VMWare guest BSODs with a driver related stop code after installing or updating KES [KES for Windows]
Entry posted by svc_kms in Known Problem
4 views
Description
VMWare guest using Kaspersky products hanging or crashing due to driver conflicts between drivers used by VMWare NSX (vnetWFP.sys, previously vnetflt.sys) and Network Threat Protection component.
This problem is known to happen with following versions of KES and VMware Tools:
- KES 11.6 with VMWare Tools 10.0.9
- KES 11.6 and 11.7 with VMWare Tools 11.3.5
- KES 12 with VMWare Tools 10.1.7
Troubleshooting steps
-
Update VMWare Tools
Sometimes there may be a bug in the driver built into VMWare Tools, and ESXi updates its images only through manually installed patches, and it compares installed version only to the version in it's storage, so even if ESXi says that the VM has current version of VMWare Tools, it may actually be outdated. Because of that, a new VM may run with outdated drivers.
ESXi and VMWare Tools compatibility matrix: https://interopmatrix.vmware.com/Interoperability?col=1,&row=39,&isHidePatch=true&isHideGenSupported=false&isHideTechSupported=false&isHideCompatible=false&isHideNTCompatible=false&isHideIncompatible=false&isHideNotSupported=true&isCollection=false
Latest supported VMWare Tools version for ESXi 6.5 and 6.7: https://packages.vmware.com/tools/releases/12.1.5/windows/
VMWare Tools for ESXi 7.0 and newer: https://packages.vmware.com/tools/releases/latest/windows/ -
If that did not help, uninstall NSX Network Introspection drivers of VMWare Tools: https://kb.vmware.com/s/article/2149764
This is the driver that is causing the conflict on VMWare's side, therefore removing it will resolve the conflict and should resolve the issue.
Next solution is temporary and should not be used in production for extended periods of time.
Disable Network Threat Protection in KES settings or in the policy, if it's controlled by KSC.
Network Threat Protection is using klwfp.sys driver, and that driver is causing the conflict with vnetWFP.sys. With that component turned off, the driver loads on startup, but doesn't do anything, avoiding conflict with vnetWFP in most cases.
Open KES Window -> Settings -> Network Threat Protection -> switch Network Threat Protection off
Open KES policy properties -> Essential Threat Protection -> Network Threat Protection -> Uncheck Network Threat Protection checkbox
|
If nothing helps, submit the case to the Kaspersky support with traces, GSI report including Windows event logs and a full memory dump.
|
Related Information
How to collect KES traces: https://support.kaspersky.com/kes11/diagnostics/14364
How to collect a full memory dump: https://support.kaspersky.com/common/diagnostics/10659
Link to GSI: https://media.kaspersky.com/utilities/ConsumerUtilities/GSI-6.2.2.43.exe
0 Comments
Recommended Comments
There are no comments to display.
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now