Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 1 subscriber
  • Views 7946 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Endpoint v10 + Procmon.exe = bsod on Windows 7

winny_uk

To recreate this problem all I need to do is:-

run procmon.exe from Sysinternals (now Microsoft)

Set the filter to "Category = write", Add

Drop filtered events

Start monitor

After 100+ events I get a blue screen of death.

SYSTEM_SERVICE_EXCEPTION 0x0000003b 00000000`c0000005 fffff880`06c1344c fffff880`0766ce50 00000000`00000000 PROCMON23.SYS PROCMON23.SYS+844c     x64 ntoskrnl.exe+7f1c0     

I have tried excluding 2 files from the on-access scanning without success, procmon.exe and procmon23.sys (mentioned in the bsod error). Both are portable files so have no fixed install path, is this required?

Has anyone had the same problem, and could you share any workarounds you have put in place?

Many thanks.

:27091


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    Good to know.  I thought it must be the case as I think over the years I've run just about every version of ProcMon with every version of SAV without an issue.

    Out of interest, if you just kill the process: ViGUARD.exe but leave the Landesk Client software installed with Sophos does it work?  It may well be that there is a driver the ViGUARD.exe process interacts with but it would be nice to know exactly where the conflict lies.

    I did a quick Google for Viguard.exe as I don't have the Landesk software and I see that, the ViGUARD.exe process is started from the Run key.

    HKLM\..\Run: [ViGUARD] "C:\Program Files\ViGUARD\ViGUARD.EXE" /STARTUP 

    so you could re-launch it with  /STARTUP I suppose.

    Regards,

    Jak

    :27625
Reply
  • 0

    Hi,

    Good to know.  I thought it must be the case as I think over the years I've run just about every version of ProcMon with every version of SAV without an issue.

    Out of interest, if you just kill the process: ViGUARD.exe but leave the Landesk Client software installed with Sophos does it work?  It may well be that there is a driver the ViGUARD.exe process interacts with but it would be nice to know exactly where the conflict lies.

    I did a quick Google for Viguard.exe as I don't have the Landesk software and I see that, the ViGUARD.exe process is started from the Run key.

    HKLM\..\Run: [ViGUARD] "C:\Program Files\ViGUARD\ViGUARD.EXE" /STARTUP 

    so you could re-launch it with  /STARTUP I suppose.

    Regards,

    Jak

    :27625
Children
No Data