AdGuard 6.0.188.974 & Windows 10 - daily Bugcheck 0x000000d1

AnthonyB

Beta Tester
AdGuard 6.0.188.974 & Windows 10 Build 11082
Am getting daily Bugcheck 0x000000d1 errors causing machine to reboot.
No 3rd party AV running - just Windows Defender.
Not using Stealth Mode.
WFP and HTTPS filtering both enabled.

I have a process exclusion for Adguard.exe as I recall in the pre-release forums there was a noted issue with AG and Windows Defender and the exclusion may reduce instances of issue?

Is there anything else here that can be done?
 

Blaz

Moderator & Translator
Staff member
Moderator
Can you please attach/post minidump file (c:\windows\minidump), thank you.
 

AnthonyB

Beta Tester
Thanks for the analysis!

I can confirm that in this case (and probably many others) it is NOT malware.

ASUS supply it with motherboard utilities software in a piece of software called "Network iControl" which is part of their AISuite II Bundle (https://www.asus.com/us/support/faq/1012151/)

I'll remove that component and see how things go!
 

avatar

Administrator
Staff member
Administrator
Thank you for the clarification!

If this is a legitimate driver, please save the full memory dump, it may be useful for fixing the issue.
 

AnthonyB

Beta Tester
So, I uninstalled ASUS Network iControl and unsurprisingly, the driver binaries were left behind by the uninstaller (ASUS can't write decent software to save themselves..) so I also renamed the C:\Windows\system32\drivers\ndisrd.sys file to ndisrd.sys.bak and then rebooted. I then verified that Windows didn't restore a copy of the binary so I'm pretty sure that driver should no longer be loaded anywhere.

I had another 0xD1 bugcheck within 24 hours.
The bugcheck was: 0x000000d1 (0x0000000000000008, 0x0000000000000002, 0x0000000000000000, 0xfffff8010a160de8).

Minidump here
Full Memory dump here if required
 

AnthonyB

Beta Tester
..and today's bugcheck.
The bugcheck was: 0x000000d1 (0x0000000000000008, 0x0000000000000002, 0x0000000000000000, 0xfffff80075150de8).

Minidump here
Full memory dump if required here
 

avatar

Administrator
Staff member
Administrator
I am here again, let me check the dumps.

---------- Post added at 06:14 PM ---------- Previous post was at 06:01 PM ----------

And now the driver responsible for this is e1c64x64.sys, an intel driver.

Here is a similar issue with RealTek:
https://github.com/AdguardTeam/AdguardForWindows/issues/825

This all started after we have added a packet filter to WFP driver (to handle Windows Defender double-FIN-packet issue).

Until we handle this issue you can switch to TDI driver.
 

AnthonyB

Beta Tester
Thanks. I guess I suspected that this was still due to the kludge for Windows Defender so it's good to have it validated.
Can't switch from WFP back to TDI as I lose filtering on me preferred browser, Edge.
 

avatar

Administrator
Staff member
Administrator
Yes, am on one the Windows Insider beta build rings and therefore understand that that could bring additional unknowns :)

Appreciate that the 'public' current build is 1511 (10586.104) (http://windows.microsoft.com/en-us/windows-10/update-history-windows-10)
I am on Insider build also and there are no issues. I suppose the problem is in drivers compatibility, not in the windows version.

As a temporary workaround we could disable packet filter when we detect one of the specified drivers, but we'd better do some research before.
 
Top