This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Endpoint v10 + Procmon.exe = bsod on Windows 7

winny_uk over 13 years ago

To recreate this problem all I need to do is:-

run procmon.exe from Sysinternals (now Microsoft)

Set the filter to "Category = write", Add

Drop filtered events

Start monitor

After 100+ events I get a blue screen of death.

SYSTEM_SERVICE_EXCEPTION 0x0000003b 00000000`c0000005 fffff880`06c1344c fffff880`0766ce50 00000000`00000000 PROCMON23.SYS PROCMON23.SYS+844c x64 ntoskrnl.exe+7f1c0

I have tried excluding 2 files from the on-access scanning without success, procmon.exe and procmon23.sys (mentioned in the bsod error). Both are portable files so have no fixed install path, is this required?

Has anyone had the same problem, and could you share any workarounds you have put in place?

Many thanks.

This thread was automatically locked due to age.

Parents

0 winny_uk over 13 years ago

Thanks for your help and suggestions Jak.
Killing the "viguard.exe" process before running Procmon with Sophos enabled works correctly every time. Viguard is described as "LANDesk Endpoint Security | LANDesk Host Intrusion Prevention".
I've checked the Landesk forums and cannot find any reference to BSOD in relation to Sophos, so as soon as I hear from their Customer Support I'll provide an update.
Many thanks.
:27629
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 winny_uk over 13 years ago

Thanks for your help and suggestions Jak.
Killing the "viguard.exe" process before running Procmon with Sophos enabled works correctly every time. Viguard is described as "LANDesk Endpoint Security | LANDesk Host Intrusion Prevention".
I've checked the Landesk forums and cannot find any reference to BSOD in relation to Sophos, so as soon as I hear from their Customer Support I'll provide an update.
Many thanks.
:27629
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data