Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 3673 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Windows XP blue screens

RodK

Starting sometime this past Friday our organization has started having multiple Windows XP sp3 workstations running Sophos Endpoint 10 go to blue screen with the wonderfully generic 7E code.  We are pretty new to Sophos within the past few weeks, and I am not blaming Sophos at this point but it is a bit of a coincidence to have so many issues with machines which have all been stable for years.

Has anyone else started having this issue recently?

:36173


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    I can't say I've seen it.  The first thing I would do would be to configure the computer to create a full memory dump.

    To do so:

    1. Right-click the My computer icon and select Properties. 

    2. Go to the Advanced tab, and click Settings under Startup and Recovery.
    3. Select Complete memory dump under Write debugging information.
         If Complete memory dump option is unavailable see the MS article 254649.

    Next time it happens, copy off memory.dmp (location is defined in the dialog above, typically it is: %systemroot%\MEMORY.DMP).

    Maybe try and reproduce it a couple of times to get a couple of dmp files.  This will be good to ensure the computer crashes for the same reason.

    Then I would install WinDbg:

    http://msdn.microsoft.com/en-us/windows/hardware/gg463009.aspx

    Open the crash dump and run:

    !analyze -v

    This command will give you a basic automated analysis of the dump file and give you a suggestion as to which driver/module it suspects has caused the problem.  Based on this, you can then typically look to disable/update the named drivers/module, etc..

    This is worth doing as Support will require the full memory dump as a minimum for such a case.  They will ask you to upload it to their FTP server so having it at hand will speed up the case.

    Feel free to post the output of "!analyze -v" here if you like.

    Hope it helps.

    Regards,

    Jak

    :36175
Reply
  • 0

    Hi,

    I can't say I've seen it.  The first thing I would do would be to configure the computer to create a full memory dump.

    To do so:

    1. Right-click the My computer icon and select Properties. 

    2. Go to the Advanced tab, and click Settings under Startup and Recovery.
    3. Select Complete memory dump under Write debugging information.
         If Complete memory dump option is unavailable see the MS article 254649.

    Next time it happens, copy off memory.dmp (location is defined in the dialog above, typically it is: %systemroot%\MEMORY.DMP).

    Maybe try and reproduce it a couple of times to get a couple of dmp files.  This will be good to ensure the computer crashes for the same reason.

    Then I would install WinDbg:

    http://msdn.microsoft.com/en-us/windows/hardware/gg463009.aspx

    Open the crash dump and run:

    !analyze -v

    This command will give you a basic automated analysis of the dump file and give you a suggestion as to which driver/module it suspects has caused the problem.  Based on this, you can then typically look to disable/update the named drivers/module, etc..

    This is worth doing as Support will require the full memory dump as a minimum for such a case.  They will ask you to upload it to their FTP server so having it at hand will speed up the case.

    Feel free to post the output of "!analyze -v" here if you like.

    Hope it helps.

    Regards,

    Jak

    :36175
Children
No Data