSFER:  from fffff8013410197e to fffff80133fd9c20

    STACK_TEXT:  
    ffffd000`223fc688 fffff801`3410197e : 00000000`00000019 00000000`00000003 ffffe000`7da4d010 00000000`00000000 : nt!KeBugCheckEx
    ffffd000`223fc690 fffff801`33ed9151 : 00000000`00000200 00000000`00001000 00000000`00000001 ffffd000`00000000 : nt!ExFreePool+0xcb6
    ffffd000`223fc770 fffff801`342bb7b0 : 00000000`00000000 ffffe000`7cc23840 ffffe000`20206f49 ffffe000`00000001 : nt!ExAllocatePoolWithQuotaTag+0x61
    ffffd000`223fc800 fffff801`342baa56 : ffffc001`0f7a67a0 00000000`00000860 00000000`00000001 00000000`00000000 : nt!IopXxxControlFile+0xd50
    ffffd000`223fca20 fffff801`33fe4263 : ffffd000`223fcb80 fffff801`3439d3cf ffff58d1`00000001 00000000`0009e728 : nt!NtDeviceIoControlFile+0x56
    ffffd000`223fca90 00000000`77841e52 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
    00000000`0009efd8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77841e52


    STACK_COMMAND:  kb

    FOLLOWUP_IP:
    nt!ExFreePool+cb6
    fffff801`3410197e cc              int     3

    SYMBOL_STACK_INDEX:  1

    SYMBOL_NAME:  nt!ExFreePool+cb6

    FOLLOWUP_NAME:  Pool_corruption

    IMAGE_NAME:  Pool_Corruption

    DEBUG_FLR_IMAGE_TIMESTAMP:  0

    IMAGE_VERSION:  10.0.10240.16384

    MODULE_NAME: Pool_Corruption

    BUCKET_ID_FUNC_OFFSET:  cb6

    FAILURE_BUCKET_ID:  0x19_3_nt!ExFreePool

    BUCKET_ID:  0x19_3_nt!ExFreePool

    ANALYSIS_SOURCE:  KM

    FAILURE_ID_HASH_STRING:  km:0x19_3_nt!exfreepool

    FAILURE_ID_HASH:  {64549bb1-eb15-58f0-046b-157e9134346a}

    Followup: Pool_corruption

  • If I access my hosts file it crashes my computer because I locked Bitdefender out of it. I've had a few crashes related to Bitdefender, especially trying to access files I have restricted it from using security account lockouts.

  • Lionet
    Lionet
    edited November 2015
    If I access my hosts file it crashes my computer because I locked Bitdefender out of it. I've had a few crashes related to Bitdefender, especially trying to access files I have restricted it from using security account lockouts.


    Hi ErrorBus,


    if it could help...


    How to fix BSOD


    and this one:


    How to clean the system


    - Concerning the defraggler, not to be used with a SSD drive.


    Regards,


    L.

  • rdorian
    edited November 2015

    Hi


    I’d like to add to this as I also have issues that I believe could be related to BitDefender. I have BAD POOL HEADER blue screens when opening many tabs at the same time. I can replicate this easily.


    A Windows Driver Verifier session states that “DRIVER VERIFIER DETECTED VOLOLATION (avc3.sys)”.


    Memory dumps potentially indicates the MalwareBytes exe (actual crash is tcpip.sys), however it's believed that BitDefender has violated MalwareBytes memory space based on the above.


    Uninstalling either MalwareBytes or BitDefender stops the issue, but running both generates the BAD POOL HEADER when opening many browser tabs (firefox in this case). This only started under Windows 10, but I’ve been running a MalwareBytes/BitDefender simultaneous install for around 5 years now without issue.


    Can someone from BitDefender comment on why the Driver Verifier thinks that avc3.sys is in violation?


    I’m also progressing this issue with MalwareBytes on the off chance: https://forums.malwarebytes.org/index.php?/...ad-pool-header/

  • Hiya,


    As far as I can remember, Bitdefender have never supported the use of other real time security solutions to be run alongside its AV. Whilst many users do run them together there is always the chance of both real time scans conflicting - as you have found out.


    So, have MBAM as an on demand scanner and leave BD to have full control.


    Ro.

  • rdorian
    edited November 2015

    Hi


    Thanks for the response.


    I knew that running simultaneous solution would be mentioned, and yes I would agree if it was something like Norton or Kaspersky. I would actually prefer MalwareBytes web protection over BitDefender’s but I can switch everything off in BitDefender and it still throws a BAD POOL HEADER BIOS error. MalwareBytes actually verify compatibly with other solutions, BitDefender is one but I'll add that they've not tested 2016 yet.


    The main point I’m really interested in is the Windows 10 Driver Verifier session stating that “DRIVER VERIFIER DETECTED VOLOLATION (avc3.sys)” on start-up. I’ve ran the driver verifier with both installed and only BitDefender, the results were the same.


    Surly that indicates some issue with BitDefender.


    Any comments welcome.

  • Here I chose to keep MBAM running with Real-Time Protection.


    I uninstalled BD 2016 and installed BD 2015.


    So far, no more BSOD's


    When things get stable with the combo BD 2016 + MBAM, I will give a second try on BD 2016.


    PS. @rdorian Actually im tracking (subscribed to) your 2 threads (here and on MBAM forums). Very good job gathering all the information!

  • The main point I’m really interested in is the Windows 10 Driver Verifier session stating that “DRIVER VERIFIER DETECTED VOLOLATION (avc3.sys)” on start-up. I’ve ran the driver verifier with both installed and only BitDefender, the results were the same.


    Surly that indicates some issue with BitDefender.


    Hi,


    Please see my post here: http://forum.bitdefender.com/index.php?sho...mp;#entry247392


    I'm seeing the same problem as you, and I'm also running Malwarebytes (Premium) on both of my Surfii (SP3 and SP4).


    Bitdefender 2015 + Malwarebytes = Works


    Bitdefender 2016 + Malewarebytes = BSOD: BAD_POOL_HEADER or sometimes BAD_POOL_CALLER.


    In my case, running BlueScreenView shows:


    BAD_POOL_HEADER: ntoskrnl.exe+231de5


    Cause: tcpip.sys (the TCP/IP driver)


    I strongly suspect that Bitdefender 2016 has a firewall-related bug that interacts with the TCP/IP driver and causes our BSOD's.

  • About two months ago I began experiencing the same thing (Bad Pool Header). As stated above it seems related to BD not playing nicely with Malware Bytes now for some reason. I'm not sure why it stared acting up and was fine prior to a couple of months ago. Nothing new has been added to the mix and in Malware Bytes is removed all is well. I'm not removing BD so removing MBAM is the option for now or until BD takes a look at this.