Jump to content
Sign in to follow this  

Blue dump issue windows 2003 server

Recommended Posts


1>we have found out that blue dump issue is coming on windows server 2003 r2, previously installed ks4ws(

2> we have  uninstall  ks4ws(10.1.1746) rebooted the system and installed sp1mr4 remotely still the same issue

3> we have checked and found out esset file security  is there, so we have uninstall  eset file security but the issue remains same.

4> net-worm issue is coming ,so we have run the kvrt tool, block 139 and 445 and install the security updates as well

We have collected the memory dump ,gsi log and events log. Kindly help to resolve the issue.

Kindly access the below link for memory dump & GSI


Thank You

Share this post

Link to post


what is your expertise finding on the logs which I have provided?


Share this post

Link to post


It's working fine without av but after installing av its getting rebooted & BSOD error is coming. It's happening abruptly.


Share this post

Link to post
8 часов назад, garu сказал:


It's working fine without av but after installing av its getting rebooted & BSOD error is coming. It's happening abruptly.



Please describe on what stage the BSOD presists.

What actions can cause it or it happens randomly?

Thank you!

Share this post

Link to post


By the dump it seems like a network stack issue:

FAULTING_MODULE: 80800000 nt


READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPagedPoolEnd
unable to get nt!MmNonPagedPoolStart
unable to get nt!MmSizeOfNonPagedPoolInBytes


b9be6aa0 395e0c          cmp     dword ptr [esi+0Ch],ebx



ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) x86fre

LAST_CONTROL_TRANSFER:  from b9be6aa0 to 8088e730

WARNING: Stack unwind information not available. Following frames may be wrong.
8089c0d0 b9be6aa0 badb0d00 00001eb0 8089c0f8 nt!Kei386EoiHelper+0x27d8
8089c158 b9be6902 460210ac 460210ac 00005ecd tcpip!IPGetAddrType+0x3a62
8089c240 b9be2ffc 8b912bd0 460210ac 5b0210ac tcpip!IPGetAddrType+0x38c4
8089c2a0 b9be1242 00000020 8b912bd0 b9be6770 tcpip!IPRcvComplete+0x1cc1
8089c330 b9be1468 8b912bd0 8b4a202c 000005c8 tcpip!IPRcvPacket+0x27b
8089c370 b9be12fb 00000000 8b8a6718 8b4a200a tcpip!IPRcvComplete+0x12d
8089c3c8 ba8a3208 8b5c3008 8b8a6718 8b579008 tcpip!IPRcvPacket+0x334
8089c41c ba08659e 8b673130 8089c45c 00000001 NDIS!FddiFilterDprIndicateReceive+0x1205
8089c56c ba087471 00579008 8089c59b 8b673130 e1000325+0x59e
8089c590 ba898466 00579008 ffdffa40 8b579470 e1000325+0x1471
8089c5a8 80832cfc 8b579470 8b57945c 00000000 NDIS!NdisCompletePnPEvent+0xee9
8089c600 8088fbdf 00000000 0000000e 00000000 nt!ZwYieldExecution+0x24c8
8089fb40 00000000 8089fb48 8089fb48 8089fb50 nt!KiDispatchInterrupt+0x32f

And in the dump there are KES drivers present, so I'd say it can be related to the dump:

kd> lmvm kneps
start    end        module name
b99e3000 b9a04280   kneps      (deferred)             
    Image path: \SystemRoot\system32\DRIVERS\kneps.sys
    Image name: kneps.sys
    FileVersion: built by: WinDDK
    FileDescription:  KNEPS Power [fre_wxp_x86]
    LegalCopyright:   Copyright © Kaspersky Lab ZAO 1996-2012.

If you have a dump with KSWS 10.1.1 installed, please share it with me - we'll see what is the cause of the issue. By the way, there's a patch for KSWS 10.1.1 already (Core3), there are fixes that could improve the driver stability as well, so maybe it's a good idea to request this patch from our Support Service.

Share this post

Link to post


blue dump issue on win7 sp1

all version tried like - kes10sp2mr3 as well as Kes11

bu the result is same.

Please find the GSI & complete Memory dump. Please help us to resolve the issue.

Download link

1 file
GetSystemInfo_IND-DT-01454_Parina Nagar_2019_05_20_16_06_15.zip


Download link

1 file



Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.